/// <summary>
/// Checks if the digital signature of a PE file is valid.
/// Since .Net has not function for it, PInvoke is used to query
/// the native API like here http://geekswithblogs.net/robp/archive/2007/05/04/112250.aspx
/// </summary>
/// <param name="filePath">Path to a PE file.</param>
/// <returns>True if the signature is valid, else false.</returns>
public static bool IsSignatureValid(string filePath)
{
#if NET461
return(SignatureValidation.IsTrusted(filePath));
#else
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows) == false)
{
throw new PlatformNotSupportedException("This features is currently only supported on Windows");
}
return(SignatureValidation.IsTrusted(filePath));
#endif
}
public async Task <IActionResult> VerifyDocument(string uuid)
{
if (string.IsNullOrEmpty(uuid))
{
return(NotFound());
}
var document = await DBContext.Document
.SingleOrDefaultAsync(m => m.Uuid == uuid);
if (document == null)
{
return(NotFound());
}
var certificates = await DBContext.Certificate.ToListAsync();
var signatureValidations = new List <SignatureValidation> ();
foreach (var certificate in certificates)
{
var x509certificate = TrustManager.LoadX509Certificate(
certificate.Uuid,
CertificateType.ReviewerCertificate);
SignatureValidation result = SignatureManager.VerifySignature(x509certificate, FileManager.DocumentRoot + "/" + document.Uuid);
if (result != null)
{
result.SignatureName = certificate.ReviewerName;
result.Certificate = certificate;
if (certificate.Revoked == true && result.SignatureDate > certificate.RevokeDate)
{
result.SignatureRevoked = true;
}
else if (certificate.Revoked != true && result.SignatureDate > certificate.ExpireDate)
{
result.SignatureExpired = true;
}
signatureValidations.Add(result);
}
}
DBContext.Document.Remove(document);
DBContext.SaveChanges();
return(View("DocumentResult", signatureValidations));
}
private void ValidateXmlSignature(SignatureValidation documentValidationResult)
{
var assertionElement = GetAssertionElement();
if (assertionElement == null)
{
if (documentValidationResult != SignatureValidation.Valid)
{
throw new InvalidSignatureException("Signature is invalid.");
}
}
else
{
var assertionValidationResult = ValidateXmlSignature(assertionElement);
if (documentValidationResult == SignatureValidation.Invalid || assertionValidationResult == SignatureValidation.Invalid ||
!(documentValidationResult == SignatureValidation.Valid || assertionValidationResult == SignatureValidation.Valid))
{
throw new InvalidSignatureException("Signature is invalid.");
}
}
}
public static SignatureValidation VerifySignature(X509Certificate certificate, string input)
{
PdfReader reader = new PdfReader(input);
AcroFields fields = reader.AcroFields;
ArrayList signatureNames = fields.GetSignatureNames();
if (signatureNames.Count == 0)
{
return(null);
}
SignatureValidation result = null;
foreach (string signatureName in signatureNames)
{
PdfPKCS7 pkcs7 = fields.VerifySignature(signatureName);
if (certificate.SerialNumber.CompareTo(pkcs7.SigningCertificate.SerialNumber) == 0)
{
byte[] b1 = certificate.GetSignature();
byte[] b2 = pkcs7.SigningCertificate.GetSignature();
if (b1.SequenceEqual(b2))
{
result = new SignatureValidation();
result.SignatureDate = pkcs7.SignDate;
result.SignatureName = pkcs7.SignName;
result.Reason = pkcs7.Reason;
result.Location = pkcs7.Location;
result.SignatureCoversWholeDocument = fields.SignatureCoversWholeDocument(signatureName);
result.Verified = pkcs7.Verify();
result.CertificateValid = true;
return(result);
}
}
}
return(null);
}
/// <summary>
/// Checks if the digital signature of a PE file is valid.
/// Since .Net has not function for it, PInvoke is used to query
/// the native API like here http://geekswithblogs.net/robp/archive/2007/05/04/112250.aspx
/// </summary>
/// <param name="filePath">Path to a PE file.</param>
/// <returns>True if the signature is valid, else false.</returns>
public static bool IsSignatureValid(string filePath)
{
return(SignatureValidation.IsTrusted(filePath));
}