private bool VerifySignatureDsa()
{
byte[] signatureBlockBytes = JarUtils.ReadBytes(ArchivePath, SignatureBlockFilePath);
byte[] signatureFileBytes = JarUtils.ReadBytes(ArchivePath, SignatureFilePath);
SHA1Managed sha = new SHA1Managed(); // lgtm [cs/weak-crypto] Hash algorithm specified by signature algorithm
byte[] hash = sha.ComputeHash(signatureFileBytes);
ContentInfo ci = new ContentInfo(signatureFileBytes);
SignedCms cms = new SignedCms(ci, detached: true);
cms.Decode(signatureBlockBytes);
try
{
cms.CheckSignature(verifySignatureOnly: true);
}
catch (CryptographicException ce)
{
JarError.AddError(ce.Message);
return(false);
}
// If there were no exceptions logged then signature verification should be good.
return(true);
}
/// <summary>
/// Verify the signature file, e.g. x.SF using the corresponding signature block, e.g. x.RSA
/// </summary>
/// <returns>True if the verification is successful, false otherwise.</returns>
private bool VerifySignatureRsa()
{
Timestamps.Clear();
byte[] signatureBlockBytes = JarUtils.ReadBytes(ArchivePath, SignatureBlockFilePath);
byte[] signatureFileBytes = JarUtils.ReadBytes(ArchivePath, SignatureFilePath);
SHA256Managed sha = new SHA256Managed();
byte[] hash = sha.ComputeHash(signatureFileBytes);
ContentInfo ci = new ContentInfo(signatureFileBytes);
SignedCms cms = new SignedCms(ci, detached: true);
cms.Decode(signatureBlockBytes);
try
{
cms.CheckSignature(verifySignatureOnly: true);
// See if we can retrieve a timestamp
foreach (SignerInfo signerInfo in cms.SignerInfos)
{
foreach (CryptographicAttributeObject unsignedAttribute in signerInfo.UnsignedAttributes)
{
if (String.Equals(unsignedAttribute.Oid.Value, WinCrypt.szOID_SIGNATURE_TIMESTAMP_ATTRIBUTE, StringComparison.OrdinalIgnoreCase))
{
Pkcs9AttributeObject timestampAttribute = new Pkcs9AttributeObject(unsignedAttribute.Values[0]);
SignedCms timestampCms = new SignedCms();
timestampCms.Decode(timestampAttribute.RawData);
TstInfo timestampToken = TstInfo.Read(timestampCms.ContentInfo.Content);
foreach (SignerInfo timestampSigner in timestampCms.SignerInfos)
{
foreach (CryptographicAttributeObject sa in timestampSigner.SignedAttributes)
{
if (String.Equals(sa.Oid.Value, WinCrypt.szOID_RSA_signingTime, StringComparison.OrdinalIgnoreCase))
{
var signingTime = (Pkcs9SigningTime)sa.Values[0];
X509Certificate2 timestampSignerCert = timestampSigner.Certificate;
Timestamps.Add(new Timestamp
{
SignedOn = signingTime.SigningTime.ToLocalTime(),
EffectiveDate = Convert.ToDateTime(timestampSignerCert.GetEffectiveDateString()).ToLocalTime(),
ExpiryDate = Convert.ToDateTime(timestampSignerCert.GetExpirationDateString()).ToLocalTime(),
SignatureAlgorithm = timestampSignerCert.SignatureAlgorithm.FriendlyName
});
}
}
}
}
}
}
}
catch (CryptographicException ce)
{
JarError.AddError(ce.Message);
return(false);
}
// If there were no exceptions logged then signature verification should be good.
return(true);
}