public virtual void VerifySignature()
{
// Verify the certificate used to sign the package.
var certificate = Certificate;
if (!certificate.Verify())
{
throw new Exception(Messages.CERTIFICATE_IS_INVALID);
}
// Get the package signature from the certificate file.
FileDigest fileDigest = null;
using (Stream stream = new MemoryStream(RawCertificate))
using (StreamReader reader = new StreamReader(stream))
{
// The package signature is the digest of the file identified on the first line in the certificate file.
fileDigest = new FileDigest(reader.ReadLine());
}
// Compare the stored signature to the computed signature.
// Do this independently to minimize the number of files opened concurrently.
using (Stream stream = new MemoryStream(RawManifest))
{
// Verify the signature using the public key.
fileDigest.Verify(stream, (RSACryptoServiceProvider)certificate.PublicKey.Key);
}
}
/// <exception cref="Exception">Thrown when verification fails for any reason</exception>>
public void VerifySignature()
{
using (var certificate = new X509Certificate2(RawCertificate))
{
if (!certificate.Verify())
{
throw new Exception(Messages.CERTIFICATE_IS_INVALID);
}
// Get the package signature from the certificate file.
// This is the digest of the first file listed in the certificate file,
// hence we only need to read the first line
FileDigest fileDigest;
using (Stream stream = new MemoryStream(RawCertificate))
using (StreamReader reader = new StreamReader(stream))
{
fileDigest = new FileDigest(reader.ReadLine());
}
// Verify the stored signature against the computed signature using the certificate's public key.
// Do this independently to minimize the number of files opened concurrently.
using (Stream stream = new MemoryStream(RawManifest))
{
if (!StreamUtilities.VerifyAgainstDigest(stream, stream.Length, fileDigest.AlgorithmName, fileDigest.Digest, certificate))
{
throw new Exception(string.Format(Messages.SECURITY_SIGNATURE_FAILED, fileDigest.Name));
}
}
}
}
public override void VerifyManifest()
{
// Verify the presence of a manifest.
var manifest = Manifest;
int verifiedCount = 0;
using (var stream = new TarFileStream(PackageSourceFile))
{
// For a tar package, it is more efficient to iterate the files in the order within the archive.
while (MoveNext(stream))
{
// Find the manifest entry for the current tar entry.
FileDigest fileDigest = manifest.Find(
delegate(FileDigest aFileDigest)
{
return(String.Compare(aFileDigest.Name, stream.Current, true) == 0);
});
if (fileDigest == null)
{
continue;
}
// The manifest entry was found.
// Verify its digest.
fileDigest.Verify(new MemoryStream(stream.ReadAllBytes()));
verifiedCount++;
}
foreach (var fileDigest in manifest)
{
if (!fileDigest.WasVerified)
{
// A manifest entry was missing.
XenOvf.Utilities.Log.Error(string.Format(Messages.FILE_MISSING, fileDigest.Name));
}
}
if (verifiedCount != manifest.Count)
{
// A manifest entry was missing.
throw new Exception(Messages.SECURITY_FILE_MISSING);
}
}
}
public virtual void VerifySignature()
{
// Verify the certificate used to sign the package.
var certificate = Certificate;
if (!certificate.Verify())
{
throw new Exception(Messages.CERTIFICATE_IS_INVALID);
}
// Get the package signature from the certificate file.
FileDigest fileDigest = null;
using (Stream stream = new MemoryStream(RawCertificate))
using (StreamReader reader = new StreamReader(stream))
{
// The package signature is the digest of the file identified on the first line in the certificate file.
fileDigest = new FileDigest(reader.ReadLine());
}
// Compare the stored signature to the computed signature.
// Do this independently to minimize the number of files opened concurrently.
using (Stream stream = new MemoryStream(RawManifest))
{
// Verify the signature using the public key.
fileDigest.Verify(stream, (RSACryptoServiceProvider)certificate.PublicKey.Key);
}
}
public void FileDigestAlgorithmExtraction(TestCase tc)
{
FileDigest fd = new FileDigest(tc.ToParse);
Assert.That(fd.AlgorithmName, Is.EqualTo(tc.AlgorithmString));
}
public void FileDigestNameExtraction(TestCase tc)
{
FileDigest fd = new FileDigest(tc.ToParse);
Assert.That(fd.Name, Is.EqualTo(tc.Name));
}
