public virtual void VerifySignature() { // Verify the certificate used to sign the package. var certificate = Certificate; if (!certificate.Verify()) { throw new Exception(Messages.CERTIFICATE_IS_INVALID); } // Get the package signature from the certificate file. FileDigest fileDigest = null; using (Stream stream = new MemoryStream(RawCertificate)) using (StreamReader reader = new StreamReader(stream)) { // The package signature is the digest of the file identified on the first line in the certificate file. fileDigest = new FileDigest(reader.ReadLine()); } // Compare the stored signature to the computed signature. // Do this independently to minimize the number of files opened concurrently. using (Stream stream = new MemoryStream(RawManifest)) { // Verify the signature using the public key. fileDigest.Verify(stream, (RSACryptoServiceProvider)certificate.PublicKey.Key); } }
/// <exception cref="Exception">Thrown when verification fails for any reason</exception>> public void VerifySignature() { using (var certificate = new X509Certificate2(RawCertificate)) { if (!certificate.Verify()) { throw new Exception(Messages.CERTIFICATE_IS_INVALID); } // Get the package signature from the certificate file. // This is the digest of the first file listed in the certificate file, // hence we only need to read the first line FileDigest fileDigest; using (Stream stream = new MemoryStream(RawCertificate)) using (StreamReader reader = new StreamReader(stream)) { fileDigest = new FileDigest(reader.ReadLine()); } // Verify the stored signature against the computed signature using the certificate's public key. // Do this independently to minimize the number of files opened concurrently. using (Stream stream = new MemoryStream(RawManifest)) { if (!StreamUtilities.VerifyAgainstDigest(stream, stream.Length, fileDigest.AlgorithmName, fileDigest.Digest, certificate)) { throw new Exception(string.Format(Messages.SECURITY_SIGNATURE_FAILED, fileDigest.Name)); } } } }
public override void VerifyManifest() { // Verify the presence of a manifest. var manifest = Manifest; int verifiedCount = 0; using (var stream = new TarFileStream(PackageSourceFile)) { // For a tar package, it is more efficient to iterate the files in the order within the archive. while (MoveNext(stream)) { // Find the manifest entry for the current tar entry. FileDigest fileDigest = manifest.Find( delegate(FileDigest aFileDigest) { return(String.Compare(aFileDigest.Name, stream.Current, true) == 0); }); if (fileDigest == null) { continue; } // The manifest entry was found. // Verify its digest. fileDigest.Verify(new MemoryStream(stream.ReadAllBytes())); verifiedCount++; } foreach (var fileDigest in manifest) { if (!fileDigest.WasVerified) { // A manifest entry was missing. XenOvf.Utilities.Log.Error(string.Format(Messages.FILE_MISSING, fileDigest.Name)); } } if (verifiedCount != manifest.Count) { // A manifest entry was missing. throw new Exception(Messages.SECURITY_FILE_MISSING); } } }
public void FileDigestAlgorithmExtraction(TestCase tc) { FileDigest fd = new FileDigest(tc.ToParse); Assert.That(fd.AlgorithmName, Is.EqualTo(tc.AlgorithmString)); }
public void FileDigestNameExtraction(TestCase tc) { FileDigest fd = new FileDigest(tc.ToParse); Assert.That(fd.Name, Is.EqualTo(tc.Name)); }