/// <summary>
        ///     Verify the signature of the manifest
        /// </summary>
        public ManifestSignatureInformation VerifySignature(X509RevocationFlag revocationFlag,
                                                            X509RevocationMode revocationMode)
        {
            XmlElement signatureNode = m_manifestXml.SelectSingleNode("//ds:Signature", m_namespaceManager) as XmlElement;

            if (signatureNode == null)
            {
                return(new ManifestSignatureInformation(m_manifest, null, null));
            }

            LoadXml(signatureNode);

            StrongNameSignatureInformation strongName = VerifyStrongNameSignature(signatureNode);

            // Since the Authenticode signature is wrapped in the strong name signature, we do not want to
            // give a valid AuthenticodeSignatureInformation object for an Authenticode signature which is
            // contained within a strong name signature with an invalid hash value.
            AuthenticodeSignatureInformation authenticode = null;

            if (strongName.VerificationResult != SignatureVerificationResult.BadDigest)
            {
                authenticode = VerifyAuthenticodeSignature(signatureNode, revocationFlag, revocationMode);
            }
            else
            {
                authenticode = new AuthenticodeSignatureInformation(SignatureVerificationResult.ContainingSignatureInvalid);
            }

            return(new ManifestSignatureInformation(m_manifest, strongName, authenticode));
        }
Exemplo n.º 2
0
        internal ManifestSignatureInformation(ManifestKinds manifest,
                                              StrongNameSignatureInformation strongNameSignature,
                                              AuthenticodeSignatureInformation authenticodeSignature)
        {
            Debug.Assert(manifest == ManifestKinds.Application || manifest == ManifestKinds.Deployment, "Invalid manifest for signature information");

            m_manifest              = manifest;
            m_strongNameSignature   = strongNameSignature;
            m_authenticodeSignature = authenticodeSignature;
        }
Exemplo n.º 3
0
        public ManifestSignatureInformation VerifySignature(X509RevocationFlag revocationFlag, X509RevocationMode revocationMode)
        {
            XmlElement element = this.m_manifestXml.SelectSingleNode("//ds:Signature", this.m_namespaceManager) as XmlElement;

            if (element == null)
            {
                return(new ManifestSignatureInformation(this.m_manifest, null, null));
            }
            base.LoadXml(element);
            StrongNameSignatureInformation   strongNameSignature   = this.VerifyStrongNameSignature(element);
            AuthenticodeSignatureInformation authenticodeSignature = null;

            if (strongNameSignature.VerificationResult != SignatureVerificationResult.BadDigest)
            {
                authenticodeSignature = this.VerifyAuthenticodeSignature(element, revocationFlag, revocationMode);
            }
            else
            {
                authenticodeSignature = new AuthenticodeSignatureInformation(SignatureVerificationResult.ContainingSignatureInvalid);
            }
            return(new ManifestSignatureInformation(this.m_manifest, strongNameSignature, authenticodeSignature));
        }
        private AuthenticodeSignatureInformation VerifyAuthenticodeSignature(XmlElement signatureNode,
                                                                             X509RevocationFlag revocationFlag,
                                                                             X509RevocationMode revocationMode)
        {
            Debug.Assert(signatureNode != null, "signatureNode != null");

            // See if there is an Authenticode signature on the manifest
            XmlElement licenseNode = signatureNode.SelectSingleNode("ds:KeyInfo/msrel:RelData/r:license",
                                                                    m_namespaceManager) as XmlElement;

            if (licenseNode == null)
            {
                return(null);
            }

            // Make sure that the signature is for this manifest
            SignatureVerificationResult identityVerification = VerifyAuthenticodeSignatureIdentity(licenseNode);

            if (identityVerification != SignatureVerificationResult.Valid)
            {
                return(new AuthenticodeSignatureInformation(identityVerification));
            }

            SignatureVerificationResult hashVerification = VerifyAuthenticodeExpectedHash(licenseNode);

            if (hashVerification != SignatureVerificationResult.Valid)
            {
                return(new AuthenticodeSignatureInformation(hashVerification));
            }

            // Verify the signature, extracting information about it
            AuthenticodeSignatureInformation authenticodeSignature = null;

            X509Native.AXL_AUTHENTICODE_SIGNER_INFO signer = new X509Native.AXL_AUTHENTICODE_SIGNER_INFO();
            signer.cbSize = Marshal.SizeOf(typeof(X509Native.AXL_AUTHENTICODE_SIGNER_INFO));

            X509Native.AXL_AUTHENTICODE_TIMESTAMPER_INFO timestamper = new X509Native.AXL_AUTHENTICODE_TIMESTAMPER_INFO();
            timestamper.cbsize = Marshal.SizeOf(typeof(X509Native.AXL_AUTHENTICODE_TIMESTAMPER_INFO));

            RuntimeHelpers.PrepareConstrainedRegions();
            try {
                byte[] licenseXml = Encoding.UTF8.GetBytes(licenseNode.OuterXml);
                X509Native.AxlVerificationFlags verificationFlags = MapRevocationFlags(revocationFlag,
                                                                                       revocationMode);

                unsafe
                {
                    fixed(byte *pLicenseXml = licenseXml)
                    {
                        // Safe since we're verifying the size of this buffer is correct
                        CapiNative.CRYPTOAPI_BLOB xmlBlob = new CapiNative.CRYPTOAPI_BLOB();
                        xmlBlob.cbData = licenseXml.Length;
                        xmlBlob.pbData = new IntPtr(pLicenseXml);

                        int hrVerify = X509Native.UnsafeNativeMethods.CertVerifyAuthenticodeLicense(ref xmlBlob,
                                                                                                    verificationFlags,
                                                                                                    ref signer,
                                                                                                    ref timestamper);

                        if (hrVerify == (int)SignatureVerificationResult.MissingSignature)
                        {
                            return(new AuthenticodeSignatureInformation(SignatureVerificationResult.MissingSignature));
                        }
                    }
                }

                X509Chain signatureChain = BuildSignatureChain(signer,
                                                               licenseNode,
                                                               revocationFlag,
                                                               revocationMode);

                TimestampInformation timestamp = GetTimestampInformation(timestamper,
                                                                         licenseNode);

                authenticodeSignature = new AuthenticodeSignatureInformation(signer,
                                                                             signatureChain,
                                                                             timestamp);
            }
            finally {
                X509Native.UnsafeNativeMethods.CertFreeAuthenticodeSignerInfo(ref signer);
                X509Native.UnsafeNativeMethods.CertFreeAuthenticodeTimestamperInfo(ref timestamper);
            }

            // Verify the signing certificate matches the expected publisher
            Debug.Assert(authenticodeSignature != null, "authenticodeSignature != null");
            if (authenticodeSignature.SigningCertificate == null)
            {
                return(new AuthenticodeSignatureInformation(authenticodeSignature.VerificationResult));
            }

            SignatureVerificationResult publisherMatch = VerifyAuthenticodePublisher(authenticodeSignature.SigningCertificate);

            if (publisherMatch != SignatureVerificationResult.Valid)
            {
                return(new AuthenticodeSignatureInformation(publisherMatch));
            }

            return(authenticodeSignature);
        }
Exemplo n.º 5
0
 internal ManifestSignatureInformation(ManifestKinds manifest, StrongNameSignatureInformation strongNameSignature, AuthenticodeSignatureInformation authenticodeSignature)
 {
     this.m_manifest              = manifest;
     this.m_strongNameSignature   = strongNameSignature;
     this.m_authenticodeSignature = authenticodeSignature;
 }
Exemplo n.º 6
0
        private unsafe AuthenticodeSignatureInformation VerifyAuthenticodeSignature(XmlElement signatureNode, X509RevocationFlag revocationFlag, X509RevocationMode revocationMode)
        {
            XmlElement licenseNode = signatureNode.SelectSingleNode("ds:KeyInfo/msrel:RelData/r:license", this.m_namespaceManager) as XmlElement;

            if (licenseNode == null)
            {
                return(null);
            }
            SignatureVerificationResult error = this.VerifyAuthenticodeSignatureIdentity(licenseNode);

            if (error != SignatureVerificationResult.Valid)
            {
                return(new AuthenticodeSignatureInformation(error));
            }
            SignatureVerificationResult result2 = this.VerifyAuthenticodeExpectedHash(licenseNode);

            if (result2 != SignatureVerificationResult.Valid)
            {
                return(new AuthenticodeSignatureInformation(result2));
            }
            AuthenticodeSignatureInformation information = null;

            X509Native.AXL_AUTHENTICODE_SIGNER_INFO pSignerInfo = new X509Native.AXL_AUTHENTICODE_SIGNER_INFO {
                cbSize = Marshal.SizeOf(typeof(X509Native.AXL_AUTHENTICODE_SIGNER_INFO))
            };
            X509Native.AXL_AUTHENTICODE_TIMESTAMPER_INFO pTimestamperInfo = new X509Native.AXL_AUTHENTICODE_TIMESTAMPER_INFO {
                cbsize = Marshal.SizeOf(typeof(X509Native.AXL_AUTHENTICODE_TIMESTAMPER_INFO))
            };
            RuntimeHelpers.PrepareConstrainedRegions();
            try
            {
                byte[] bytes = Encoding.UTF8.GetBytes(licenseNode.OuterXml);
                X509Native.AxlVerificationFlags dwFlags = MapRevocationFlags(revocationFlag, revocationMode);
                try
                {
                    fixed(byte *numRef = bytes)
                    {
                        CapiNative.CRYPTOAPI_BLOB pLicenseBlob = new CapiNative.CRYPTOAPI_BLOB {
                            cbData = bytes.Length,
                            pbData = new IntPtr((void *)numRef)
                        };
                        if (X509Native.UnsafeNativeMethods.CertVerifyAuthenticodeLicense(ref pLicenseBlob, dwFlags, ref pSignerInfo, ref pTimestamperInfo) == -2146762496)
                        {
                            return(new AuthenticodeSignatureInformation(SignatureVerificationResult.MissingSignature));
                        }
                    }
                }
                finally
                {
                    numRef = null;
                }
                X509Chain            signatureChain       = this.BuildSignatureChain(pSignerInfo, licenseNode, revocationFlag, revocationMode);
                TimestampInformation timestampInformation = this.GetTimestampInformation(pTimestamperInfo, licenseNode);
                information = new AuthenticodeSignatureInformation(pSignerInfo, signatureChain, timestampInformation);
            }
            finally
            {
                X509Native.UnsafeNativeMethods.CertFreeAuthenticodeSignerInfo(ref pSignerInfo);
                X509Native.UnsafeNativeMethods.CertFreeAuthenticodeTimestamperInfo(ref pTimestamperInfo);
            }
            if (information.SigningCertificate == null)
            {
                return(new AuthenticodeSignatureInformation(information.VerificationResult));
            }
            SignatureVerificationResult result3 = this.VerifyAuthenticodePublisher(information.SigningCertificate);

            if (result3 != SignatureVerificationResult.Valid)
            {
                return(new AuthenticodeSignatureInformation(result3));
            }
            return(information);
        }