public void VerifyNulls()
{
Exception ex = Record.Exception(() => PGPSignature.Verify(default(string), null));
Assert.NotNull(ex);
Assert.IsType <PgpDataValidationException>(ex);
}
public void VerifyBadSignature()
{
Exception ex = Record.Exception(() => PGPSignature.Verify(new byte[0], publicKey));
Assert.NotNull(ex);
Assert.IsType <PgpDataValidationException>(ex);
}
/// <summary>
/// Verifies the Digest contained in the specified Manifest using the specified PGP Public Key.
/// </summary>
/// <param name="manifest">The Manifest for which the Digest is to be verified.</param>
/// <param name="publicKey">The PGP Public Key with which to verify the Digest.</param>
/// <exception cref="InvalidDataException">
/// Thrown when an error is encountered verifying the Digest, or when the Manifest contents do not match the verified Digest.
/// </exception>
private void VerifyDigest(PackageManifest manifest, string publicKey)
{
string verifiedDigest = string.Empty;
if (!string.IsNullOrEmpty(manifest.Signature.Digest))
{
Verbose("Verifying the Manifest Digest...");
byte[] digestBytes = Encoding.ASCII.GetBytes(manifest.Signature.Digest);
byte[] verifiedDigestBytes;
try
{
verifiedDigestBytes = PGPSignature.Verify(digestBytes, publicKey);
}
catch (Exception ex)
{
throw new InvalidDataException($"an Exception was thrown while verifying the Digest: {ex.GetType().Name}: {ex.Message}", ex);
}
verifiedDigest = Encoding.ASCII.GetString(verifiedDigestBytes);
// deserialize the verified manifest to work around text formatting differences on various platforms
PackageManifest verifiedManifest;
try
{
verifiedManifest = JsonConvert.DeserializeObject <PackageManifest>(verifiedDigest);
}
catch (Exception ex)
{
throw new InvalidDataException($"an Exception was thrown while deserializing the Digest: {ex.GetType().Name}: {ex.Message}", ex);
}
// remove the digest and trust from the manifest, then serialize it and compare it to the verified digest.
manifest.Signature.Digest = default(string);
manifest.Signature.Trust = default(string);
// if the scrubbed manifest and verified digest don't match, something was tampered with.
if (manifest.ToJson() != verifiedManifest.ToJson())
{
throw new InvalidDataException("the Manifest Digest is not valid; the verified Digest does not match the Manifest.");
}
Verbose("Digest verified successfully.");
}
else
{
throw new InvalidDataException("the Manifest Digest is null or empty.");
}
}
public void VerifyWrongKey()
{
string text = "hello world!";
byte[] signature = GetSignature(text);
Assert.NotNull(signature);
Assert.NotEqual(0, signature.Length);
Exception ex = Record.Exception(() => PGPSignature.Verify(signature, newPublicKey));
Assert.NotNull(ex);
Assert.IsType <PgpDataValidationException>(ex);
}
public void VerifyString()
{
string text = "hello again world!";
string signature = GetSignatureString(text);
Assert.NotNull(signature);
Assert.NotEqual(string.Empty, signature);
byte[] message = PGPSignature.Verify(signature, publicKey);
Assert.NotNull(message);
Assert.NotEqual(0, message.Length);
Assert.Equal(text, Encoding.ASCII.GetString(message));
}
/// <summary>
/// Verifies the Trust contained within the specified Manifest.
/// </summary>
/// <param name="manifest">The Manifest for which the Trust is to be verified.</param>
/// <exception cref="InvalidDataException">
/// Thrown when the Manifest is Trusted but does not contain a Digest, when an error is encountered while verifying the
/// Trust, or when the verified Trust does not match the Manifest's Digest.
/// </exception>
private void VerifyTrust(PackageManifest manifest)
{
string verifiedTrust = string.Empty;
if (manifest.Signature.Trust != string.Empty)
{
Verbose("Verifying the Manifest Trust...");
if (string.IsNullOrEmpty(manifest.Signature.Digest))
{
throw new InvalidDataException("the Manifest is Trusted but it contains no Digest to trust.");
}
byte[] trustBytes = Encoding.ASCII.GetBytes(manifest.Signature.Trust);
byte[] verifiedTrustBytes;
try
{
verifiedTrustBytes = PGPSignature.Verify(trustBytes, TrustPGPPublicKey);
}
catch (Exception ex)
{
throw new InvalidDataException($"an Exception was thrown while verifying the Trust: {ex.GetType().Name}: {ex.Message}");
}
verifiedTrust = Encoding.ASCII.GetString(verifiedTrustBytes);
if (manifest.Signature.Digest != verifiedTrust)
{
throw new InvalidDataException("the Manifest Trust is not valid; the Trusted Digest does not match the Digest in the Manifest.");
}
Verbose("Trust verified successfully.");
}
else
{
throw new InvalidDataException("the Manifest Trust is empty.");
}
}
