internal static bool VerifyHash(string fileFullPath, PackageJson package, PackageSourceListRequest request)
{
//skip in case the skip switch is specified
if (request.SkipHashValidation.Value)
{
request.Verbose(Resources.Messages.SkipHashValidation);
return(true);
}
PackageHash packageHash = package.Hash;
if (packageHash == null || string.IsNullOrWhiteSpace(packageHash.algorithm) || string.IsNullOrWhiteSpace(packageHash.hashCode))
{
request.WriteError(ErrorCategory.InvalidArgument, Constants.ProviderName, Resources.Messages.HashNotSpecified, package.Name);
return(false);
}
try
{
string hashAlgorithm = packageHash.algorithm.ToLowerInvariant();
if (!("sha256".Equals(hashAlgorithm) || "md5".Equals(hashAlgorithm) || "sha512".Equals(hashAlgorithm)))
{
request.WriteError(ErrorCategory.InvalidArgument, Constants.ProviderName, Resources.Messages.InvalidHashAlgorithm, packageHash.algorithm);
return(false);
}
// compute the hash
string computedHash = ComputeHash(fileFullPath, hashAlgorithm, request);
if (computedHash == null)
{
request.WriteError(ErrorCategory.InvalidOperation, Constants.ProviderName, Resources.Messages.HashVerificationFailed, package.Name, package.Source);
return(false);
}
// hash from json
string hashFromJSON = package.Hash.hashCode;
//compare computed hash with hash from json
if (!hashFromJSON.Equals(computedHash))
{
request.WriteError(ErrorCategory.InvalidOperation, Constants.ProviderName, Resources.Messages.HashVerificationFailed, package.Name, package.Source);
return(false);
}
else
{
request.Verbose(Resources.Messages.HashValidationSuccessfull);
}
}
catch
{
request.WriteError(ErrorCategory.InvalidOperation, Constants.ProviderName, Resources.Messages.HashVerificationFailed, package.Name, package.Source);
return(false);
}
return(true);
}
internal static bool VerifyHash(string fileFullPath, PackageJson package, PackageSourceListRequest request)
{
//skip in case the skip switch is specified
if (request.SkipHashValidation.Value)
{
request.Verbose(Resources.Messages.SkipHashValidation);
return(true);
}
PackageHash packageHash = package.Hash;
if (packageHash == null || string.IsNullOrWhiteSpace(packageHash.algorithm) || string.IsNullOrWhiteSpace(packageHash.hashCode))
{
request.WriteError(ErrorCategory.InvalidArgument, Constants.ProviderName, Resources.Messages.HashNotSpecified, package.Name);
return(false);
}
try
{
HashAlgorithm hashAlgorithm = null;
switch (packageHash.algorithm.ToLowerInvariant())
{
case "sha256":
hashAlgorithm = SHA256.Create();
break;
case "md5":
hashAlgorithm = MD5.Create();
break;
case "sha512":
hashAlgorithm = SHA512.Create();
break;
default:
request.WriteError(ErrorCategory.InvalidArgument, Constants.ProviderName, Resources.Messages.InvalidHashAlgorithm, packageHash.algorithm);
return(false);
}
using (FileStream stream = File.OpenRead(fileFullPath))
{
// compute the hash
byte[] computedHash = hashAlgorithm.ComputeHash(stream);
// convert the original hash we got from json
byte[] hashFromJSON = Convert.FromBase64String(package.Hash.hashCode);
if (!Enumerable.SequenceEqual(computedHash, hashFromJSON))
{
request.WriteError(ErrorCategory.InvalidOperation, Constants.ProviderName, Resources.Messages.HashVerificationFailed, package.Name, package.Source);
return(false);
}
else
{
request.Verbose(Resources.Messages.HashValidationSuccessful);
}
}
}
catch
{
request.WriteError(ErrorCategory.InvalidOperation, Constants.ProviderName, Resources.Messages.HashVerificationFailed, package.Name, package.Source);
return(false);
}
return(true);
}