// in case we just want to timestamp the file
        public bool Timestamp(string fileName)
        {
            try
            {
                AuthenticodeDeformatter def = new AuthenticodeDeformatter(fileName);
                byte[] signature            = def.Signature;
                if (signature != null)
                {
                    Open(fileName);
                    PKCS7.ContentInfo ci = new PKCS7.ContentInfo(signature);
                    pkcs7 = new PKCS7.SignedData(ci.Content);

                    byte[] response = Timestamp(pkcs7.SignerInfo.Signature);
                    ASN1   ts       = new ASN1(Convert.FromBase64String(Encoding.ASCII.GetString(response)));
                    // insert new certificates and countersignature into the original signature
                    ASN1 asn     = new ASN1(signature);
                    ASN1 content = asn.Element(1, 0xA0);
                    if (content == null)
                    {
                        return(false);
                    }

                    ASN1 signedData = content.Element(0, 0x30);
                    if (signedData == null)
                    {
                        return(false);
                    }

                    // add the supplied certificates inside our signature
                    ASN1 certificates = signedData.Element(3, 0xA0);
                    if (certificates == null)
                    {
                        certificates = new ASN1(0xA0);
                        signedData.Add(certificates);
                    }
                    for (int i = 0; i < ts[1][0][3].Count; i++)
                    {
                        certificates.Add(ts[1][0][3][i]);
                    }

                    // add an unauthentified attribute to our signature
                    ASN1 signerInfoSet   = signedData[signedData.Count - 1];
                    ASN1 signerInfo      = signerInfoSet[0];
                    ASN1 unauthenticated = signerInfo[signerInfo.Count - 1];
                    if (unauthenticated.Tag != 0xA1)
                    {
                        unauthenticated = new ASN1(0xA1);
                        signerInfo.Add(unauthenticated);
                    }
                    unauthenticated.Add(Attribute(countersignature, ts[1][0][4][0]));

                    return(Save(fileName, asn.GetBytes()));
                }
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
            }
            return(false);
        }
Пример #2
0
        /// <summary>
        /// 
        /// </summary>
        /// <param name="nonAssemblies">a list of PE files that aren't in an assembly</param>
        /// <returns></returns>
        internal bool VerifyNonAssemblies(IEnumerable<String> nonAssemblies)
        {
            bool ret = true;

             foreach (String fileName in nonAssemblies)
             {
                 try
                 {
                     var authenticodeFileHandler = new AuthenticodeDeformatter(fileName);

                     if (authenticodeFileHandler.Certificates.Count < 1)
                     {
                         ret = false;
                         Console.WriteLine(fileName + " is not properly signed.");
                     }
                 }
                 catch (IOException e)
                 {
                    ret = false;
                    Console.WriteLine(e.Message);
                 }
             }

             return ret;
        }
 public bool Timestamp(string fileName)
 {
     try
     {
         AuthenticodeDeformatter authenticodeDeformatter = new AuthenticodeDeformatter(fileName);
         byte[] signature = authenticodeDeformatter.Signature;
         if (signature != null)
         {
             base.Open(fileName);
             PKCS7.ContentInfo contentInfo = new PKCS7.ContentInfo(signature);
             this.pkcs7 = new PKCS7.SignedData(contentInfo.Content);
             byte[] bytes = this.Timestamp(this.pkcs7.SignerInfo.Signature);
             ASN1   asn   = new ASN1(Convert.FromBase64String(Encoding.ASCII.GetString(bytes)));
             ASN1   asn2  = new ASN1(signature);
             ASN1   asn3  = asn2.Element(1, 160);
             if (asn3 == null)
             {
                 return(false);
             }
             ASN1 asn4 = asn3.Element(0, 48);
             if (asn4 == null)
             {
                 return(false);
             }
             ASN1 asn5 = asn4.Element(3, 160);
             if (asn5 == null)
             {
                 asn5 = new ASN1(160);
                 asn4.Add(asn5);
             }
             for (int i = 0; i < asn[1][0][3].Count; i++)
             {
                 asn5.Add(asn[1][0][3][i]);
             }
             ASN1 asn6 = asn4[asn4.Count - 1];
             ASN1 asn7 = asn6[0];
             ASN1 asn8 = asn7[asn7.Count - 1];
             if (asn8.Tag != 161)
             {
                 asn8 = new ASN1(161);
                 asn7.Add(asn8);
             }
             asn8.Add(this.Attribute("1.2.840.113549.1.9.6", asn[1][0][4][0]));
             return(this.Save(fileName, asn2.GetBytes()));
         }
     }
     catch (Exception value)
     {
         Console.WriteLine(value);
     }
     return(false);
 }
Пример #4
0
 public bool Timestamp(string fileName)
 {
     try
     {
         AuthenticodeDeformatter authenticodeDeformatter = new AuthenticodeDeformatter(fileName);
         byte[] signature = authenticodeDeformatter.Signature;
         if (signature != null)
         {
             Open(fileName);
             PKCS7.ContentInfo contentInfo = new PKCS7.ContentInfo(signature);
             pkcs7 = new PKCS7.SignedData(contentInfo.Content);
             byte[] bytes = Timestamp(pkcs7.SignerInfo.Signature);
             ASN1   aSN   = new ASN1(Convert.FromBase64String(Encoding.ASCII.GetString(bytes)));
             ASN1   aSN2  = new ASN1(signature);
             ASN1   aSN3  = aSN2.Element(1, 160);
             if (aSN3 == null)
             {
                 return(false);
             }
             ASN1 aSN4 = aSN3.Element(0, 48);
             if (aSN4 == null)
             {
                 return(false);
             }
             ASN1 aSN5 = aSN4.Element(3, 160);
             if (aSN5 == null)
             {
                 aSN5 = new ASN1(160);
                 aSN4.Add(aSN5);
             }
             for (int i = 0; i < aSN[1][0][3].Count; i++)
             {
                 aSN5.Add(aSN[1][0][3][i]);
             }
             ASN1 aSN6 = aSN4[aSN4.Count - 1];
             ASN1 aSN7 = aSN6[0];
             ASN1 aSN8 = aSN7[aSN7.Count - 1];
             if (aSN8.Tag != 161)
             {
                 aSN8 = new ASN1(161);
                 aSN7.Add(aSN8);
             }
             aSN8.Add(Attribute("1.2.840.113549.1.9.6", aSN[1][0][4][0]));
             return(Save(fileName, aSN2.GetBytes()));
         }
     }
     catch (Exception value)
     {
         Console.WriteLine(value);
     }
     return(false);
 }
Пример #5
0
        internal override bool VerifyAssemblies(IEnumerable<string> assemblies)
        {
            bool ret = true;

            PKCS12 pkcs = null;
            //first open pfxfile
            try
            {
                if (password == null)
                {
                    pkcs = PKCS12.LoadFromFile(pfxFile);
                }
                else
                {
                    pkcs = PKCS12.LoadFromFile(pfxFile, password);
                }

            }
            catch
            {
                Console.WriteLine("Something went wrong when you tried to open the PKCS file");
                return false;
            }

            var codeSigningCert = pkcs.FindCodeSigningCert();
            byte[] pubKey = codeSigningCert.PublicKey;
            var expiryDate = codeSigningCert.ValidUntil;
            foreach (string s in assemblies)
            {
                try
                {
                    var authenticodeDeformatter = new AuthenticodeDeformatter(Path.GetFullPath(s));
                    var fileCert = authenticodeDeformatter.SigningCertificate;
                    //var test = new ASN1(fileCert.PublicKey);
                    if (fileCert == null || !pubKey.SequenceEqual(fileCert.PublicKey) || expiryDate != fileCert.ValidUntil)
                    {
                        ret = false;
                        Console.WriteLine("The file " + s + " was not signed with the same certificate that was passed in." );
                    }

                }
                catch (Exception e)
                {
                    ret = false;
                    Console.WriteLine(e.Message);
                }
            }

            return ret;
        }
Пример #6
0
		public static X509Certificate CreateFromSignedFile (string filename)
		{
			try {
				AuthenticodeDeformatter a = new AuthenticodeDeformatter (filename);
				if (a.SigningCertificate != null) {
					return new X509Certificate (a.SigningCertificate.RawData);
				}
			}
			catch (SecurityException) {
				// don't wrap SecurityException into a COMException
				throw;
			}
			catch (Exception e) {
				string msg = Locale.GetText ("Couldn't extract digital signature from {0}.", filename);
				throw new COMException (msg, e);
			}
			throw new CryptographicException (Locale.GetText ("{0} isn't signed.", filename));
		}
		public void VerifyUnsignedAssembly ()
		{
			string filename = Assembly.GetExecutingAssembly ().Location;
			AuthenticodeDeformatter ad = new AuthenticodeDeformatter (filename);
			// no digital signature
			Assert.AreEqual (1, ad.Reason, "Reason");
			Assert.IsNull (ad.Hash, "Hash");
			Assert.AreEqual (DateTime.MinValue, ad.Timestamp, "Timestamp");
			Assert.IsNull (ad.Certificates, "Certificates");
			Assert.IsNull (ad.SigningCertificate, "SigningCertificate");
		}
		public void VerifySignedAssembly ()
		{
			string filename = WriteFile ();
			AuthenticodeDeformatter ad = new AuthenticodeDeformatter (filename);
			// note: it's a valid signed PE file - but it doesn't 
			// mean it's root is trusted on the current system
			Assert.IsTrue (((ad.Reason == 0) || (ad.Reason == 6)), "Reason");
			Assert.AreEqual ("35-A5-21-3B-FC-FE-FA-40-97-AA-BB-DE-3B-52-15-6F", BitConverter.ToString (ad.Hash), "Hash");
			Assert.AreEqual (632011370700000000, ad.Timestamp.ToUniversalTime ().Ticks, "Timestamp");
			Assert.AreEqual (4, ad.Certificates.Count, "#Certificates");
			Assert.AreEqual ("C=ZA, S=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, [email protected]", ad.SigningCertificate.IssuerName, "IssuerName");
			Assert.AreEqual ("C=CA, S=Quebec, L=Quebec, O=Motus Technologies Inc., OU=Secure Application Development, CN=Motus Technologies Inc.", ad.SigningCertificate.SubjectName, "SubjectName");
		}
Пример #9
0
		static internal Evidence GetDefaultHostEvidence (Assembly a) 
		{
			Evidence e = new Evidence ();
			string aname = a.EscapedCodeBase;

			// by default all assembly have the Zone, Url and Hash evidences
			e.AddHost (Zone.CreateFromUrl (aname));
			e.AddHost (new Url (aname));
			e.AddHost (new Hash (a));

			// non local files (e.g. http://) also get a Site evidence
			if (String.Compare ("FILE://", 0, aname, 0, 7, true, CultureInfo.InvariantCulture) != 0) {
				e.AddHost (Site.CreateFromUrl (aname));
			}

			// strongnamed assemblies gets a StrongName evidence
			AssemblyName an = a.GetName ();
			byte[] pk = an.GetPublicKey ();
			if ((pk != null) && (pk.Length > 0)) {
				StrongNamePublicKeyBlob blob = new StrongNamePublicKeyBlob (pk);
				e.AddHost (new StrongName (blob, an.Name, an.Version));
			}

			// Authenticode(r) signed assemblies get a Publisher evidence
			if (IsAuthenticodePresent (a)) {
				// Note: The certificate is part of the evidences even if it is not trusted!
				// so we can't call X509Certificate.CreateFromSignedFile
				AuthenticodeDeformatter ad = new AuthenticodeDeformatter (a.Location);
				if (ad.SigningCertificate != null) {
					X509Certificate x509 = new X509Certificate (ad.SigningCertificate.RawData);
					if (x509.GetHashCode () != 0) {
						e.AddHost (new Publisher (x509));
					}
				}
			}
			// assemblies loaded from the GAC also get a Gac evidence (new in Fx 2.0)
			if (a.GlobalAssemblyCache) {
				e.AddHost (new GacInstalled ());
			}

			// the current HostSecurityManager may add/remove some evidence
			AppDomainManager dommgr = AppDomain.CurrentDomain.DomainManager;
			if (dommgr != null) {
				if ((dommgr.HostSecurityManager.Flags & HostSecurityManagerOptions.HostAssemblyEvidence) ==
					HostSecurityManagerOptions.HostAssemblyEvidence) {
					e = dommgr.HostSecurityManager.ProvideAssemblyEvidence (a, e);
				}
			}

			return e;
		}
Пример #10
0
		// static methods
		static public int Check (string fileName, bool quiet, bool verbose) 
		{
			AuthenticodeDeformatter a = new AuthenticodeDeformatter (fileName);
			
			// debug
/*			FileStream fs = File.Open (fileName + ".sig", FileMode.Create, FileAccess.Write);
			fs.Write (a.Signature, 0, a.Signature.Length);
			fs.Close ();*/

			// get something shorter to display
			fileName = Path.GetFileName (fileName);

			if (verbose) {
				Console.WriteLine ("Verifying file {0} for Authenticode(tm) signatures...{1}", fileName, Environment.NewLine);
			}

			if (a.Timestamp == DateTime.MinValue) {
				// signature only valid if the certificate is valid
				Console.WriteLine ("WARNING! {0} is not timestamped!", fileName);
			}
			else if (verbose) {
				Console.WriteLine ("INFO! {0} was timestamped on {1}", fileName, a.Timestamp);
			}

			if (a.Reason > 0) {
				string msg = null;
				// FAILURES
				switch (a.Reason) {
					case 1:
						msg = "doesn't contain a digital signature";
						break;
					case 2:
						msg = "digital signature is invalid";
						break;
					case 3:
						msg = "countersignature (timestamp) is invalid";
						break;
					case 4:
						msg = "timestamp is outside certificate validity";
						break;
					case 5:
						msg = "use an unsupported hash algorithm. Verification is impossible";
						break;
					case 6:
						msg = "signature can't be traced back to a trusted root";
						break;
					case 7:
						msg = "couldn't find the certificate that signed the file";
						break;
					case 8:
						msg = "certificate is expired and no timestamp is present";
						break;
					default:
						msg = "unknown error";
						break;
				}
	
				Console.WriteLine ("ERROR! {0} {1}!{2}", fileName, msg, Environment.NewLine);
				return 1;
			}

			Console.WriteLine ("SUCCESS: {0} signature is valid{1}and can be traced back to a trusted root!{2}", fileName, Environment.NewLine, Environment.NewLine);
			return 0;
		}
Пример #11
0
		public static X509Certificate CreateFromSignedFile (string filename)
		{
			try {
				AuthenticodeDeformatter a = new AuthenticodeDeformatter (filename);
				if (a.SigningCertificate != null) {
#if !NET_2_0
					// before 2.0 the signing certificate is returned only if the signature is valid
					if (a.Reason != 0) {
						string msg = String.Format (Locale.GetText (
							"Invalid digital signature on {0}, reason #{1}."),
							filename, a.Reason);
						throw new COMException (msg);
					}
#endif
					return new X509Certificate (a.SigningCertificate.RawData);
				}
			}
			catch (SecurityException) {
				// don't wrap SecurityException into a COMException
				throw;
			}
#if !NET_2_0
			catch (COMException) {
				// don't wrap COMException into a COMException
				throw;
			}
#endif
			catch (Exception e) {
				string msg = Locale.GetText ("Couldn't extract digital signature from {0}.", filename);
				throw new COMException (msg, e);
			}
#if NET_2_0
			throw new CryptographicException (Locale.GetText ("{0} isn't signed.", filename));
#else
			// if no signature is present return an empty certificate
			byte[] cert = null; // must not confuse compiler about null ;)
			return new X509Certificate (cert);
#endif
		}
Пример #12
-1
		// in case we just want to timestamp the file
		public bool Timestamp (string fileName) 
		{
			try {
				AuthenticodeDeformatter def = new AuthenticodeDeformatter (fileName);
				byte[] signature = def.Signature;
				if (signature != null) {
					Open (fileName);
					PKCS7.ContentInfo ci = new PKCS7.ContentInfo (signature);
					pkcs7 = new PKCS7.SignedData (ci.Content);

					byte[] response = Timestamp (pkcs7.SignerInfo.Signature);
					ASN1 ts = new ASN1 (Convert.FromBase64String (Encoding.ASCII.GetString (response)));
					// insert new certificates and countersignature into the original signature
					ASN1 asn = new ASN1 (signature);
					ASN1 content = asn.Element (1, 0xA0);
					if (content == null)
						return false;

					ASN1 signedData = content.Element (0, 0x30);
					if (signedData == null)
						return false;

					// add the supplied certificates inside our signature
					ASN1 certificates = signedData.Element (3, 0xA0);
					if (certificates == null) {
						certificates = new ASN1 (0xA0);
						signedData.Add (certificates);
					}
					for (int i = 0; i < ts[1][0][3].Count; i++) {
						certificates.Add (ts[1][0][3][i]);
					}

					// add an unauthentified attribute to our signature
					ASN1 signerInfoSet = signedData[signedData.Count - 1];
					ASN1 signerInfo = signerInfoSet[0];
					ASN1 unauthenticated = signerInfo[signerInfo.Count - 1];
					if (unauthenticated.Tag != 0xA1) {
						unauthenticated = new ASN1 (0xA1);
						signerInfo.Add (unauthenticated);
					}
					unauthenticated.Add (Attribute (countersignature, ts[1][0][4][0]));

					return Save (fileName, asn.GetBytes ());
				}
			}
			catch (Exception e) {
				Console.WriteLine (e);
			}
			return false;
		}