private SignatureVerificationStatus VerifyRepositorySignature(
Signature signature,
X509Certificate2Collection certificates)
{
var settings = new SignatureVerifySettings(
treatIssuesAsErrors: !_settings.AllowIllegal,
allowUntrustedRoot: _settings.AllowUntrusted,
allowUnknownRevocation: _settings.AllowUnknownRevocation,
logOnSignatureExpired: false);
var issues = new List <SignatureLog>();
Timestamp timestamp = null;
if (!_settings.AllowIgnoreTimestamp &&
!signature.TryGetValidTimestamp(
_settings,
_fingerprintAlgorithm,
issues,
out var verificationFlags,
out timestamp))
{
return(VerificationUtility.GetSignatureVerificationStatus(verificationFlags));
}
var summary = signature.Verify(
timestamp,
settings,
_fingerprintAlgorithm,
certificates,
issues);
return(summary.Status);
}
private SignatureVerificationSummary VerifyValidityAndTrust(
Signature signature,
SignedPackageVerifierSettings verifierSettings,
SignatureVerifySettings settings,
X509Certificate2Collection certificateExtraStore,
List <SignatureLog> issues)
{
var timestampIssues = new List <SignatureLog>();
if (!signature.TryGetValidTimestamp(verifierSettings, _fingerprintAlgorithm, timestampIssues, out var verificationFlags, out var validTimestamp) && !verifierSettings.AllowIgnoreTimestamp)
{
issues.AddRange(timestampIssues);
return(null);
}
var status = signature.Verify(
validTimestamp,
settings,
_fingerprintAlgorithm,
certificateExtraStore,
issues);
issues.AddRange(timestampIssues);
return(status);
}
private SignatureVerificationSummary GetTimestamp(
Signature signature,
SignedPackageVerifierSettings verifierSettings,
out Timestamp timestamp)
{
var issues = new List <SignatureLog>();
SignatureVerificationStatus status;
SignatureVerificationStatusFlags statusFlags;
var succeeded = signature.TryGetValidTimestamp(verifierSettings, _fingerprintAlgorithm, issues, out statusFlags, out timestamp);
status = VerificationUtility.GetSignatureVerificationStatus(statusFlags);
if (!succeeded)
{
if (statusFlags == SignatureVerificationStatusFlags.NoValidTimestamp ||
statusFlags == SignatureVerificationStatusFlags.MultipleTimestamps)
{
status = SignatureVerificationStatus.Disallowed;
}
}
return(new SignatureVerificationSummary(signature.Type, status, statusFlags, issues));
}