/// <summary>
/// Verify.
/// </summary>
/// <param name="input">The input.</param>
/// <param name="serial">The serial.</param>
/// <returns></returns>
public override bool Verify(Stream input, string serial = null)
{
if (input == null)
{
throw new ArgumentNullException("input");
}
using (var package = Package.Open(input, FileMode.Open, FileAccess.Read))
{
var mgr = new PackageDigitalSignatureManager(package)
{
CertificateOption = CertificateEmbeddingOption.InSignaturePart
};
var result = false;
foreach (var sig in mgr.Signatures)
{
var verifyResult = mgr.VerifySignatures(true);
result = verifyResult == VerifyResult.Success;
if (result && !String.IsNullOrWhiteSpace(serial))
{
var actualSerial = new BigInteger(sig.Signer.GetSerialNumber());
var expectedSerial = CertUtil.HexadecimalStringToBigInt(serial);
result = actualSerial == expectedSerial;
}
}
package.Close();
return result;
}
}
private void SignAllParts(Package package)
{
if (package == null)
throw new ArgumentNullException("SignAllParts(package)");
// Create the DigitalSignature Manager
PackageDigitalSignatureManager dsm =
new PackageDigitalSignatureManager(package);
dsm.CertificateOption =
CertificateEmbeddingOption.InSignaturePart;
// Create a list of all the part URIs in the package to sign
// (GetParts() also includes PackageRelationship parts).
System.Collections.Generic.List<Uri> toSign =
new System.Collections.Generic.List<Uri>();
foreach (PackagePart packagePart in package.GetParts())
{
// Add all package parts to the list for signing.
toSign.Add(packagePart.Uri);
}
// Add the URI for SignatureOrigin PackageRelationship part.
// The SignatureOrigin relationship is created when Sign() is called.
// Signing the SignatureOrigin relationship disables counter-signatures.
toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin));
// Also sign the SignatureOrigin part.
toSign.Add(dsm.SignatureOrigin);
// Add the package relationship to the signature origin to be signed.
toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));
// Sign() will prompt the user to select a Certificate to sign with.
try
{
var sig = dsm.Sign(toSign);
var result = dsm.VerifySignatures(false);
if (result != VerifyResult.Success)
{
MessageBox.Show(
$@"VerifyResult: {result}",
"Package NOT Signed",
MessageBoxButtons.OK,
MessageBoxIcon.Exclamation);
}
else
{
MessageBox.Show(
$@"Signer: {sig.Signer.Issuer}
SigningTime: {sig.SigningTime}",
"Package Signed",
MessageBoxButtons.OK,
MessageBoxIcon.Information);
}
}
// If there are no certificates or the SmartCard manager is
// not running, catch the exception and show an error message.
catch (CryptographicException ex)
{
MessageBox.Show(
"Cannot Sign\n" + ex.Message,
"No Digital Certificates Available",
MessageBoxButtons.OK,
MessageBoxIcon.Error);
}
}
/// <summary>
/// Main signing process
/// </summary>
/// <param name="package"></param>
/// <returns></returns>
private bool SignAllParts(Package package)
{
if (package == null)
throw new ArgumentNullException("SignAllParts(package)");
// Create the DigitalSignature Manager
PackageDigitalSignatureManager dsm =
new PackageDigitalSignatureManager(package);
dsm.CertificateOption =
CertificateEmbeddingOption.InSignaturePart;
// Create a list of all the part URIs in the package to sign
// (GetParts() also includes PackageRelationship parts).
System.Collections.Generic.List<Uri> toSign =
new System.Collections.Generic.List<Uri>();
foreach (PackagePart packagePart in package.GetParts())
{
// Add all package parts to the list for signing.
toSign.Add(packagePart.Uri);
}
// Add the URI for SignatureOrigin PackageRelationship part.
// The SignatureOrigin relationship is created when Sign() is called.
// Signing the SignatureOrigin relationship disables counter-signatures.
toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin));
// Also sign the SignatureOrigin part.
toSign.Add(dsm.SignatureOrigin);
// Add the package relationship to the signature origin to be signed.
toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));
// Sign() will prompt the user to select a Certificate to sign with.
try
{
var cert = new X509Certificate2(this.CertificatePath, (String.IsNullOrEmpty(this.CertificatePassword) ? null : this.CertificatePassword));
dsm.Sign(toSign, cert);
}
// If there are no certificates or the SmartCard manager is
// not running, catch the exception and show an error message.
catch (CryptographicException ex)
{
Console.WriteLine(
"Cannot Sign: {0}", ex.Message);
}
return dsm.IsSigned && dsm.VerifySignatures(true) == VerifyResult.Success;
}
// ------------------------ ValidateSignatures ------------------------
/// <summary>
/// Validates all the digital signatures of a given package.</summary>
/// <param name="package">
/// The package for validating digital signatures.</param>
/// <returns>
/// true if all digital signatures are valid; otherwise false if the
/// package is unsigned or any of the signatures are invalid.</returns>
private static bool ValidateSignatures(Package package)
{
if (package == null)
throw new ArgumentNullException("ValidateSignatures(package)");
// Create a PackageDigitalSignatureManager for the given Package.
PackageDigitalSignatureManager dsm =
new PackageDigitalSignatureManager(package);
// Check to see if the package contains any signatures.
if (!dsm.IsSigned)
{
MessageBox.Show("The package is not signed");
return false;
}
// Verify that all signatures are valid.
VerifyResult result = dsm.VerifySignatures(false);
if (result != VerifyResult.Success)
{
MessageBox.Show("One or more digital signatures are invalid.");
return false;
}
// else if (result == VerifyResult.Success)
return true; // All signatures are valid.
}