private static bool ValidateSignatures(Package package) { var signatureManager = new PackageDigitalSignatureManager(package); bool isSigned = signatureManager.IsSigned; var verifyResult = signatureManager.VerifySignatures(true); return(isSigned && verifyResult == VerifyResult.Success); }
public static VerifyResult VerifySignature(OpenXmlPackage openXmlPackage) { if (openXmlPackage == null) { throw new ArgumentNullException(nameof(openXmlPackage)); } var dsm = new PackageDigitalSignatureManager(openXmlPackage.Package); return(dsm.VerifySignatures(true)); }
/// <summary> /// Main signing process /// </summary> /// <param name="package"></param> /// <returns></returns> private bool SignAllParts(Package package) { if (package == null) { throw new ArgumentNullException("SignAllParts(package)"); } // Create the DigitalSignature Manager PackageDigitalSignatureManager dsm = new PackageDigitalSignatureManager(package); dsm.CertificateOption = CertificateEmbeddingOption.InSignaturePart; // Create a list of all the part URIs in the package to sign // (GetParts() also includes PackageRelationship parts). System.Collections.Generic.List <Uri> toSign = new System.Collections.Generic.List <Uri>(); foreach (PackagePart packagePart in package.GetParts()) { // Add all package parts to the list for signing. toSign.Add(packagePart.Uri); } // Add the URI for SignatureOrigin PackageRelationship part. // The SignatureOrigin relationship is created when Sign() is called. // Signing the SignatureOrigin relationship disables counter-signatures. toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin)); // Also sign the SignatureOrigin part. toSign.Add(dsm.SignatureOrigin); // Add the package relationship to the signature origin to be signed. toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute))); // Sign() will prompt the user to select a Certificate to sign with. try { var cert = new X509Certificate2(this.CertificatePath, (String.IsNullOrEmpty(this.CertificatePassword) ? null : this.CertificatePassword)); dsm.Sign(toSign, cert); } // If there are no certificates or the SmartCard manager is // not running, catch the exception and show an error message. catch (CryptographicException ex) { Console.WriteLine( "Cannot Sign: {0}", ex.Message); } return(dsm.IsSigned && dsm.VerifySignatures(true) == VerifyResult.Success); }// end:SignAllParts()
public static Package Verify(this Package package) { if (!IsSigned(package)) { return(package); } // Create the PackageDigitalSignatureManager var dsm = new PackageDigitalSignatureManager(package) { HashAlgorithm = "http://www.w3.org/2001/04/xmlenc#sha256" }; // Verify the collection of certificates in the package (one, in this case) foreach (PackageDigitalSignature signature in dsm.Signatures) { var x = PackageDigitalSignatureManager.VerifyCertificate(signature.Signer); if (x == X509ChainStatusFlags.NoError) { continue; } // If the certificate has expired, but signature is created while the certificate was valid, we accept it else if (x == X509ChainStatusFlags.NotTimeValid) { var signer = signature.Signer as X509Certificate2; if (signer != null && signature.SigningTime >= signer.NotBefore && signature.SigningTime <= signer.NotAfter) { continue; } } throw new Exception(string.Format("Certificate validation failed : {0}", x)); } // If all certificates are valid, verify all signatures in the package. VerifyResult vResult = dsm.VerifySignatures(false); //Retrieve innerPackage/originalPackage var innerPackageName = GetInnerPackageName(); var uriString = "/" + innerPackageName + ".pgx"; var packagePart = package.GetPart(new Uri(uriString, UriKind.Relative)); var stream = packagePart.GetStream(); var originalPackage = Package.Open(stream); return(originalPackage); }
/// <summary> /// Signs all parts of the VSIX file /// </summary> /// <param name="vsixFileName">The file path of the VSIX file</param> /// <param name="pfxFileName">The file path of the certificate</param> /// <param name="password">The password for the certificate</param> /// <returns>True if the file has been signed, false otherwise</returns> private bool SignVSIXFile(string vsixFileName, string pfxFileName, string password) { if (File.Exists(vsixFileName) == false) { this.LogBuildError("VSIX file doesn't exist"); return(false); } if (File.Exists(pfxFileName) == false) { this.LogBuildError("Certificate file doesn't exist"); return(false); } LogBuildMessage(string.Format("Signing {0} ", Path.GetFileName(vsixFileName)), BuildMessageImportance.High); using (var package = Package.Open(vsixFileName, FileMode.Open)) { var packageSignatureManager = new PackageDigitalSignatureManager(package) { CertificateOption = CertificateEmbeddingOption.InSignaturePart }; var partsToSign = package.GetParts().Select(packagePart => packagePart.Uri).ToList(); partsToSign.Add(PackUriHelper.GetRelationshipPartUri(packageSignatureManager.SignatureOrigin)); partsToSign.Add(packageSignatureManager.SignatureOrigin); partsToSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute))); try { packageSignatureManager.Sign(partsToSign, new System.Security.Cryptography.X509Certificates.X509Certificate2(pfxFileName, password)); } catch (System.Security.Cryptography.CryptographicException ex) { this.LogBuildError("Error Signing File " + ex.Message); return(false); } return(packageSignatureManager.IsSigned && packageSignatureManager.VerifySignatures(true) == VerifyResult.Success); } }
public async Task ShouldSupportReSigningWithDifferentCertificate() { string path; using (var package = ShadowCopyPackage(SamplePackage, out path, OpcPackageFileMode.ReadWrite)) { var signerBuilder = package.CreateSignatureBuilder(); signerBuilder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>(); await signerBuilder.SignAsync( new CertificateSignConfigurationSet { PkcsDigestAlgorithm = HashAlgorithmName.SHA1, FileDigestAlgorithm = HashAlgorithmName.SHA1, SigningCertificate = new X509Certificate2(@"certs\rsa-2048-sha1.pfx", "test") } ); } using (var package = OpcPackage.Open(path, OpcPackageFileMode.ReadWrite)) { var signerBuilder = package.CreateSignatureBuilder(); signerBuilder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>(); await signerBuilder.SignAsync( new CertificateSignConfigurationSet { PkcsDigestAlgorithm = HashAlgorithmName.SHA256, FileDigestAlgorithm = HashAlgorithmName.SHA256, SigningCertificate = new X509Certificate2(@"certs\rsa-2048-sha256.pfx", "test") } ); } using (var netfxPackage = Package.Open(path, FileMode.Open)) { var signatureManager = new PackageDigitalSignatureManager(netfxPackage); Assert.Equal(VerifyResult.Success, signatureManager.VerifySignatures(true)); if (signatureManager.Signatures.Count != 1 || signatureManager.Signatures[0].SignedParts.Count != netfxPackage.GetParts().Count() - 1) { Assert.True(false, "Missing parts"); } var packageSignature = signatureManager.Signatures[0]; Assert.Equal(OpcKnownUris.SignatureAlgorithms.rsaSHA256.AbsoluteUri, packageSignature.Signature.SignedInfo.SignatureMethod); } }
/// <summary> /// Checks the signatures in the package /// </summary> /// <param name="packagePath"></param> /// <param name="certificatesStatus">Status of the certificate (dictionary with the subject and /// verification status of the certificates) </param> /// <returns></returns> private static VerifyResult VerifySignatures( string packagePath, out Dictionary <string, X509ChainStatusFlags> certificatesStatus) { VerifyResult vResult; certificatesStatus = new Dictionary <string, X509ChainStatusFlags>(); using (Package package = Package.Open(packagePath, FileMode.Open, FileAccess.Read)) { PackageDigitalSignatureManager dsm = new PackageDigitalSignatureManager(package); // Verify the collection of certificates in the package foreach (PackageDigitalSignature signature in dsm.Signatures) { certificatesStatus.Add( signature.Signer.Subject, PackageDigitalSignatureManager.VerifyCertificate(signature.Signer)); } // For this example, if all certificates are valid, verify all signatures in the package. vResult = dsm.VerifySignatures(false); } return(vResult); }
public async Task ShouldSignWithAzureCertificateAndTimestamp() { var creds = TestAzureCredentials.Credentials; string path; using (var package = ShadowCopyPackage(SamplePackage, out path, OpcPackageFileMode.ReadWrite)) { var builder = package.CreateSignatureBuilder(); builder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>(); var signature = await builder.SignAsync( new AzureKeyVaultSignConfigurationSet { FileDigestAlgorithm = HashAlgorithmName.SHA256, PkcsDigestAlgorithm = HashAlgorithmName.SHA256, AzureClientId = creds.ClientId, AzureClientSecret = creds.ClientSecret, AzureKeyVaultUrl = creds.AzureKeyVaultUrl, AzureKeyVaultCertificateName = creds.AzureKeyVaultCertificateName } ); Assert.NotNull(signature); var timestampBuilder = signature.CreateTimestampBuilder(); var timestampServer = new Uri("http://timestamp.digicert.com", UriKind.Absolute); var result = await timestampBuilder.SignAsync(timestampServer, HashAlgorithmName.SHA256); } using (var netfxPackage = Package.Open(path, FileMode.Open)) { var signatureManager = new PackageDigitalSignatureManager(netfxPackage); Assert.Equal(VerifyResult.Success, signatureManager.VerifySignatures(true)); if (signatureManager.Signatures.Count != 1 || signatureManager.Signatures[0].SignedParts.Count != netfxPackage.GetParts().Count() - 1) { Assert.True(false, "Missing parts"); } var packageSignature = signatureManager.Signatures[0]; var expectedAlgorithm = OpcKnownUris.SignatureAlgorithms.rsaSHA256.AbsoluteUri; Assert.Equal(expectedAlgorithm, packageSignature.Signature.SignedInfo.SignatureMethod); } }
private static bool ValidateSignatures(Package package) { if (package == null) { throw new ArgumentNullException("ValidateSignatures(package)"); } var dsm = new PackageDigitalSignatureManager(package); bool result = dsm.IsSigned; if (result) { result = result && ValidatePackageCertificates(dsm); if (result) { VerifyResult verifyResult = dsm.VerifySignatures(false); result = result && verifyResult == VerifyResult.Success; } } return(result); }
/// <summary> /// Validates the Package Digital Signatures /// </summary> /// <returns> /// True if the Package is Valid; /// False is the Package is Invalid. /// </returns> public bool Validate() { if (DocumentType.Equals(Types.XpsDocument)) { int validate = 0; foreach (XpsDigitalSignature digitalSignature in xpsDocument.Signatures) { // Verify the signature object, if present. if (digitalSignature.Verify() == VerifyResult.Success) { //Signature is valid } else { //Signature is not valid InvalidDigitalSignatureHolderNames.Add(digitalSignature.SignerCertificate.Subject.Replace("CN=", "")); InvalidDigitalSignatureHolderNames.Add(digitalSignature.SignedDocumentSequence.Uri.ToString()); InvalidDigitalSignatureHolderNames.Add(digitalSignature.SigningTime.ToString()); InvalidDigitalSignatureHolderNames.Add(digitalSignature.SignerCertificate.Issuer.Replace("CN=", "")); validate = 1; } } if (validate == 1) { return(false); } else { return(true); } } else if (DocumentType.Equals(Types.PdfDocument)) { if (this.pdfSignatureList != null) { foreach (CertificadoDigital.Signature sig in this.pdfSignatureList) { if (!sig.Valid) { return(false); } } return(true); } else { return(false); } } else { if (package == null) { throw new ArgumentNullException("ValidateSignatures(package)"); } PackageDigitalSignatureManager dsm = new PackageDigitalSignatureManager(package); dsm.InvalidSignatureEvent += new InvalidSignatureEventHandler(dsm_InvalidSignatureEvent); //Checking for Signatures if (!dsm.IsSigned) { return(false); } VerifyResult result = dsm.VerifySignatures(false); if (result != VerifyResult.Success) { return(false); } return(true); } }
public static VerifyResult VerifySignature(Package package) { var dsm = new PackageDigitalSignatureManager(package); return(dsm.VerifySignatures(true)); }