internal StrongNameSignatureInformation(AsymmetricAlgorithm publicKey) { Debug.Assert(publicKey != null, "publicKey != null"); m_verificationResult = SignatureVerificationResult.Valid; m_publicKey = publicKey; }
internal AuthenticodeSignatureInformation(X509Native.AXL_AUTHENTICODE_SIGNER_INFO signer, X509Chain signatureChain, TimestampInformation timestamp) { this.m_verificationResult = (SignatureVerificationResult)signer.dwError; this.m_hashAlgorithmId = signer.algHash; if (signer.pwszDescription != IntPtr.Zero) { this.m_description = Marshal.PtrToStringUni(signer.pwszDescription); } if (signer.pwszDescriptionUrl != IntPtr.Zero) { Uri.TryCreate(Marshal.PtrToStringUni(signer.pwszDescriptionUrl), UriKind.RelativeOrAbsolute, out this.m_descriptionUrl); } this.m_signatureChain = signatureChain; if ((timestamp != null) && (timestamp.VerificationResult != SignatureVerificationResult.MissingSignature)) { if (timestamp.IsValid) { this.m_timestamp = timestamp; } else { this.m_verificationResult = SignatureVerificationResult.InvalidTimestamp; } } else { this.m_timestamp = null; } }
private StrongNameSignatureInformation VerifyStrongNameSignature(XmlElement signatureNode) { AsymmetricAlgorithm algorithm; if (!base.CheckSignatureReturningKey(out algorithm)) { return(new StrongNameSignatureInformation(SignatureVerificationResult.BadDigest)); } SignatureVerificationResult error = VerifyStrongNameSignatureId(signatureNode); if (error != SignatureVerificationResult.Valid) { return(new StrongNameSignatureInformation(error)); } SignatureVerificationResult result2 = VerifyStrongNameSignatureTransforms(base.Signature.SignedInfo); if (result2 != SignatureVerificationResult.Valid) { return(new StrongNameSignatureInformation(result2)); } if (!CompareBytes(this.CalculateManifestPublicKeyToken(), CalculateSignerPublicKeyToken(algorithm))) { return(new StrongNameSignatureInformation(SignatureVerificationResult.PublicKeyTokenMismatch)); } return(new StrongNameSignatureInformation(algorithm)); }
internal AuthenticodeSignatureInformation(X509Native.AXL_AUTHENTICODE_SIGNER_INFO signer, X509Chain signatureChain, TimestampInformation timestamp) { m_verificationResult = (SignatureVerificationResult)signer.dwError; m_hashAlgorithmId = signer.algHash; if (signer.pwszDescription != IntPtr.Zero) { m_description = Marshal.PtrToStringUni(signer.pwszDescription); } if (signer.pwszDescriptionUrl != IntPtr.Zero) { string descriptionUrl = Marshal.PtrToStringUni(signer.pwszDescriptionUrl); Uri.TryCreate(descriptionUrl, UriKind.RelativeOrAbsolute, out m_descriptionUrl); } m_signatureChain = signatureChain; // If there was a timestamp, and it was not valid we need to invalidate the entire Authenticode // signature as well, since we cannot assume that the signature would have verified without // the timestamp. if (timestamp != null && timestamp.VerificationResult != SignatureVerificationResult.MissingSignature) { if (timestamp.IsValid) { m_timestamp = timestamp; } else { m_verificationResult = SignatureVerificationResult.InvalidTimestamp; } } else { m_timestamp = null; } }
internal TimestampInformation(X509Native.AXL_AUTHENTICODE_TIMESTAMPER_INFO timestamper) { m_hashAlgorithmId = timestamper.algHash; m_verificationResult = (SignatureVerificationResult)timestamper.dwError; ulong filetime = ((ulong)((uint)timestamper.ftTimestamp.dwHighDateTime) << 32) | (ulong)((uint)timestamper.ftTimestamp.dwLowDateTime); m_timestamp = DateTime.FromFileTimeUtc((long)filetime); if (timestamper.pChainContext != IntPtr.Zero) { m_timestampChain = new X509Chain(timestamper.pChainContext); } }
internal TimestampInformation(X509Native.AXL_AUTHENTICODE_TIMESTAMPER_INFO timestamper) { this.m_hashAlgorithmId = timestamper.algHash; this.m_verificationResult = (SignatureVerificationResult)timestamper.dwError; ulong num = (((ulong)timestamper.ftTimestamp.dwHighDateTime) << 0x20) | ((ulong)timestamper.ftTimestamp.dwLowDateTime); this.m_timestamp = DateTime.FromFileTimeUtc((long)num); if (timestamper.pChainContext != IntPtr.Zero) { this.m_timestampChain = new X509Chain(timestamper.pChainContext); } }
internal static int HResultForVerificationResult(SignatureVerificationResult verificationResult) { switch (verificationResult) { case SignatureVerificationResult.AssemblyIdentityMismatch: case SignatureVerificationResult.PublicKeyTokenMismatch: case SignatureVerificationResult.PublisherMismatch: return(-2146762749); case SignatureVerificationResult.ContainingSignatureInvalid: return(-2146869232); } return((int)verificationResult); }
public static bool VerifyReceivedMessage(MessageToReceive messageToReceive) { SignatureVerificationResult signatureVerificationResult = Verify( messageToReceive.legacyAddress, messageToReceive.message, messageToReceive.signature ); if (signatureVerificationResult == SignatureVerificationResult.SignatureIsValid) { return(true); } return(false); }
/// <summary> /// Map a verification result to a matching HRESULT /// </summary> internal static int HResultForVerificationResult(SignatureVerificationResult verificationResult) { switch (verificationResult) { case SignatureVerificationResult.AssemblyIdentityMismatch: case SignatureVerificationResult.PublicKeyTokenMismatch: case SignatureVerificationResult.PublisherMismatch: return((int)SignatureVerificationResult.BadSignatureFormat); case SignatureVerificationResult.ContainingSignatureInvalid: return((int)SignatureVerificationResult.BadDigest); default: return((int)verificationResult); } }
/// <summary> /// Verify the strong name signature has a valid format and applies to this manifest /// </summary> private StrongNameSignatureInformation VerifyStrongNameSignature(XmlElement signatureNode) { Debug.Assert(signatureNode != null, "signatureNode != null"); // Verify that the signature is valid AsymmetricAlgorithm key; if (!CheckSignatureReturningKey(out key)) { return(new StrongNameSignatureInformation(SignatureVerificationResult.BadDigest)); } // ensure there is an ID element, and it is the strong name id SignatureVerificationResult strongNameId = VerifyStrongNameSignatureId(signatureNode); if (strongNameId != SignatureVerificationResult.Valid) { return(new StrongNameSignatureInformation(strongNameId)); } // Verify that the transforms are the ones we expect. Debug.Assert(Signature != null && Signature.SignedInfo != null, "XML signature must be verified before getting SN details"); SignatureVerificationResult transformsValid = VerifyStrongNameSignatureTransforms(Signature.SignedInfo); if (transformsValid != SignatureVerificationResult.Valid) { return(new StrongNameSignatureInformation(transformsValid)); } // ensure the public key token in the manifest identity matches the public key token of the signing // strong name key if (!CompareBytes(CalculateManifestPublicKeyToken(), CalculateSignerPublicKeyToken(key))) { return(new StrongNameSignatureInformation(SignatureVerificationResult.PublicKeyTokenMismatch)); } return(new StrongNameSignatureInformation(key)); }
private AuthenticodeSignatureInformation VerifyAuthenticodeSignature(XmlElement signatureNode, X509RevocationFlag revocationFlag, X509RevocationMode revocationMode) { Debug.Assert(signatureNode != null, "signatureNode != null"); // See if there is an Authenticode signature on the manifest XmlElement licenseNode = signatureNode.SelectSingleNode("ds:KeyInfo/msrel:RelData/r:license", m_namespaceManager) as XmlElement; if (licenseNode == null) { return(null); } // Make sure that the signature is for this manifest SignatureVerificationResult identityVerification = VerifyAuthenticodeSignatureIdentity(licenseNode); if (identityVerification != SignatureVerificationResult.Valid) { return(new AuthenticodeSignatureInformation(identityVerification)); } SignatureVerificationResult hashVerification = VerifyAuthenticodeExpectedHash(licenseNode); if (hashVerification != SignatureVerificationResult.Valid) { return(new AuthenticodeSignatureInformation(hashVerification)); } // Verify the signature, extracting information about it AuthenticodeSignatureInformation authenticodeSignature = null; X509Native.AXL_AUTHENTICODE_SIGNER_INFO signer = new X509Native.AXL_AUTHENTICODE_SIGNER_INFO(); signer.cbSize = Marshal.SizeOf(typeof(X509Native.AXL_AUTHENTICODE_SIGNER_INFO)); X509Native.AXL_AUTHENTICODE_TIMESTAMPER_INFO timestamper = new X509Native.AXL_AUTHENTICODE_TIMESTAMPER_INFO(); timestamper.cbsize = Marshal.SizeOf(typeof(X509Native.AXL_AUTHENTICODE_TIMESTAMPER_INFO)); RuntimeHelpers.PrepareConstrainedRegions(); try { byte[] licenseXml = Encoding.UTF8.GetBytes(licenseNode.OuterXml); X509Native.AxlVerificationFlags verificationFlags = MapRevocationFlags(revocationFlag, revocationMode); unsafe { fixed(byte *pLicenseXml = licenseXml) { // Safe since we're verifying the size of this buffer is correct CapiNative.CRYPTOAPI_BLOB xmlBlob = new CapiNative.CRYPTOAPI_BLOB(); xmlBlob.cbData = licenseXml.Length; xmlBlob.pbData = new IntPtr(pLicenseXml); int hrVerify = X509Native.UnsafeNativeMethods.CertVerifyAuthenticodeLicense(ref xmlBlob, verificationFlags, ref signer, ref timestamper); if (hrVerify == (int)SignatureVerificationResult.MissingSignature) { return(new AuthenticodeSignatureInformation(SignatureVerificationResult.MissingSignature)); } } } X509Chain signatureChain = BuildSignatureChain(signer, licenseNode, revocationFlag, revocationMode); TimestampInformation timestamp = GetTimestampInformation(timestamper, licenseNode); authenticodeSignature = new AuthenticodeSignatureInformation(signer, signatureChain, timestamp); } finally { X509Native.UnsafeNativeMethods.CertFreeAuthenticodeSignerInfo(ref signer); X509Native.UnsafeNativeMethods.CertFreeAuthenticodeTimestamperInfo(ref timestamper); } // Verify the signing certificate matches the expected publisher Debug.Assert(authenticodeSignature != null, "authenticodeSignature != null"); if (authenticodeSignature.SigningCertificate == null) { return(new AuthenticodeSignatureInformation(authenticodeSignature.VerificationResult)); } SignatureVerificationResult publisherMatch = VerifyAuthenticodePublisher(authenticodeSignature.SigningCertificate); if (publisherMatch != SignatureVerificationResult.Valid) { return(new AuthenticodeSignatureInformation(publisherMatch)); } return(authenticodeSignature); }
internal TimestampInformation(SignatureVerificationResult error) { Debug.Assert(error != SignatureVerificationResult.Valid, "error != SignatureVerificationResult.Valid"); m_verificationResult = error; }
private unsafe AuthenticodeSignatureInformation VerifyAuthenticodeSignature(XmlElement signatureNode, X509RevocationFlag revocationFlag, X509RevocationMode revocationMode) { XmlElement licenseNode = signatureNode.SelectSingleNode("ds:KeyInfo/msrel:RelData/r:license", this.m_namespaceManager) as XmlElement; if (licenseNode == null) { return(null); } SignatureVerificationResult error = this.VerifyAuthenticodeSignatureIdentity(licenseNode); if (error != SignatureVerificationResult.Valid) { return(new AuthenticodeSignatureInformation(error)); } SignatureVerificationResult result2 = this.VerifyAuthenticodeExpectedHash(licenseNode); if (result2 != SignatureVerificationResult.Valid) { return(new AuthenticodeSignatureInformation(result2)); } AuthenticodeSignatureInformation information = null; X509Native.AXL_AUTHENTICODE_SIGNER_INFO pSignerInfo = new X509Native.AXL_AUTHENTICODE_SIGNER_INFO { cbSize = Marshal.SizeOf(typeof(X509Native.AXL_AUTHENTICODE_SIGNER_INFO)) }; X509Native.AXL_AUTHENTICODE_TIMESTAMPER_INFO pTimestamperInfo = new X509Native.AXL_AUTHENTICODE_TIMESTAMPER_INFO { cbsize = Marshal.SizeOf(typeof(X509Native.AXL_AUTHENTICODE_TIMESTAMPER_INFO)) }; RuntimeHelpers.PrepareConstrainedRegions(); try { byte[] bytes = Encoding.UTF8.GetBytes(licenseNode.OuterXml); X509Native.AxlVerificationFlags dwFlags = MapRevocationFlags(revocationFlag, revocationMode); try { fixed(byte *numRef = bytes) { CapiNative.CRYPTOAPI_BLOB pLicenseBlob = new CapiNative.CRYPTOAPI_BLOB { cbData = bytes.Length, pbData = new IntPtr((void *)numRef) }; if (X509Native.UnsafeNativeMethods.CertVerifyAuthenticodeLicense(ref pLicenseBlob, dwFlags, ref pSignerInfo, ref pTimestamperInfo) == -2146762496) { return(new AuthenticodeSignatureInformation(SignatureVerificationResult.MissingSignature)); } } } finally { numRef = null; } X509Chain signatureChain = this.BuildSignatureChain(pSignerInfo, licenseNode, revocationFlag, revocationMode); TimestampInformation timestampInformation = this.GetTimestampInformation(pTimestamperInfo, licenseNode); information = new AuthenticodeSignatureInformation(pSignerInfo, signatureChain, timestampInformation); } finally { X509Native.UnsafeNativeMethods.CertFreeAuthenticodeSignerInfo(ref pSignerInfo); X509Native.UnsafeNativeMethods.CertFreeAuthenticodeTimestamperInfo(ref pTimestamperInfo); } if (information.SigningCertificate == null) { return(new AuthenticodeSignatureInformation(information.VerificationResult)); } SignatureVerificationResult result3 = this.VerifyAuthenticodePublisher(information.SigningCertificate); if (result3 != SignatureVerificationResult.Valid) { return(new AuthenticodeSignatureInformation(result3)); } return(information); }
public override SignatureVerificationResult VerifySignature(string path, string parent) { return(SignatureVerificationResult.UnsupportedFileTypeResult(path, parent)); }
/// <summary> /// Create an Authenticode signature information for a signature which is not valid /// </summary> internal AuthenticodeSignatureInformation(SignatureVerificationResult error) { Debug.Assert(error != SignatureVerificationResult.Valid); m_verificationResult = error; }
internal StrongNameSignatureInformation(SignatureVerificationResult error) { Debug.Assert(error != SignatureVerificationResult.Valid, "error != SignatureVerificationResult.Valid"); m_verificationResult = error; }
internal StrongNameSignatureInformation(AsymmetricAlgorithm publicKey) { this.m_verificationResult = SignatureVerificationResult.Valid; this.m_publicKey = publicKey; }
internal StrongNameSignatureInformation(SignatureVerificationResult error) { this.m_verificationResult = error; }
internal AuthenticodeSignatureInformation(SignatureVerificationResult error) { this.m_verificationResult = error; }
internal TimestampInformation(SignatureVerificationResult error) { this.m_verificationResult = error; }