/// <summary>
/// Verifies a given XPS digital signature.
/// </summary>
/// <remarks>This computes and checks the hashes of all the package
/// parts, so it may take a long time to complete.</remarks>
/// <param name="xpsSignature">The XPS signature to verify</param>
/// <returns>The status of the signature</returns>
private static SignatureStatus VerifyXpsDigitalSignature(XpsDigitalSignature xpsDigitalSignature)
{
SignatureStatus status = SignatureStatus.Unknown;
//Verify signature and map to DRPs SignatureStatus enum.
switch (xpsDigitalSignature.Verify())
{
case VerifyResult.Success:
{
status = SignatureStatus.Valid;
break;
}
case VerifyResult.NotSigned:
{
status = SignatureStatus.NotSigned;
break;
}
default:
{
status = SignatureStatus.Invalid;
break;
}
}
return(status);
}
/// <summary>
/// See IDigitalSignatureProvider
/// </summary>
void IDigitalSignatureProvider.SignDocument(DigitalSignature digitalSignature)
{
AssertIsSignable();
XpsDigSigPartAlteringRestrictions reachRestrictions = XpsDigSigPartAlteringRestrictions.None;
if (digitalSignature.IsDocumentPropertiesRestricted)
{
reachRestrictions |= XpsDigSigPartAlteringRestrictions.CoreMetadata;
}
// If additional signatures should invalidate this signature, we
// need to sign the signature origin part
if (digitalSignature.IsAddingSignaturesRestricted)
{
reachRestrictions |= XpsDigSigPartAlteringRestrictions.SignatureOrigin;
}
// a null guid means there was no associated spot, so create a guid
if (digitalSignature.GuidID == null)
{
digitalSignature.GuidID = Guid.NewGuid();
}
XpsDigitalSignature xpsDigitalSignature =
XpsDocument.SignDigitally(
digitalSignature.Certificate,
true,
reachRestrictions,
(Guid)digitalSignature.GuidID,
false /* don't re-verify IsSignable, we've already done it */
);
if (xpsDigitalSignature != null)
{
// Fill in relevant fields from the XPS signature
digitalSignature.XpsDigitalSignature = xpsDigitalSignature;
digitalSignature.SignatureState = SignatureStatus.Valid;
digitalSignature.SignedOn = xpsDigitalSignature.SigningTime;
// Save the simple name from the certificate as the subject name
// in the signature
digitalSignature.SubjectName =
digitalSignature.Certificate.GetNameInfo(
X509NameType.SimpleName,
false /* don't include issuer name */);
// Add the new signature to the list (if it isn't already there).
// That is a possibility since the first signature in a document
// is always added as a signature definition and a signature.
if (!DigitalSignatureList.Contains(digitalSignature))
{
DigitalSignatureList.Add(digitalSignature);
}
}
}
/// <summary>
/// Gets the CertificateStatus for a specific certificate.
/// </summary>
private static CertificatePriorityStatus GetCertificateStatus(X509Certificate2 certificate)
{
//Default status is the most severe error: Corrupted
CertificatePriorityStatus certificatePriorityStatus = CertificatePriorityStatus.Corrupted;
X509ChainStatusFlags x509ChainStatusFlags;
// Use the static VerifyCertificate method on XpsDigitalSignature
// to verify the certificate
x509ChainStatusFlags = XpsDigitalSignature.VerifyCertificate(certificate);
//Strip out all known flags (minus Cyclic and NotSignatureValid). What is left are any unknown flags
//and flags that convert to Corrupted.
X509ChainStatusFlags x509RemainingFlags = (x509ChainStatusFlags ^ _x509NonCorruptedFlags) &
~(_x509NonCorruptedFlags);
//x509ChainStatusFlags is a flag we want to convert to a CertificatePriorityStatus.
//First we need to make sure there are no unknown flags. If there is an unknown
//flag we assume that it is the worst possible error and leave CertificateStatus
//set to Corrupted. Leaving out Cyclic and NotSignatureValid since they also convert
//to Corrupted.
if (x509RemainingFlags == X509ChainStatusFlags.NoError)
{
//The following flags convert to CannotBeVerified
if ((x509ChainStatusFlags & _x509CannotBeVerifiedFlags) != X509ChainStatusFlags.NoError)
{
certificatePriorityStatus = CertificatePriorityStatus.CannotBeVerified;
}
//The following flags convert to IssuerNotTrusted
else if ((x509ChainStatusFlags & _x509IssuerNotTrustedFlags) != X509ChainStatusFlags.NoError)
{
certificatePriorityStatus = CertificatePriorityStatus.IssuerNotTrusted;
}
//The following flags convert to Revoked
else if ((x509ChainStatusFlags & _x509RevokedFlags) != X509ChainStatusFlags.NoError)
{
certificatePriorityStatus = CertificatePriorityStatus.Revoked;
}
//The following flags convert to Expired
else if ((x509ChainStatusFlags & _x509ExpiredFlags) != X509ChainStatusFlags.NoError)
{
certificatePriorityStatus = CertificatePriorityStatus.Expired;
}
//The following flags are all considered Igorable
else
{
certificatePriorityStatus = CertificatePriorityStatus.Ok;
}
}
return(certificatePriorityStatus);
}
/// <summary>
/// Maps an XpsDigitalSignature to our DigitalSignature.
/// </summary>
/// <param name="xpsDigitalSignature">The signature to convert</param>
/// <returns>A DigitalSignature that corresponds to the signature
/// passed in as a parameter</returns>
private static DigitalSignature ConvertXpsDigitalSignature(XpsDigitalSignature xpsDigitalSignature)
{
DigitalSignature digitalSignature = new DigitalSignature();
digitalSignature.XpsDigitalSignature = xpsDigitalSignature;
X509Certificate2 x509Certificate2 =
xpsDigitalSignature.SignerCertificate as X509Certificate2;
digitalSignature.SignatureState = SignatureStatus.Unknown;
// Copy simple fields if cert isn't null. If it is null then the
// cert wasn't embedded into container so don't copy cert related
// fields.
if (x509Certificate2 != null)
{
digitalSignature.Certificate = x509Certificate2;
digitalSignature.SignedOn = xpsDigitalSignature.SigningTime;
// save the simple name from the certificate as the subject name
// in the signature
digitalSignature.SubjectName =
x509Certificate2.GetNameInfo(
X509NameType.SimpleName,
false /* don't include issuer name */);
}
digitalSignature.IsDocumentPropertiesRestricted =
xpsDigitalSignature.DocumentPropertiesRestricted;
// If the signature origin part is signed, adding new signatures
// will invalidate this signature
digitalSignature.IsAddingSignaturesRestricted =
xpsDigitalSignature.SignatureOriginRestricted;
//These fields come from a Signature Definition.
digitalSignature.Reason = string.Empty;
digitalSignature.Location = string.Empty;
return(digitalSignature);
}
public void RemoveSignature(XpsDigitalSignature signature)
{
this.CheckDisposed();
if (signature == null)
{
throw new ArgumentNullException("signature");
}
if (signature.PackageSignature == null)
{
throw new NullReferenceException("signature.PackageSignature");
}
if (signature.PackageSignature.SignaturePart == null)
{
throw new NullReferenceException("signature.PackageSignature.SignaturePart");
}
if (base.CurrentXpsManager == null)
{
throw new InvalidOperationException(SR.Get("ReachPackaging_DocumentWasClosed"));
}
new PackageDigitalSignatureManager(base.CurrentXpsManager.MetroPackage).RemoveSignature(signature.PackageSignature.SignaturePart.Uri);
this._reachSignatures = null;
this._reachSignatureList = null;
this.EnsureSignatures();
}
private void EnsureSignatures()
{
if (this._reachSignatures == null)
{
this._reachSignatures = new Collection<XpsDigitalSignature>();
PackageDigitalSignatureManager manager = new PackageDigitalSignatureManager(base.CurrentXpsManager.MetroPackage);
foreach (PackageDigitalSignature signature in manager.Signatures)
{
XpsDigitalSignature item = new XpsDigitalSignature(signature, this);
if (item.SignedDocumentSequence != null)
{
this._reachSignatures.Add(item);
}
}
}
}
private XpsDigitalSignature AddSignature(PackageDigitalSignature packSignature)
{
XpsDigitalSignature item = new XpsDigitalSignature(packSignature, this);
this._reachSignatures.Add(item);
return item;
}
