/// <summary> /// Verifies a given XPS digital signature. /// </summary> /// <remarks>This computes and checks the hashes of all the package /// parts, so it may take a long time to complete.</remarks> /// <param name="xpsSignature">The XPS signature to verify</param> /// <returns>The status of the signature</returns> private static SignatureStatus VerifyXpsDigitalSignature(XpsDigitalSignature xpsDigitalSignature) { SignatureStatus status = SignatureStatus.Unknown; //Verify signature and map to DRPs SignatureStatus enum. switch (xpsDigitalSignature.Verify()) { case VerifyResult.Success: { status = SignatureStatus.Valid; break; } case VerifyResult.NotSigned: { status = SignatureStatus.NotSigned; break; } default: { status = SignatureStatus.Invalid; break; } } return(status); }
/// <summary> /// See IDigitalSignatureProvider /// </summary> void IDigitalSignatureProvider.SignDocument(DigitalSignature digitalSignature) { AssertIsSignable(); XpsDigSigPartAlteringRestrictions reachRestrictions = XpsDigSigPartAlteringRestrictions.None; if (digitalSignature.IsDocumentPropertiesRestricted) { reachRestrictions |= XpsDigSigPartAlteringRestrictions.CoreMetadata; } // If additional signatures should invalidate this signature, we // need to sign the signature origin part if (digitalSignature.IsAddingSignaturesRestricted) { reachRestrictions |= XpsDigSigPartAlteringRestrictions.SignatureOrigin; } // a null guid means there was no associated spot, so create a guid if (digitalSignature.GuidID == null) { digitalSignature.GuidID = Guid.NewGuid(); } XpsDigitalSignature xpsDigitalSignature = XpsDocument.SignDigitally( digitalSignature.Certificate, true, reachRestrictions, (Guid)digitalSignature.GuidID, false /* don't re-verify IsSignable, we've already done it */ ); if (xpsDigitalSignature != null) { // Fill in relevant fields from the XPS signature digitalSignature.XpsDigitalSignature = xpsDigitalSignature; digitalSignature.SignatureState = SignatureStatus.Valid; digitalSignature.SignedOn = xpsDigitalSignature.SigningTime; // Save the simple name from the certificate as the subject name // in the signature digitalSignature.SubjectName = digitalSignature.Certificate.GetNameInfo( X509NameType.SimpleName, false /* don't include issuer name */); // Add the new signature to the list (if it isn't already there). // That is a possibility since the first signature in a document // is always added as a signature definition and a signature. if (!DigitalSignatureList.Contains(digitalSignature)) { DigitalSignatureList.Add(digitalSignature); } } }
/// <summary> /// Gets the CertificateStatus for a specific certificate. /// </summary> private static CertificatePriorityStatus GetCertificateStatus(X509Certificate2 certificate) { //Default status is the most severe error: Corrupted CertificatePriorityStatus certificatePriorityStatus = CertificatePriorityStatus.Corrupted; X509ChainStatusFlags x509ChainStatusFlags; // Use the static VerifyCertificate method on XpsDigitalSignature // to verify the certificate x509ChainStatusFlags = XpsDigitalSignature.VerifyCertificate(certificate); //Strip out all known flags (minus Cyclic and NotSignatureValid). What is left are any unknown flags //and flags that convert to Corrupted. X509ChainStatusFlags x509RemainingFlags = (x509ChainStatusFlags ^ _x509NonCorruptedFlags) & ~(_x509NonCorruptedFlags); //x509ChainStatusFlags is a flag we want to convert to a CertificatePriorityStatus. //First we need to make sure there are no unknown flags. If there is an unknown //flag we assume that it is the worst possible error and leave CertificateStatus //set to Corrupted. Leaving out Cyclic and NotSignatureValid since they also convert //to Corrupted. if (x509RemainingFlags == X509ChainStatusFlags.NoError) { //The following flags convert to CannotBeVerified if ((x509ChainStatusFlags & _x509CannotBeVerifiedFlags) != X509ChainStatusFlags.NoError) { certificatePriorityStatus = CertificatePriorityStatus.CannotBeVerified; } //The following flags convert to IssuerNotTrusted else if ((x509ChainStatusFlags & _x509IssuerNotTrustedFlags) != X509ChainStatusFlags.NoError) { certificatePriorityStatus = CertificatePriorityStatus.IssuerNotTrusted; } //The following flags convert to Revoked else if ((x509ChainStatusFlags & _x509RevokedFlags) != X509ChainStatusFlags.NoError) { certificatePriorityStatus = CertificatePriorityStatus.Revoked; } //The following flags convert to Expired else if ((x509ChainStatusFlags & _x509ExpiredFlags) != X509ChainStatusFlags.NoError) { certificatePriorityStatus = CertificatePriorityStatus.Expired; } //The following flags are all considered Igorable else { certificatePriorityStatus = CertificatePriorityStatus.Ok; } } return(certificatePriorityStatus); }
/// <summary> /// Maps an XpsDigitalSignature to our DigitalSignature. /// </summary> /// <param name="xpsDigitalSignature">The signature to convert</param> /// <returns>A DigitalSignature that corresponds to the signature /// passed in as a parameter</returns> private static DigitalSignature ConvertXpsDigitalSignature(XpsDigitalSignature xpsDigitalSignature) { DigitalSignature digitalSignature = new DigitalSignature(); digitalSignature.XpsDigitalSignature = xpsDigitalSignature; X509Certificate2 x509Certificate2 = xpsDigitalSignature.SignerCertificate as X509Certificate2; digitalSignature.SignatureState = SignatureStatus.Unknown; // Copy simple fields if cert isn't null. If it is null then the // cert wasn't embedded into container so don't copy cert related // fields. if (x509Certificate2 != null) { digitalSignature.Certificate = x509Certificate2; digitalSignature.SignedOn = xpsDigitalSignature.SigningTime; // save the simple name from the certificate as the subject name // in the signature digitalSignature.SubjectName = x509Certificate2.GetNameInfo( X509NameType.SimpleName, false /* don't include issuer name */); } digitalSignature.IsDocumentPropertiesRestricted = xpsDigitalSignature.DocumentPropertiesRestricted; // If the signature origin part is signed, adding new signatures // will invalidate this signature digitalSignature.IsAddingSignaturesRestricted = xpsDigitalSignature.SignatureOriginRestricted; //These fields come from a Signature Definition. digitalSignature.Reason = string.Empty; digitalSignature.Location = string.Empty; return(digitalSignature); }
public void RemoveSignature(XpsDigitalSignature signature) { this.CheckDisposed(); if (signature == null) { throw new ArgumentNullException("signature"); } if (signature.PackageSignature == null) { throw new NullReferenceException("signature.PackageSignature"); } if (signature.PackageSignature.SignaturePart == null) { throw new NullReferenceException("signature.PackageSignature.SignaturePart"); } if (base.CurrentXpsManager == null) { throw new InvalidOperationException(SR.Get("ReachPackaging_DocumentWasClosed")); } new PackageDigitalSignatureManager(base.CurrentXpsManager.MetroPackage).RemoveSignature(signature.PackageSignature.SignaturePart.Uri); this._reachSignatures = null; this._reachSignatureList = null; this.EnsureSignatures(); }
private void EnsureSignatures() { if (this._reachSignatures == null) { this._reachSignatures = new Collection<XpsDigitalSignature>(); PackageDigitalSignatureManager manager = new PackageDigitalSignatureManager(base.CurrentXpsManager.MetroPackage); foreach (PackageDigitalSignature signature in manager.Signatures) { XpsDigitalSignature item = new XpsDigitalSignature(signature, this); if (item.SignedDocumentSequence != null) { this._reachSignatures.Add(item); } } } }
private XpsDigitalSignature AddSignature(PackageDigitalSignature packSignature) { XpsDigitalSignature item = new XpsDigitalSignature(packSignature, this); this._reachSignatures.Add(item); return item; }