private bool VerifySignatureDsa() { byte[] signatureBlockBytes = JarUtils.ReadBytes(ArchivePath, SignatureBlockFilePath); byte[] signatureFileBytes = JarUtils.ReadBytes(ArchivePath, SignatureFilePath); SHA1Managed sha = new SHA1Managed(); // lgtm [cs/weak-crypto] Hash algorithm specified by signature algorithm byte[] hash = sha.ComputeHash(signatureFileBytes); ContentInfo ci = new ContentInfo(signatureFileBytes); SignedCms cms = new SignedCms(ci, detached: true); cms.Decode(signatureBlockBytes); try { cms.CheckSignature(verifySignatureOnly: true); } catch (CryptographicException ce) { JarError.AddError(ce.Message); return(false); } // If there were no exceptions logged then signature verification should be good. return(true); }
/// <summary> /// Verify the signature file, e.g. x.SF using the corresponding signature block, e.g. x.RSA /// </summary> /// <returns>True if the verification is successful, false otherwise.</returns> private bool VerifySignatureRsa() { Timestamps.Clear(); byte[] signatureBlockBytes = JarUtils.ReadBytes(ArchivePath, SignatureBlockFilePath); byte[] signatureFileBytes = JarUtils.ReadBytes(ArchivePath, SignatureFilePath); SHA256Managed sha = new SHA256Managed(); byte[] hash = sha.ComputeHash(signatureFileBytes); ContentInfo ci = new ContentInfo(signatureFileBytes); SignedCms cms = new SignedCms(ci, detached: true); cms.Decode(signatureBlockBytes); try { cms.CheckSignature(verifySignatureOnly: true); // See if we can retrieve a timestamp foreach (SignerInfo signerInfo in cms.SignerInfos) { foreach (CryptographicAttributeObject unsignedAttribute in signerInfo.UnsignedAttributes) { if (String.Equals(unsignedAttribute.Oid.Value, WinCrypt.szOID_SIGNATURE_TIMESTAMP_ATTRIBUTE, StringComparison.OrdinalIgnoreCase)) { Pkcs9AttributeObject timestampAttribute = new Pkcs9AttributeObject(unsignedAttribute.Values[0]); SignedCms timestampCms = new SignedCms(); timestampCms.Decode(timestampAttribute.RawData); TstInfo timestampToken = TstInfo.Read(timestampCms.ContentInfo.Content); foreach (SignerInfo timestampSigner in timestampCms.SignerInfos) { foreach (CryptographicAttributeObject sa in timestampSigner.SignedAttributes) { if (String.Equals(sa.Oid.Value, WinCrypt.szOID_RSA_signingTime, StringComparison.OrdinalIgnoreCase)) { var signingTime = (Pkcs9SigningTime)sa.Values[0]; X509Certificate2 timestampSignerCert = timestampSigner.Certificate; Timestamps.Add(new Timestamp { SignedOn = signingTime.SigningTime.ToLocalTime(), EffectiveDate = Convert.ToDateTime(timestampSignerCert.GetEffectiveDateString()).ToLocalTime(), ExpiryDate = Convert.ToDateTime(timestampSignerCert.GetExpirationDateString()).ToLocalTime(), SignatureAlgorithm = timestampSignerCert.SignatureAlgorithm.FriendlyName }); } } } } } } } catch (CryptographicException ce) { JarError.AddError(ce.Message); return(false); } // If there were no exceptions logged then signature verification should be good. return(true); }