internal void Sign(CmiManifestSigner signer, string timeStampUrl)
{
this.m_strongNameSignerInfo = (CmiStrongNameSignerInfo)null;
this.m_authenticodeSignerInfo = (CmiAuthenticodeSignerInfo)null;
if (signer == null || signer.StrongNameKey == null)
{
throw new ArgumentNullException("signer");
}
SignedCmiManifest.RemoveExistingSignature(this.m_manifestDom);
if ((signer.Flag & CmiManifestSignerFlag.DontReplacePublicKeyToken) == CmiManifestSignerFlag.None)
{
SignedCmiManifest.ReplacePublicKeyToken(this.m_manifestDom, signer.StrongNameKey);
}
XmlDocument licenseDom = (XmlDocument)null;
if (signer.Certificate != null)
{
SignedCmiManifest.InsertPublisherIdentity(this.m_manifestDom, signer.Certificate);
licenseDom = SignedCmiManifest.CreateLicenseDom(signer, this.ExtractPrincipalFromManifest(), SignedCmiManifest.ComputeHashFromManifest(this.m_manifestDom));
SignedCmiManifest.AuthenticodeSignLicenseDom(licenseDom, signer, timeStampUrl);
}
SignedCmiManifest.StrongNameSignManifestDom(this.m_manifestDom, licenseDom, signer);
}
internal void Sign(CmiManifestSigner2 signer, string timeStampUrl)
{
// Reset signer infos.
_strongNameSignerInfo = null;
_authenticodeSignerInfo = null;
// Signer cannot be null.
if (signer == null || signer.StrongNameKey == null)
{
throw new ArgumentNullException("signer");
}
// Remove existing SN signature.
RemoveExistingSignature(_manifestDom);
// Replace public key token in assemblyIdentity if requested.
if ((signer.Flag & CmiManifestSignerFlag.DontReplacePublicKeyToken) == 0)
{
ReplacePublicKeyToken(_manifestDom, signer.StrongNameKey, _useSha256);
}
// No cert means don't Authenticode sign and timestamp.
XmlDocument licenseDom = null;
if (signer.Certificate != null)
{
// Yes. We will Authenticode sign, so first insert <publisherIdentity />
// element, if necessary.
InsertPublisherIdentity(_manifestDom, signer.Certificate);
// Now create the license DOM, and then sign it.
licenseDom = CreateLicenseDom(signer, ExtractPrincipalFromManifest(), ComputeHashFromManifest(_manifestDom, _useSha256));
AuthenticodeSignLicenseDom(licenseDom, signer, timeStampUrl, _useSha256);
}
StrongNameSignManifestDom(_manifestDom, licenseDom, signer, _useSha256);
}
// throw cryptographic exception for any verification errors.
internal void Verify(CmiManifestVerifyFlags verifyFlags)
{
// Reset signer infos.
_strongNameSignerInfo = null;
_authenticodeSignerInfo = null;
XmlNamespaceManager nsm = new XmlNamespaceManager(_manifestDom.NameTable);
nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
XmlElement signatureNode = _manifestDom.SelectSingleNode("//ds:Signature", nsm) as XmlElement;
if (signatureNode == null)
{
throw new CryptographicException(Win32.TRUST_E_NOSIGNATURE);
}
// Make sure it is indeed SN signature, and it is an enveloped signature.
string snIdName = "Id";
if (!signatureNode.HasAttribute(snIdName))
{
snIdName = "id";
if (!signatureNode.HasAttribute(snIdName))
{
snIdName = "ID";
if (!signatureNode.HasAttribute(snIdName))
{
throw new CryptographicException(Win32.TRUST_E_SUBJECT_FORM_UNKNOWN);
}
}
}
string snIdValue = signatureNode.GetAttribute(snIdName);
if (snIdValue == null ||
String.Compare(snIdValue, "StrongNameSignature", StringComparison.Ordinal) != 0)
{
throw new CryptographicException(Win32.TRUST_E_SUBJECT_FORM_UNKNOWN);
}
// Make sure it is indeed an enveloped signature.
bool oldFormat = false;
bool validFormat = false;
XmlNodeList referenceNodes = signatureNode.SelectNodes("ds:SignedInfo/ds:Reference", nsm);
foreach (XmlNode referenceNode in referenceNodes)
{
XmlElement reference = referenceNode as XmlElement;
if (reference != null && reference.HasAttribute("URI"))
{
string uriValue = reference.GetAttribute("URI");
if (uriValue != null)
{
// We expect URI="" (empty URI value which means to hash the entire document).
if (uriValue.Length == 0)
{
XmlNode transformsNode = reference.SelectSingleNode("ds:Transforms", nsm);
if (transformsNode == null)
{
throw new CryptographicException(Win32.TRUST_E_SUBJECT_FORM_UNKNOWN);
}
// Make sure the transforms are what we expected.
XmlNodeList transforms = transformsNode.SelectNodes("ds:Transform", nsm);
if (transforms.Count < 2)
{
// We expect at least:
// <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
// <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
throw new CryptographicException(Win32.TRUST_E_SUBJECT_FORM_UNKNOWN);
}
bool c14 = false;
bool enveloped = false;
for (int i = 0; i < transforms.Count; i++)
{
XmlElement transform = transforms[i] as XmlElement;
string algorithm = transform.GetAttribute("Algorithm");
if (algorithm == null)
{
break;
}
else if (String.Compare(algorithm, SignedXml.XmlDsigExcC14NTransformUrl, StringComparison.Ordinal) != 0)
{
c14 = true;
if (enveloped)
{
validFormat = true;
break;
}
}
else if (String.Compare(algorithm, SignedXml.XmlDsigEnvelopedSignatureTransformUrl, StringComparison.Ordinal) != 0)
{
enveloped = true;
if (c14)
{
validFormat = true;
break;
}
}
}
}
else if (String.Compare(uriValue, "#StrongNameKeyInfo", StringComparison.Ordinal) == 0)
{
oldFormat = true;
XmlNode transformsNode = referenceNode.SelectSingleNode("ds:Transforms", nsm);
if (transformsNode == null)
{
throw new CryptographicException(Win32.TRUST_E_SUBJECT_FORM_UNKNOWN);
}
// Make sure the transforms are what we expected.
XmlNodeList transforms = transformsNode.SelectNodes("ds:Transform", nsm);
if (transforms.Count < 1)
{
// We expect at least:
// <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
throw new CryptographicException(Win32.TRUST_E_SUBJECT_FORM_UNKNOWN);
}
for (int i = 0; i < transforms.Count; i++)
{
XmlElement transform = transforms[i] as XmlElement;
string algorithm = transform.GetAttribute("Algorithm");
if (algorithm == null)
{
break;
}
else if (String.Compare(algorithm, SignedXml.XmlDsigExcC14NTransformUrl, StringComparison.Ordinal) != 0)
{
validFormat = true;
break;
}
}
}
}
}
}
if (!validFormat)
{
throw new CryptographicException(Win32.TRUST_E_SUBJECT_FORM_UNKNOWN);
}
// It is the DSig we want, now make sure the public key matches the token.
string publicKeyToken = VerifyPublicKeyToken();
// OK. We found the SN signature with matching public key token, so
// instantiate the SN signer info property.
_strongNameSignerInfo = new CmiStrongNameSignerInfo(Win32.TRUST_E_FAIL, publicKeyToken);
// Now verify the SN signature, and Authenticode license if available.
ManifestSignedXml signedXml = new ManifestSignedXml(_manifestDom, true);
signedXml.LoadXml(signatureNode);
AsymmetricAlgorithm key = null;
bool dsigValid = signedXml.CheckSignatureReturningKey(out key);
_strongNameSignerInfo.PublicKey = key;
if (!dsigValid)
{
_strongNameSignerInfo.ErrorCode = Win32.TRUST_E_BAD_DIGEST;
throw new CryptographicException(Win32.TRUST_E_BAD_DIGEST);
}
// Verify license as well if requested.
if ((verifyFlags & CmiManifestVerifyFlags.StrongNameOnly) != CmiManifestVerifyFlags.StrongNameOnly)
{
VerifyLicense(verifyFlags, oldFormat);
}
}
internal void Sign(CmiManifestSigner signer, string timeStampUrl)
{
// Reset signer infos.
_strongNameSignerInfo = null;
_authenticodeSignerInfo = null;
// Signer cannot be null.
if (signer == null || signer.StrongNameKey == null)
{
throw new ArgumentNullException("signer");
}
// Remove existing SN signature.
RemoveExistingSignature(_manifestDom);
// Replace public key token in assemblyIdentity if requested.
if ((signer.Flag & CmiManifestSignerFlag.DontReplacePublicKeyToken) == 0)
{
ReplacePublicKeyToken(_manifestDom, signer.StrongNameKey);
}
// No cert means don't Authenticode sign and timestamp.
XmlDocument licenseDom = null;
if (signer.Certificate != null)
{
// Yes. We will Authenticode sign, so first insert <publisherIdentity />
// element, if necessary.
InsertPublisherIdentity(_manifestDom, signer.Certificate);
// Now create the license DOM, and then sign it.
licenseDom = CreateLicenseDom(signer, ExtractPrincipalFromManifest(), ComputeHashFromManifest(_manifestDom));
AuthenticodeSignLicenseDom(licenseDom, signer, timeStampUrl);
}
StrongNameSignManifestDom(_manifestDom, licenseDom, signer);
}
internal void Verify(CmiManifestVerifyFlags verifyFlags)
{
this.m_strongNameSignerInfo = (CmiStrongNameSignerInfo)null;
this.m_authenticodeSignerInfo = (CmiAuthenticodeSignerInfo)null;
XmlNamespaceManager nsmgr = new XmlNamespaceManager(this.m_manifestDom.NameTable);
nsmgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
XmlElement xmlElement1 = this.m_manifestDom.SelectSingleNode("//ds:Signature", nsmgr) as XmlElement;
if (xmlElement1 == null)
{
throw new CryptographicException(-2146762496);
}
string name = "Id";
if (!xmlElement1.HasAttribute(name))
{
name = "id";
if (!xmlElement1.HasAttribute(name))
{
name = "ID";
if (!xmlElement1.HasAttribute(name))
{
throw new CryptographicException(-2146762749);
}
}
}
string attribute1 = xmlElement1.GetAttribute(name);
if (attribute1 == null || string.Compare(attribute1, "StrongNameSignature", StringComparison.Ordinal) != 0)
{
throw new CryptographicException(-2146762749);
}
bool oldFormat = false;
bool flag1 = false;
foreach (XmlNode selectNode in xmlElement1.SelectNodes("ds:SignedInfo/ds:Reference", nsmgr))
{
XmlElement xmlElement2 = selectNode as XmlElement;
if (xmlElement2 != null && xmlElement2.HasAttribute("URI"))
{
string attribute2 = xmlElement2.GetAttribute("URI");
if (attribute2 != null)
{
if (attribute2.Length == 0)
{
XmlNode xmlNode = xmlElement2.SelectSingleNode("ds:Transforms", nsmgr);
if (xmlNode == null)
{
throw new CryptographicException(-2146762749);
}
XmlNodeList xmlNodeList = xmlNode.SelectNodes("ds:Transform", nsmgr);
if (xmlNodeList.Count < 2)
{
throw new CryptographicException(-2146762749);
}
bool flag2 = false;
bool flag3 = false;
for (int index = 0; index < xmlNodeList.Count; ++index)
{
string attribute3 = (xmlNodeList[index] as XmlElement).GetAttribute("Algorithm");
if (attribute3 != null)
{
if (string.Compare(attribute3, "http://www.w3.org/2001/10/xml-exc-c14n#", StringComparison.Ordinal) != 0)
{
flag2 = true;
if (flag3)
{
flag1 = true;
break;
}
}
else if (string.Compare(attribute3, "http://www.w3.org/2000/09/xmldsig#enveloped-signature", StringComparison.Ordinal) != 0)
{
flag3 = true;
if (flag2)
{
flag1 = true;
break;
}
}
}
else
{
break;
}
}
}
else if (string.Compare(attribute2, "#StrongNameKeyInfo", StringComparison.Ordinal) == 0)
{
oldFormat = true;
XmlNode xmlNode = selectNode.SelectSingleNode("ds:Transforms", nsmgr);
if (xmlNode == null)
{
throw new CryptographicException(-2146762749);
}
XmlNodeList xmlNodeList = xmlNode.SelectNodes("ds:Transform", nsmgr);
if (xmlNodeList.Count < 1)
{
throw new CryptographicException(-2146762749);
}
for (int index = 0; index < xmlNodeList.Count; ++index)
{
string attribute3 = (xmlNodeList[index] as XmlElement).GetAttribute("Algorithm");
if (attribute3 != null)
{
if (string.Compare(attribute3, "http://www.w3.org/2001/10/xml-exc-c14n#", StringComparison.Ordinal) != 0)
{
flag1 = true;
break;
}
}
else
{
break;
}
}
}
}
}
}
if (!flag1)
{
throw new CryptographicException(-2146762749);
}
this.m_strongNameSignerInfo = new CmiStrongNameSignerInfo(-2146762485, this.VerifyPublicKeyToken());
ManifestSignedXml manifestSignedXml = new ManifestSignedXml(this.m_manifestDom, true);
manifestSignedXml.LoadXml(xmlElement1);
AsymmetricAlgorithm signingKey = (AsymmetricAlgorithm)null;
bool flag4 = manifestSignedXml.CheckSignatureReturningKey(out signingKey);
this.m_strongNameSignerInfo.PublicKey = signingKey;
if (!flag4)
{
this.m_strongNameSignerInfo.ErrorCode = -2146869232;
throw new CryptographicException(-2146869232);
}
if ((verifyFlags & CmiManifestVerifyFlags.StrongNameOnly) == CmiManifestVerifyFlags.StrongNameOnly)
{
return;
}
this.VerifyLicense(verifyFlags, oldFormat);
}
// throw cryptographic exception for any verification errors.
internal void Verify(CmiManifestVerifyFlags verifyFlags)
{
// Reset signer infos.
_strongNameSignerInfo = null;
_authenticodeSignerInfo = null;
XmlNamespaceManager nsm = new XmlNamespaceManager(_manifestDom.NameTable);
nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
XmlElement signatureNode = _manifestDom.SelectSingleNode("//ds:Signature", nsm) as XmlElement;
if (signatureNode == null)
{
throw new CryptographicException(Win32.TRUST_E_NOSIGNATURE);
}
// Make sure it is indeed SN signature, and it is an enveloped signature.
bool oldFormat = VerifySignatureForm(signatureNode, "StrongNameSignature", nsm);
// It is the DSig we want, now make sure the public key matches the token.
string publicKeyToken = VerifyPublicKeyToken();
// OK. We found the SN signature with matching public key token, so
// instantiate the SN signer info property.
_strongNameSignerInfo = new CmiStrongNameSignerInfo(Win32.TRUST_E_FAIL, publicKeyToken);
// Now verify the SN signature, and Authenticode license if available.
ManifestSignedXml2 signedXml = new ManifestSignedXml2(_manifestDom, true);
signedXml.LoadXml(signatureNode);
if (_useSha256)
{
signedXml.SignedInfo.SignatureMethod = Sha256SignatureMethodUri;
}
AsymmetricAlgorithm key = null;
bool dsigValid = signedXml.CheckSignatureReturningKey(out key);
_strongNameSignerInfo.PublicKey = key;
if (!dsigValid)
{
_strongNameSignerInfo.ErrorCode = Win32.TRUST_E_BAD_DIGEST;
throw new CryptographicException(Win32.TRUST_E_BAD_DIGEST);
}
// Verify license as well if requested.
if ((verifyFlags & CmiManifestVerifyFlags.StrongNameOnly) != CmiManifestVerifyFlags.StrongNameOnly)
{
if (_useSha256)
{
VerifyLicenseNew(verifyFlags, oldFormat);
}
else
{
VerifyLicense(verifyFlags, oldFormat);
}
}
}
