TuBao-APP
/
TuBao-App-Android-WEN
Sledovat 4
Oblíbit 0
Rozštěpit 0
Zdrojový kód Úkoly 0 Požadavky na natažení 0 Vydání 0 Wiki Activity
Bez popisu
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Revize
1 Větev
Strom: 89cb0537b8
Větve Značky
${ item.name }
Create branch ${ searchTerm }
from '89cb0537b8'
${ noResults }
TuBao-App-Android-WEN/Library/PackageCache/com.unity.purchasing@4.11.0/Runtime/Security/PKCS7.cs

PKCS7.cs 8.2KB
Historie Surový

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240 
  1. using System;

  2. using System.Collections;

  3. using System.Collections.Generic;

  4. using LipingShare.LCLib.Asn1Processor;

  5. using System.Security.Cryptography;

  6. 

  7. namespace UnityEngine.Purchasing.Security

  8. {

  9.     internal class PKCS7

  10.     {

  11.         private Asn1Node root;

  12.         public Asn1Node data { get; private set; }

  13.         public List<SignerInfo> sinfos { get; private set; }

  14.         public List<X509Cert> certChain { get; private set; }

  15. 

  16.         private bool validStructure;

  17. 

  18.         public static PKCS7 Load(byte[] data)

  19.         {

  20.             using (var stm = new System.IO.MemoryStream(data))

  21.             {

  22.                 Asn1Parser parser = new Asn1Parser();

  23.                 parser.LoadData(stm);

  24.                 return new PKCS7(parser.RootNode);

  25.             }

  26.         }

  27. 

  28.         public PKCS7(Asn1Node node)

  29.         {

  30.             this.root = node;

  31.             CheckStructure();

  32.         }

  33. 

  34.         public bool Verify(X509Cert cert, DateTime certificateCreationTime)

  35.         {

  36.             if (validStructure)

  37.             {

  38.                 bool ok = true;

  39.                 foreach (var sinfo in sinfos)

  40.                 {

  41.                     X509Cert signCert = FindSignCert(sinfo);

  42. 

  43.                     if (signCert != null && signCert.PubKey != null)

  44.                     {

  45.                         ok = ok && signCert.CheckCertTime(certificateCreationTime);

  46. 

  47.                         if (IsStoreKitSimulatorData())

  48.                         {

  49.                             ok = ok && signCert.PubKey.VerifySha256(data.GetChildNode(0).Data, sinfo.EncryptedDigest);

  50.                             ok = ok && ValidateStoreKitSimulatorCertRoot(cert, signCert);

  51.                         }

  52.                         else

  53.                         {

  54.                             ok = ok && VerifyPublicKeyWithSha256OrSha1(signCert, sinfo);

  55.                             ok = ok && ValidateChain(cert, signCert, certificateCreationTime);

  56.                         }

  57.                     }

  58.                 }

  59. 

  60.                 return ok && sinfos.Count > 0;

  61.             }

  62. 

  63.             return false;

  64.         }

  65. 

  66.         X509Cert FindSignCert(SignerInfo sinfo)

  67.         {

  68.             foreach (var cert in certChain)

  69.             {

  70.                 if (cert.SerialNumber == sinfo.IssuerSerialNumber)

  71.                 {

  72.                     return cert;

  73.                 }

  74.             }

  75. 

  76.             return null;

  77.         }

  78. 

  79.         bool IsStoreKitSimulatorData()

  80.         {

  81.             return data.IsIndefiniteLength && data.ChildNodeCount == 1;

  82.         }

  83. 

  84.         bool VerifyPublicKeyWithSha256OrSha1(X509Cert signCert, SignerInfo sinfo)

  85.         {

  86.             if (signCert.PubKey.VerifySha256(data.Data, sinfo.EncryptedDigest))

  87.             {

  88.                 return true;

  89.             }

  90. 

  91.             return signCert.PubKey.VerifySha1(data.Data, sinfo.EncryptedDigest);

  92.         }

  93. 

  94.         static bool ValidateStoreKitSimulatorCertRoot(X509Cert root, X509Cert cert)

  95.         {

  96.             return cert.CheckSignatureSha256(root);

  97.         }

  98. 

  99.         private bool ValidateChain(X509Cert root, X509Cert cert, DateTime certificateCreationTime)

  100.         {

  101.             if (cert.Issuer.Equals(root.Subject))

  102.             {

  103.                 return cert.CheckSignature(root);

  104.             }

  105. 

  106.             /**

  107.              * TODO: improve this logic

  108.              */

  109.             foreach (var c in certChain)

  110.             {

  111.                 if (c != cert && c.Subject.Equals(cert.Issuer) && c.CheckCertTime(certificateCreationTime))

  112.                 {

  113.                     if (c.Issuer.Equals(root.Subject) && c.SerialNumber == root.SerialNumber)

  114.                     {

  115.                         return c.CheckSignature(root);

  116.                     }

  117.                     else

  118.                     {

  119.                         // cert was issued by c

  120.                         if (cert.CheckSignature(c))

  121.                         {

  122.                             return ValidateChain(root, c, certificateCreationTime);

  123.                         }

  124.                     }

  125.                 }

  126.             }

  127. 

  128.             return false;

  129.         }

  130. 

  131.         private void CheckStructure()

  132.         {

  133.             validStructure = false;

  134.             if ((root.Tag & Asn1Tag.TAG_MASK) == Asn1Tag.SEQUENCE &&

  135.                 root.ChildNodeCount == 2)

  136.             {

  137.                 Asn1Node tt = root.GetChildNode(0);

  138.                 if ((tt.Tag & Asn1Tag.TAG_MASK) != Asn1Tag.OBJECT_IDENTIFIER ||

  139.                     tt.GetDataStr(false) != "1.2.840.113549.1.7.2")

  140.                 {

  141.                     throw new InvalidPKCS7Data();

  142.                 }

  143. 

  144.                 tt = root.GetChildNode(1); // [0]

  145.                 if (tt.ChildNodeCount != 1)

  146.                     throw new InvalidPKCS7Data();

  147.                 int curChild = 0;

  148. 

  149.                 tt = tt.GetChildNode(curChild++); // Seq

  150.                 if (tt.ChildNodeCount < 4 || (tt.Tag & Asn1Tag.TAG_MASK) != Asn1Tag.SEQUENCE)

  151.                     throw new InvalidPKCS7Data();

  152. 

  153.                 Asn1Node tt2 = tt.GetChildNode(0); // version

  154.                 if ((tt2.Tag & Asn1Tag.TAG_MASK) != Asn1Tag.INTEGER)

  155.                     throw new InvalidPKCS7Data();

  156. 

  157.                 tt2 = tt.GetChildNode(curChild++); // digest algo

  158.                                                    // TODO: check algo

  159.                 if ((tt2.Tag & Asn1Tag.TAG_MASK) != Asn1Tag.SET)

  160.                     throw new InvalidPKCS7Data();

  161. 

  162.                 tt2 = tt.GetChildNode(curChild++); // pkcs7 data

  163.                 if ((tt2.Tag & Asn1Tag.TAG_MASK) != Asn1Tag.SEQUENCE && tt2.ChildNodeCount != 2)

  164.                     throw new InvalidPKCS7Data();

  165.                 data = tt2.GetChildNode(1).GetChildNode(0);

  166. 

  167.                 if (tt.ChildNodeCount == 5)

  168.                 {

  169.                     // cert chain, this is optional

  170.                     certChain = new List<X509Cert>();

  171.                     tt2 = tt.GetChildNode(curChild++);

  172.                     if (tt2.ChildNodeCount == 0)

  173.                         throw new InvalidPKCS7Data();

  174.                     for (int i = 0; i < tt2.ChildNodeCount; i++)

  175.                     {

  176.                         certChain.Add(new X509Cert(tt2.GetChildNode(i)));

  177.                     }

  178.                 }

  179. 

  180.                 tt2 = tt.GetChildNode(curChild++); // signer's info

  181.                 if ((tt2.Tag & Asn1Tag.TAG_MASK) != Asn1Tag.SET || tt2.ChildNodeCount == 0)

  182.                     throw new InvalidPKCS7Data();

  183. 

  184.                 sinfos = new List<SignerInfo>();

  185.                 for (int i = 0; i < tt2.ChildNodeCount; i++)

  186.                 {

  187.                     sinfos.Add(new SignerInfo(tt2.GetChildNode(i)));

  188.                 }

  189.                 validStructure = true;

  190.             }

  191.         }

  192.     }

  193. 

  194.     internal class SignerInfo

  195.     {

  196.         public int Version { get; private set; }

  197.         public string IssuerSerialNumber { get; private set; }

  198.         public byte[] EncryptedDigest { get; private set; }

  199. 

  200.         public SignerInfo(Asn1Node n)

  201.         {

  202.             if (n.ChildNodeCount != 5)

  203.                 throw new InvalidPKCS7Data();

  204.             Asn1Node tt;

  205. 

  206.             // version

  207.             tt = n.GetChildNode(0);

  208.             if ((tt.Tag & Asn1Tag.TAG_MASK) != Asn1Tag.INTEGER)

  209.                 throw new InvalidPKCS7Data();

  210.             Version = tt.Data[0];

  211.             if (Version != 1 || tt.Data.Length != 1)

  212.                 throw new UnsupportedSignerInfoVersion();

  213. 

  214.             // get the issuer SN

  215.             tt = n.GetChildNode(1);

  216.             if ((tt.Tag & Asn1Tag.TAG_MASK) != Asn1Tag.SEQUENCE || tt.ChildNodeCount != 2)

  217.                 throw new InvalidPKCS7Data();

  218.             tt = tt.GetChildNode(1);

  219.             if ((tt.Tag & Asn1Tag.TAG_MASK) != Asn1Tag.INTEGER)

  220.                 throw new InvalidPKCS7Data();

  221.             IssuerSerialNumber = Asn1Util.ToHexString(tt.Data);

  222. 

  223.             // get the data

  224.             tt = n.GetChildNode(4);

  225.             if ((tt.Tag & Asn1Tag.TAG_MASK) != Asn1Tag.OCTET_STRING)

  226.                 throw new InvalidPKCS7Data();

  227.             EncryptedDigest = tt.Data;

  228.         }

  229.     }

  230. 

  231.     /// <summary>

  232.     /// An IAP Security exception indicating some invalid data for PKCS7 checks.

  233.     /// </summary>

  234.     public class InvalidPKCS7Data : IAPSecurityException { }

  235. 

  236.     /// <summary>

  237.     /// An IAP Security exception indicating unsupported signer information.

  238.     /// </summary>

  239.     public class UnsupportedSignerInfoVersion : IAPSecurityException { }

  240. }