Merge pull request #33 from embray/check-signature

tomasmcguinness · web-flow · commit 6c4590a1e441 · 2026-04-14T16:27:06.000+01:00
fix: actually note whether the pkcs7 signature is valid for the data
diff --git a/PassValidator.Console/ConsoleValidator.cs b/PassValidator.Console/ConsoleValidator.cs
@@ -53,6 +53,7 @@ private static bool IsPassSignatureValid(Validator.ValidationResult validationRe
     {
         return !validationResult.HasSignatureExpired &&
                 validationResult.HasSignature &&
+                validationResult.SignatureValid &&
                 validationResult.SignedByApple;
     }
 
diff --git a/PassValidator.Console/VerbosePrinter.cs b/PassValidator.Console/VerbosePrinter.cs
@@ -24,6 +24,7 @@ public static void PrintValidationResults(bool isVerbose, ValidationResult valid
         System.Console.WriteLine($"\tPass Type Identifier Matches: {validationResult.PassTypeIdentifierMatches}");
         System.Console.WriteLine($"\tSigned By Apple: {validationResult.SignedByApple}");
         System.Console.WriteLine($"\tSignature Expiration Date: {validationResult.SignatureExpirationDate}");
+        System.Console.WriteLine($"\tSignature Valid: {validationResult.SignatureValid}");
         System.Console.WriteLine($"\tHas Icon 3x: {validationResult.HasIcon3x}");
         System.Console.WriteLine($"\tHas Icon 2x: {validationResult.HasIcon2x}");
         System.Console.WriteLine($"\tHas Icon 1x: {validationResult.HasIcon1x}");
diff --git a/PassValidator.Validator/ValidationResult.cs b/PassValidator.Validator/ValidationResult.cs
@@ -18,6 +18,8 @@ public class ValidationResult
 
     public string SignatureExpirationDate { get; set; }
 
+    public bool SignatureValid { get; set; }
+
     public bool HasIcon3x { get; set; }
 
     public bool HasIcon2x { get; set; }
diff --git a/PassValidator.Validator/Validator.cs b/PassValidator.Validator/Validator.cs
@@ -150,10 +150,11 @@ public ValidationResult Validate(byte[] passContent)
         try
         {
             signedCms.CheckSignature(true);
+            result.SignatureValid = true;
         }
         catch
         {
-            // ignored
+            result.SignatureValid = false;
         }
 
         var signer = signedCms.SignerInfos[0];

Original file line number	Diff line number	Diff line change
`@@ -53,6 +53,7 @@ private static bool IsPassSignatureValid(Validator.ValidationResult validationRe`
`53`	`53`	`{`
`54`	`54`	`return !validationResult.HasSignatureExpired &&`
`55`	`55`	`validationResult.HasSignature &&`
	`56`	`+ validationResult.SignatureValid &&`
`56`	`57`	`validationResult.SignedByApple;`
`57`	`58`	`}`
`58`	`59`
Original file line number	Diff line number	Diff line change
`@@ -150,10 +150,11 @@ public ValidationResult Validate(byte[] passContent)`
`150`	`150`	`try`
`151`	`151`	`{`
`152`	`152`	`signedCms.CheckSignature(true);`
	`153`	`+ result.SignatureValid = true;`
`153`	`154`	`}`
`154`	`155`	`catch`
`155`	`156`	`{`
`156`		`- // ignored`
	`157`	`+ result.SignatureValid = false;`
`157`	`158`	`}`
`158`	`159`
`159`	`160`	`var signer = signedCms.SignerInfos[0];`