I have a signed APK, so I run my script that takes the cert.SF and cert.RSA files inside the APK; in this case I check the keys, etc. My problem is on how to get the root certificate from RSA and do a validation with my root, to see if the string has the same signatures. I'll post my code for you guys to take a look at.
X509Certificate2 rootCertificate = new X509Certificate2(certificadoCRT.FullName);
X509Certificate2Collection rootCertificateCollection = new X509Certificate2Collection();
rootCertificateCollection.Add(rootCertificate);
// Create a ContentInfo object from the inner content obtained
// independently from encodedMessage.
ContentInfo contentInfo = new ContentInfo(bytesSF2);
// Create a new, detached SignedCms message.
SignedCms signedCms = new SignedCms(contentInfo, true);
signedCms.Decode(bytes2);
// Verify the signature without validating the certificate.
signedCms.CheckSignature(rootCertificateCollection, true);
X509Certificate2Collection certCollection = signedCms.Certificates;
var chain = new X509Chain();
foreach (var cert in certCollection)
{
chain.ChainPolicy.ExtraStore.Add(cert);
}
// You can alter how the chain is built/validated.
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.IgnoreWrongUsage;
// Do the preliminary validation.
var primaryCert = rootCertificate;
if (!chain.Build(primaryCert))
Debug.Write("não validado");
}
Always fall into "Not validated", what can I do?