public async Task VerifyAsync()

in net/JetBrains.SignatureVerifier/src/Crypt/MachOSignatureVerifier.cs [70:136]

• 53 lines of code
• 13 McCabe index (conditional complexity)

  public async Task<VerifySignatureResult> VerifyAsync(
    MachOFile.Section section,
    Stream stream,
    SignatureVerificationParams signatureVerificationParams,
    FileIntegrityVerificationParams fileIntegrityVerificationParams)
  {
    if (!section.HashVerificationUnits.Any() || !section.CDHashes.Any())
      throw new ArgumentException($"Mach-o file was parsed without {nameof(MachOFile.Mode.ComputeHashInfo)} flag", nameof(section));

    if (section.SignatureType == MachOFile.SignatureType.AdHoc && !signatureVerificationParams.AllowAdhocSignatures)
    {
      _logger?.Warning($"Mach-O file has adhoc signature which is not allowed. Set {nameof(SignatureVerificationParams.AllowAdhocSignatures)} to true is you want to check adhoc signatures.");
      return new VerifySignatureResult(VerifySignatureStatus.InvalidSignature);
    }

    SignedMessage signedMessage = null;

    bool skipSignedMessageVerification = section.SignatureType == MachOFile.SignatureType.AdHoc & signatureVerificationParams.AllowAdhocSignatures;

    if (!skipSignedMessageVerification)
    {
      signedMessage = SignedMessage.CreateInstance(section.SignatureData);
      var signatureVerificationResult = await _signedMessageVerifier.VerifySignatureAsync(signedMessage, signatureVerificationParams);

      if (!signatureVerificationResult.IsValid)
      {
        _logger?.Warning("Mach-O file signature verification failed: certificates or attributes validation failed");
        return signatureVerificationResult;
      }
    }

    if (!section.HashVerificationUnits.Any())
    {
      _logger?.Warning("Mach-O file signature verification failed: no hash verification units was found in the file");
      return new VerifySignatureResult(VerifySignatureStatus.InvalidFileHash);
    }

    // Verify hash slots (regular and special) in all Code Directories
    var codeDirectoryValidationResult = VerifyHashVerificationUnits(stream, section.HashVerificationUnits);

    if (!codeDirectoryValidationResult.IsValid)
    {
      _logger?.Warning("Mach-O file signature verification failed: at least one hash verification unit is invalid");
      return codeDirectoryValidationResult;
    }

    if (!section.CDHashes.Any())
    {
      _logger?.Warning("Mach-O file signature verification failed: no code directory hashes (CDHash) was found in the file");
      return new VerifySignatureResult(VerifySignatureStatus.InvalidFileHash);
    }

    if (section.CDHashes.Count() > 1 && !skipSignedMessageVerification)
    {
      var cdHashesVerificationResult = VerifyCDHashes(stream, section.CDHashes, signedMessage);

      if (!cdHashesVerificationResult.IsValid)
      {
        _logger?.Warning("Mach-O file signature verification failed: at leash one CDHash verification failed");
        return cdHashesVerificationResult;
      }
    }

    _logger?.Info("Mach-O file signature verification successfully passed");

    return VerifySignatureResult.Valid;
  }