Microsoft Updater Application Block 1.4.1 validator Design

Design of Microsoft Updater Application Block validators



Translator: Tony Qu

The Updater Application Block provides an extensible validators architecture, which makes it possible to download files by using signatures or hash numbers. The validator architecture supports generating signatures on the server and verifying these signatures on the client.

Figure 1 shows the server-side verification architecture


Figure 1 shows the following aspects of the validator architecture:

1. The manifest tool initializes a user-specified type of validators. All validators must implement the ivalidator interface. You must also specify a key for the validators to pass to the validators.

2. The validators are server-side applications.ProgramEach file in the upgrade directory generates a signature, and the generated value is written to the manifest file.

3. Finally, the validator calculates a signature for each manifest file, which is written to the signature attribute of the root node in the manifest file.

Note: For more information about the manifest file design, refer to the manifest file design on the server.

After the manifest file and upgrade file are downloaded to the client, you must verify the signature to confirm that the downloaded file is not damaged.

Figure 2 shows the verification architecture of the client.


Figure 2 shows the following aspects of the verification architecture:

1. The applicationupdatermanager class uses the instance attribute of the updaterconfiguration class to read the <validator> section of the configuration file. This section contains the complete set and type names of the validators to be used. For more information about the application configuration file design, refer to the application upgrade configuration file design.

2. The validatorfactory class is used to initialize the specified validator, which implements the ivalidator interface. The validatorfactory class also transmits the configuration information of the <validator> node to the init method of the validators. This configuration section usually contains a key that can be used to verify the signature.

3. Finally, the applicationupdatermanager class initializes a downloadermanager class for each application to be upgraded and passes it to the validators. Downloader checks whether the download task is in the jobstatus. ready status from time to time, and verifies the signature of the downloaded file using the validators. After the file passes the verification, downloadermanager copies the file from the temporary directory to the appropriate application directory, and executes a post processor specified in the manifest file [post processor]. You can disable the verification of an application by modifying the usevalidation attribute of the <Application> element to false. In this case, downloadermanager only copies all downloaded files to their application directories and allows specific post processors.

Note: Be careful when using the usevalidation attribute. Setting the value to false will reduce security and may cause unverifiedCodeThe program is installed on the client.

the Updater application block contains two validators. One is keyvalidator, which uses symmetric encryption keys to generate and verify signatures. Rsavalidator is used for verification. You can use any of the validators, or you can develop your own validators by implementing the ivalidator interface.