diff --git a/Obsidian.API/_Interfaces/IServerConfiguration.cs b/Obsidian.API/_Interfaces/IServerConfiguration.cs
index 2b279cbe..af5bc68e 100644
--- a/Obsidian.API/_Interfaces/IServerConfiguration.cs
+++ b/Obsidian.API/_Interfaces/IServerConfiguration.cs
@@ -14,7 +14,7 @@ public interface IServerConfiguration
///
/// Determines where or not the server should load plugins that don't have a valid signature.
///
- public bool AllowUntrustedPlugins { get; set; }
+ public bool AllowUntrustedPlugins { get; set; } = true;
///
/// Allows the server to advertise itself as a LAN server to devices on your network.
diff --git a/Obsidian/Plugins/PluginManager.cs b/Obsidian/Plugins/PluginManager.cs
index 5d49f1b4..3478fbfb 100644
--- a/Obsidian/Plugins/PluginManager.cs
+++ b/Obsidian/Plugins/PluginManager.cs
@@ -115,7 +115,6 @@ public async Task LoadPluginsAsync()
waitingForDepend.Remove(canLoad);
}
-
if (pluginContainer.Plugin is null)
waitingForDepend.Add(pluginContainer);
}
diff --git a/Obsidian/Plugins/PluginProviders/PackedPluginProvider.cs b/Obsidian/Plugins/PluginProviders/PackedPluginProvider.cs
index daf2e97a..9b0942d8 100644
--- a/Obsidian/Plugins/PluginProviders/PackedPluginProvider.cs
+++ b/Obsidian/Plugins/PluginProviders/PackedPluginProvider.cs
@@ -26,13 +26,16 @@ public sealed class PackedPluginProvider(PluginManager pluginManager, ILogger lo
var apiVersion = reader.ReadString();
var hash = reader.ReadBytes(SHA384.HashSizeInBytes);
- var signature = reader.ReadBytes(SHA384.HashSizeInBits);
+ var isSigned = reader.ReadBoolean();
+
+ byte[]? signature = isSigned ? reader.ReadBytes(SHA384.HashSizeInBits) : null;
+
var dataLength = reader.ReadInt32();
var curPos = fs.Position;
//Don't load untrusted plugins
- var isSigValid = await this.TryValidatePluginAsync(fs, hash, signature, path);
+ var isSigValid = await this.TryValidatePluginAsync(fs, hash, path, isSigned, signature);
if (!isSigValid)
return null;
@@ -113,7 +116,7 @@ internal PluginContainer HandlePlugin(PluginContainer pluginContainer, Assembly
/// Verifies the file hash and tries to validate the signature
///
///
- private async Task TryValidatePluginAsync(FileStream fs, byte[] hash, byte[] signature, string path)
+ private async Task TryValidatePluginAsync(FileStream fs, byte[] hash, string path, bool isSigned, byte[]? signature = null)
{
using (var sha384 = SHA384.Create())
{
@@ -126,19 +129,22 @@ private async Task TryValidatePluginAsync(FileStream fs, byte[] hash, byte
}
}
- var deformatter = new RSAPKCS1SignatureDeformatter();
- deformatter.SetHashAlgorithm("SHA384");
-
var isSigValid = true;
if (!this.pluginManager.server.Configuration.AllowUntrustedPlugins)
{
+ if (!isSigned)
+ return false;
+
+ var deformatter = new RSAPKCS1SignatureDeformatter();
+ deformatter.SetHashAlgorithm("SHA384");
+
using var rsa = RSA.Create();
foreach (var rsaParameter in this.pluginManager.AcceptedKeys)
{
rsa.ImportParameters(rsaParameter);
deformatter.SetKey(rsa);
- isSigValid = deformatter.VerifySignature(hash, signature);
+ isSigValid = deformatter.VerifySignature(hash, signature!);
if (isSigValid)
break;
diff --git a/SamplePlugin/SamplePlugin.csproj b/SamplePlugin/SamplePlugin.csproj
index 74c2718a..1e40e82c 100644
--- a/SamplePlugin/SamplePlugin.csproj
+++ b/SamplePlugin/SamplePlugin.csproj
@@ -21,7 +21,7 @@
runtime
-
+