Add boolean check for signature

Obsidian.API/_Interfaces/IServerConfiguration.cs

@@ -14,7 +14,7 @@ public interface IServerConfiguration
     /// <summary>
     /// Determines where or not the server should load plugins that don't have a valid signature.
     /// </summary>
-    public bool AllowUntrustedPlugins { get; set; }
+    public bool AllowUntrustedPlugins { get; set; } = true;
 
     /// <summary>
     /// Allows the server to advertise itself as a LAN server to devices on your network.

Obsidian/Plugins/PluginManager.cs

@@ -115,7 +115,6 @@ public async Task LoadPluginsAsync()
                 waitingForDepend.Remove(canLoad);
             }
 
-
             if (pluginContainer.Plugin is null)
                 waitingForDepend.Add(pluginContainer);
         }

Obsidian/Plugins/PluginProviders/PackedPluginProvider.cs

@@ -26,13 +26,16 @@ public sealed class PackedPluginProvider(PluginManager pluginManager, ILogger lo
         var apiVersion = reader.ReadString();
 
         var hash = reader.ReadBytes(SHA384.HashSizeInBytes);
-        var signature = reader.ReadBytes(SHA384.HashSizeInBits);
+        var isSigned = reader.ReadBoolean();
+
+        byte[]? signature = isSigned ? reader.ReadBytes(SHA384.HashSizeInBits) : null;
+
         var dataLength = reader.ReadInt32();
 
         var curPos = fs.Position;
 
         //Don't load untrusted plugins
-        var isSigValid = await this.TryValidatePluginAsync(fs, hash, signature, path);
+        var isSigValid = await this.TryValidatePluginAsync(fs, hash, path, isSigned, signature);
         if (!isSigValid)
             return null;
 
@@ -113,7 +116,7 @@ internal PluginContainer HandlePlugin(PluginContainer pluginContainer, Assembly
     /// Verifies the file hash and tries to validate the signature
     /// </summary>
     /// <returns></returns>
-    private async Task<bool> TryValidatePluginAsync(FileStream fs, byte[] hash, byte[] signature, string path)
+    private async Task<bool> TryValidatePluginAsync(FileStream fs, byte[] hash, string path, bool isSigned, byte[]? signature = null)
     {
         using (var sha384 = SHA384.Create())
         {
@@ -126,19 +129,22 @@ private async Task<bool> TryValidatePluginAsync(FileStream fs, byte[] hash, byte
             }
         }
 
-        var deformatter = new RSAPKCS1SignatureDeformatter();
-        deformatter.SetHashAlgorithm("SHA384");
-
         var isSigValid = true;
         if (!this.pluginManager.server.Configuration.AllowUntrustedPlugins)
         {
+            if (!isSigned)
+                return false;
+
+            var deformatter = new RSAPKCS1SignatureDeformatter();
+            deformatter.SetHashAlgorithm("SHA384");
+
             using var rsa = RSA.Create();
             foreach (var rsaParameter in this.pluginManager.AcceptedKeys)
             {
                 rsa.ImportParameters(rsaParameter);
                 deformatter.SetKey(rsa);
 
-                isSigValid = deformatter.VerifySignature(hash, signature);
+                isSigValid = deformatter.VerifySignature(hash, signature!);
 
                 if (isSigValid)
                     break;

SamplePlugin/SamplePlugin.csproj

@@ -21,7 +21,7 @@
 		<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.0">
 			<ExcludeAssets>runtime</ExcludeAssets>
 		</PackageReference>
-		<PackageReference Include="Obsidian.MSBuild" Version="1.0.0-nightly-14" />
+		<PackageReference Include="Obsidian.MSBuild" Version="1.0.3-nightly.g4737df362d" />
 	</ItemGroup>
 
 	<ItemGroup>