public async Task Execute()
{
if (!WindowsIdentityStuff.CurrentUserIsAdministrator())
{
_Logger.LogWarning("{ManifestBatchJobName} started WITHOUT elevated privileges - errors may occur when signing content.", nameof(ManifestBatchJob));
}
try
{
_ContentDb.BeginTransaction();
var e = await _BuilderAndFormatter.Execute();
if (e == null)
{
return;
}
_ContentDb.Add(e);
_ContentDb.SaveAndCommit();
}
finally
{
await _ContentDb.DisposeAsync();
}
}
public async Task <EksEngineResult> Execute()
{
if (_Fired)
{
throw new InvalidOperationException("One use only.");
}
_Fired = true;
var stopwatch = new Stopwatch();
stopwatch.Start();
_Logger.LogInformation("Started - JobName:{_JobName}", _JobName);
if (Environment.UserInteractive && !WindowsIdentityStuff.CurrentUserIsAdministrator())
{
_Logger.LogWarning("{JobName} started WITHOUT elevated privileges - errors may occur when signing content.", _JobName);
}
_EksEngineResult.Started = _DateTimeProvider.Snapshot; //Align with the logged job name.
await ClearJobTables();
var snapshotResult = await _Snapshotter.Execute(_EksEngineResult.Started);
_EksEngineResult.InputCount = snapshotResult.TekInputCount;
_EksEngineResult.SnapshotSeconds = snapshotResult.SnapshotSeconds;
_EksEngineResult.TransmissionRiskNoneCount = await GetTransmissionRiskNoneCount();
if (snapshotResult.TekInputCount != 0)
{
await Stuff();
await BuildOutput();
await CommitResults();
}
_EksEngineResult.TotalSeconds = stopwatch.Elapsed.TotalSeconds;
_EksEngineResult.EksInfo = _EksResults.ToArray();
_Logger.LogInformation("Reconciliation - Teks in EKSs matches usable input and stuffing - Delta:{ReconcileOutputCount}", _EksEngineResult.ReconcileOutputCount);
_Logger.LogInformation("Reconciliation - Teks in EKSs matches output count - Delta:{ReconcileEksSumCount}", _EksEngineResult.ReconcileEksSumCount);
_Logger.LogInformation("{JobName} complete.", _JobName);
return(_EksEngineResult);
}
public async Task <EksEngineResult> Execute()
{
if (_Fired)
{
throw new InvalidOperationException("One use only.");
}
_Fired = true;
_Logger.LogInformation("Started - JobName:{_JobName}", _JobName);
if (!WindowsIdentityStuff.CurrentUserIsAdministrator()) //TODO remove warning when UAC is not in play
{
_Logger.LogWarning("{JobName} started WITHOUT elevated privileges - errors may occur when signing content.", _JobName);
}
_EksEngineResult.Started = _DateTimeProvider.Snapshot; //Not strictly true but we need the jobname for the dispose.
await ClearJobTables();
var snapshotResult = await _Snapshotter.Execute(_EksEngineResult.Started);
_EksEngineResult.InputCount = snapshotResult.TekInputCount;
_EksEngineResult.SnapshotSeconds = snapshotResult.SnapshotSeconds;
_EksEngineResult.TransmissionRiskNoneCount = await GetTransmissionRiskNoneCount();
if (snapshotResult.TekInputCount != 0)
{
await Stuff();
await BuildOutput();
await CommitResults();
}
_EksEngineResult.TotalSeconds = (_DateTimeProvider.Now() - _EksEngineResult.Started).TotalSeconds;
_EksEngineResult.EksInfo = _EksResults.ToArray();
_Logger.LogInformation("Reconciliation - Teks in EKSs matches usable input and stuffing - Delta:{ReconcileOutputCount}", _EksEngineResult.ReconcileOutputCount);
_Logger.LogInformation("Reconciliation - Teks in EKSs matches output count - Delta:{ReconcileEksSumCount}", _EksEngineResult.ReconcileEksSumCount);
_Logger.LogInformation("{JobName} complete.", _JobName);
return(_EksEngineResult);
}
public byte[] GetSignature(byte[] content)
{
if (content == null)
{
throw new ArgumentNullException(nameof(content));
}
var certificate = _CertificateProvider.GetCertificate();
if (!certificate.HasPrivateKey)
{
throw new InvalidOperationException($"Certificate does not have a private key - Subject:{certificate.Subject} Thumbprint:{certificate.Thumbprint}.");
}
var certificateChain = _CertificateChainProvider.GetCertificates();
var contentInfo = new ContentInfo(content);
var signedCms = new SignedCms(contentInfo, true);
signedCms.Certificates.AddRange(certificateChain);
var signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, certificate);
var signingTime = new Pkcs9SigningTime(_DateTimeProvider.Now());
signer.SignedAttributes.Add(new CryptographicAttributeObject(signingTime.Oid, new AsnEncodedDataCollection(signingTime)));
try
{
signedCms.ComputeSignature(signer);
}
catch (Exception e)
{
//NB. Cannot catch the internal exception type (cross-platform design of .NET Core)
if (e.GetType().Name == "WindowsCryptographicException" && e.Message == "Keyset does not exist" && !WindowsIdentityStuff.CurrentUserIsAdministrator())
{
throw new InvalidOperationException("Failed to sign with certificate when current user does not have UAC elevated permissions.", e);
}
throw;
}
return(signedCms.Encode());
}
