private static PrimarySignature CreatePrimarySignature(CmsSigner cmsSigner, SignPackageRequest request, byte[] signingData)
{
var contentInfo = new ContentInfo(signingData);
var cms = new SignedCms(contentInfo);
try
{
#if IS_DESKTOP
cms.ComputeSignature(cmsSigner);
#else
// In .NET Framework, this parameter is not used and a PIN prompt is always shown. In .NET Core, the silent flag needs to be set to false to show a PIN prompt.
cms.ComputeSignature(cmsSigner, silent: false);
#endif
}
catch (CryptographicException ex) when(ex.HResult == INVALID_PROVIDER_TYPE_HRESULT)
{
var exceptionBuilder = new StringBuilder();
exceptionBuilder.AppendLine(Strings.SignFailureCertificateInvalidProviderType);
exceptionBuilder.AppendLine(CertificateUtility.X509Certificate2ToString(request.Certificate, Common.HashAlgorithmName.SHA256));
throw new SignatureException(NuGetLogCode.NU3001, exceptionBuilder.ToString());
}
return(PrimarySignature.Load(cms));
}
private static async Task <bool> RemoveRepositoryCountersignaturesAsync(
Stream input,
Stream output,
SignedCms signedCms,
CancellationToken cancellationToken)
{
if (TryRemoveRepositoryCountersignatures(signedCms, out var updatedSignedCms))
{
var primarySignature = PrimarySignature.Load(updatedSignedCms.Encode());
using (var unsignedPackage = new MemoryStream())
{
using (var package = new SignedPackageArchive(input, unsignedPackage))
{
await package.RemoveSignatureAsync(cancellationToken);
}
using (var package = new SignedPackageArchive(unsignedPackage, output))
using (var signatureStream = new MemoryStream(primarySignature.GetBytes()))
{
await package.AddSignatureAsync(signatureStream, cancellationToken);
}
}
return(true);
}
return(false);
}
private PrimarySignature CreatePrimarySignature(SignPackageRequest request, SignatureContent signatureContent, ILogger logger)
{
var cmsSigner = SigningUtility.CreateCmsSigner(request, logger);
if (request.PrivateKey != null)
{
return(CreatePrimarySignature(cmsSigner, signatureContent, request.PrivateKey));
}
var contentInfo = new ContentInfo(signatureContent.GetBytes());
var cms = new SignedCms(contentInfo);
try
{
cms.ComputeSignature(cmsSigner);
}
catch (CryptographicException ex) when(ex.HResult == INVALID_PROVIDER_TYPE_HRESULT)
{
var exceptionBuilder = new StringBuilder();
exceptionBuilder.AppendLine(Strings.SignFailureCertificateInvalidProviderType);
exceptionBuilder.AppendLine(CertificateUtility.X509Certificate2ToString(request.Certificate, Common.HashAlgorithmName.SHA256));
throw new SignatureException(NuGetLogCode.NU3001, exceptionBuilder.ToString());
}
return(PrimarySignature.Load(cms));
}
private static PrimarySignature CreateRepositoryCountersignature(CmsSigner cmsSigner, PrimarySignature primarySignature, CngKey privateKey)
{
using (var primarySignatureNativeCms = NativeCms.Decode(primarySignature.GetBytes()))
{
primarySignatureNativeCms.AddCountersignature(cmsSigner, privateKey);
var bytes = primarySignatureNativeCms.Encode();
var updatedCms = new SignedCms();
updatedCms.Decode(bytes);
return(PrimarySignature.Load(updatedCms));
}
}
/// <summary>
/// Timestamps data present in the TimestampRequest.
/// </summary>
public Task <PrimarySignature> TimestampSignatureAsync(PrimarySignature primarySignature, TimestampRequest request, ILogger logger, CancellationToken token)
{
var timestampCms = GetTimestamp(request, logger, token);
using (var signatureNativeCms = NativeCms.Decode(primarySignature.GetBytes()))
{
if (request.Target == SignaturePlacement.Countersignature)
{
signatureNativeCms.AddTimestampToRepositoryCountersignature(timestampCms);
}
else
{
signatureNativeCms.AddTimestamp(timestampCms);
}
return(Task.FromResult(PrimarySignature.Load(signatureNativeCms.Encode())));
}
}
/// <summary>
/// Timestamps data present in the TimestampRequest.
/// </summary>
public async Task <PrimarySignature> TimestampSignatureAsync(PrimarySignature primarySignature, TimestampRequest request, ILogger logger, CancellationToken token)
{
SignedCms timestampCms = await GetTimestampAsync(request, logger, token);
using (ICms signatureCms = CmsFactory.Create(primarySignature.GetBytes()))
{
if (request.Target == SignaturePlacement.Countersignature)
{
signatureCms.AddTimestampToRepositoryCountersignature(timestampCms);
}
else
{
signatureCms.AddTimestamp(timestampCms);
}
return(PrimarySignature.Load(signatureCms.Encode()));
}
}
private static PrimarySignature CreateRepositoryCountersignature(CmsSigner cmsSigner, SignPackageRequest request, PrimarySignature primarySignature)
{
var cms = new SignedCms();
cms.Decode(primarySignature.GetBytes());
try
{
cms.SignerInfos[0].ComputeCounterSignature(cmsSigner);
}
catch (CryptographicException ex) when(ex.HResult == INVALID_PROVIDER_TYPE_HRESULT)
{
var exceptionBuilder = new StringBuilder();
exceptionBuilder.AppendLine(Strings.SignFailureCertificateInvalidProviderType);
exceptionBuilder.AppendLine(CertificateUtility.X509Certificate2ToString(request.Certificate, Common.HashAlgorithmName.SHA256));
throw new SignatureException(NuGetLogCode.NU3001, exceptionBuilder.ToString());
}
return(PrimarySignature.Load(cms));
}
private static PrimarySignature CreatePrimarySignature(CmsSigner cmsSigner, byte[] signingData, CngKey privateKey)
{
var cms = NativeUtility.NativeSign(cmsSigner, signingData, privateKey);
return(PrimarySignature.Load(cms));
}
/// <summary>
/// Timestamps data present in the TimestampRequest.
/// </summary>
public Task <PrimarySignature> TimestampPrimarySignatureAsync(TimestampRequest request, ILogger logger, CancellationToken token)
{
var timestampedSignature = TimestampData(request, logger, token);
return(Task.FromResult(PrimarySignature.Load(timestampedSignature)));
}
private PrimarySignature CreatePrimarySignature(CmsSigner cmsSigner, SignatureContent signatureContent, CngKey privateKey)
{
var cms = NativeUtilities.NativeSign(cmsSigner, signatureContent.GetBytes(), privateKey);
return(PrimarySignature.Load(cms));
}