private void VerifyAfterSign(TaskLoggingHelper log)
{
foreach (var file in _batchData.FilesToSign)
{
if (file.IsPEFile())
{
using (var stream = File.OpenRead(file.FullPath))
{
if (!_signTool.VerifySignedPEFile(stream))
{
log.LogError($"Assembly {file} is not signed properly");
}
}
}
else if (file.IsZipContainer())
{
var zipData = _batchData.ZipDataMap[file.ContentHash];
using (var archive = new ZipArchive(File.OpenRead(file.FullPath), ZipArchiveMode.Read))
{
foreach (ZipArchiveEntry entry in archive.Entries)
{
string relativeName = entry.FullName;
var zipPart = zipData.FindNestedPart(relativeName);
if (!zipPart.HasValue || !zipPart.Value.FileSignInfo.IsPEFile())
{
continue;
}
// PEReader requires a seekable stream
var peStream = new MemoryStream((int)entry.Length);
using (var stream = entry.Open())
{
stream.CopyTo(peStream);
peStream.Position = 0;
}
if (!_signTool.VerifySignedPEFile(peStream))
{
log.LogError($"Zip container {file} has part {relativeName} which is not signed.");
}
}
}
}
}
}
private void VerifyAfterSign(FileSignInfo file)
{
if (file.IsPEFile())
{
using (var stream = File.OpenRead(file.FullPath))
{
if (!_signTool.VerifySignedPEFile(stream))
{
_log.LogError($"Assembly {file.FullPath} is not signed properly");
}
}
}
else if (file.IsPowerShellScript())
{
if (!_signTool.VerifySignedPowerShellFile(file.FullPath))
{
_log.LogError($"Powershell file {file.FullPath} does not have a signature mark.");
}
}
else if (file.IsZipContainer())
{
var zipData = _batchData.ZipDataMap[file.ContentHash];
bool signedContainer = false;
using (var archive = new ZipArchive(File.OpenRead(file.FullPath), ZipArchiveMode.Read))
{
foreach (ZipArchiveEntry entry in archive.Entries)
{
string relativeName = entry.FullName;
if (!SkipZipContainerSignatureMarkerCheck)
{
if (file.IsNupkg() && _signTool.VerifySignedNugetFileMarker(relativeName))
{
signedContainer = true;
}
else if (file.IsVsix() && _signTool.VerifySignedVSIXFileMarker(relativeName))
{
signedContainer = true;
}
}
var zipPart = zipData.FindNestedPart(relativeName);
if (!zipPart.HasValue)
{
continue;
}
VerifyAfterSign(zipPart.Value.FileSignInfo);
}
}
if (!SkipZipContainerSignatureMarkerCheck && (file.IsNupkg() || file.IsVsix()) && !signedContainer)
{
_log.LogError($"Container {file.FullPath} does not have signature marker.");
}
}
}
