bool RunSignTool(AuthenticodeKeyVaultSigner signer, string file, string description, string descriptionUrl) { var startTime = DateTimeOffset.UtcNow; var stopwatch = Stopwatch.StartNew(); logger.LogInformation("Signing using {fileName}", file); var success = false; var code = 0; try { code = signer.SignFile(file, description, descriptionUrl, null); success = code == 0; telemetryLogger.TrackSignToolDependency(signToolName, file, startTime, stopwatch.Elapsed, null, code); } catch (Exception e) { logger.LogError(e, e.Message); } if (success) { logger.LogInformation("Sign tool completed successfuly"); return(true); } logger.LogError("Sign tool completed with error {errorCode}", code); return(false); }
// Inspired from https://github.com/squaredup/bettersigntool/blob/master/bettersigntool/bettersigntool/SignCommand.cs bool Sign(AuthenticodeKeyVaultSigner signer, string file, string description, string descriptionUrl) { var retry = TimeSpan.FromSeconds(5); var attempt = 1; do { if (attempt > 1) { logger.LogInformation($"Performing attempt #{attempt} of 3 attempts after {retry.TotalSeconds}s"); Thread.Sleep(retry); } if (RunSignTool(signer, file, description, descriptionUrl)) { return(true); } attempt++; retry = TimeSpan.FromSeconds(Math.Pow(retry.TotalSeconds, 1.5)); } while (attempt <= 3); logger.LogError($"Failed to sign. Attempts exceeded"); return(false); }
public void ShouldSignExeWithECDsaSigningCertificates_Sha256FileDigest(string certificate) { var signingCert = new X509Certificate2(certificate, "test", X509KeyStorageFlags.EphemeralKeySet); var signer = new AuthenticodeKeyVaultSigner(signingCert.GetECDsaPrivateKey(), signingCert, HashAlgorithmName.SHA256, TimeStampConfiguration.None); var fileToSign = GetFileToSign(); var result = signer.SignFile(fileToSign, null, null, null); Assert.Equal(0, result); }
public void ShouldSignExeWithRSASigningCertificates_Sha256FileDigest_WithTimestamps(string certificate) { var signingCert = new X509Certificate2(certificate, "test", X509KeyStorageFlags.EphemeralKeySet); var timestampConfig = new TimeStampConfiguration("http://timestamp.digicert.com", HashAlgorithmName.SHA256, TimeStampType.RFC3161); var signer = new AuthenticodeKeyVaultSigner(signingCert.GetRSAPrivateKey(), signingCert, HashAlgorithmName.SHA256, timestampConfig); var fileToSign = GetFileToSign(); var result = signer.SignFile(fileToSign, null, null, null); Assert.Equal(0, result); }
void SubmitInternal(HashMode hashMode, string name, string description, string descriptionUrl, IList <string> files) { logger.LogInformation("Signing SignTool job {0} with {1} files", name, files.Count()); var certificate = keyVaultService.GetCertificateAsync().Result; using var rsa = keyVaultService.ToRSA().Result; using var signer = new AuthenticodeKeyVaultSigner(rsa, certificate, HashAlgorithmName.SHA256, new TimeStampConfiguration(keyVaultService.CertificateInfo.TimestampUrl, HashAlgorithmName.SHA256, TimeStampType.RFC3161)); // loop through all of the files here, looking for appx/eappx // mark each as being signed and strip appx Parallel.ForEach(files, (file, state) => { telemetryLogger.OnSignFile(file, signToolName); if (!Sign(signer, file, description, descriptionUrl)) { throw new Exception($"Could not append sign {file}"); } }); }