public static async Task <int> CreateSigningRequest(string fileName, string outputFile, string digestAlgorithm)
{
// Set default values
outputFile = outputFile ?? (fileName + ".req");
digestAlgorithm = digestAlgorithm ?? Signature.DefaultDigestAlgorithmName;
if (File.Exists(outputFile))
{
AnsiConsole.Error.WriteLine("Signature request already exists: " + outputFile);
return(1);
}
// Create the signature
AnsiConsole.Output.WriteLine("Computing Signature Request...");
var sig = new Signature(SignaturePayload.Compute(fileName, digestAlgorithm));
AnsiConsole.Output.WriteLine("Signature request written to " + outputFile);
// Write the unsigned request
await sig.WriteAsync(outputFile);
return(0);
}
public static async Task <int> Sign(string fileName, IEnumerable <CommandOption> options)
{
var signOptions = SignOptions.FromOptions(fileName, options);
X509Certificate2Collection includedCerts;
var signingCert = signOptions.FindCert(out includedCerts);
if (signingCert == null)
{
AnsiConsole.Error.WriteLine("Unable to find certificate that meets the specified criteria");
return(1);
}
AnsiConsole.Output.WriteLine("Signing file with: " + signingCert.SubjectName.CommonName());
// Load the private key if provided
if (!string.IsNullOrEmpty(signOptions.CspName) && !string.IsNullOrEmpty(signOptions.KeyContainer))
{
var parameters = new CspParameters()
{
ProviderType = 1, // PROV_RSA_FULL
KeyNumber = (int)KeyNumber.Signature,
ProviderName = signOptions.CspName,
KeyContainerName = signOptions.KeyContainer
};
signingCert.PrivateKey = new RSACryptoServiceProvider(parameters);
}
if (!signingCert.HasPrivateKey)
{
AnsiConsole.Error.WriteLine("Unable to find private key for certificate: " + signingCert.SubjectName.CommonName());
return(1);
}
// If the input file didn't provide any additional certs, set up a new collection
var additionalCerts = new X509Certificate2Collection();
// Load any additional certs requested by the user
if (!string.IsNullOrEmpty(signOptions.AddCertificatesFile))
{
additionalCerts.Import(signOptions.AddCertificatesFile);
}
// Determine if we are signing a request or a file
Signature sig = await Signature.TryDecodeAsync(fileName);
if (sig == null)
{
sig = new Signature(SignaturePayload.Compute(fileName, Signature.DefaultDigestAlgorithmName));
}
// Verify that the content is unsigned
if (sig.IsSigned)
{
AnsiConsole.Error.WriteLine("File already signed: " + fileName);
return(1);
}
// Sign the file
sig.Sign(signingCert, includedCerts, additionalCerts);
AnsiConsole.Output.WriteLine("Successfully signed.");
if (!string.IsNullOrEmpty(signOptions.Timestamper))
{
// Timestamp the signature
AnsiConsole.Output.WriteLine("Transmitting signature to timestamping authority...");
sig.Timestamp(new Uri(signOptions.Timestamper), signOptions.TimestamperAlgorithm ?? Signature.DefaultDigestAlgorithmName);
AnsiConsole.Output.WriteLine("Trusted timestamp applied to signature.");
}
// Write the signature
AnsiConsole.Output.WriteLine("Signature saved to " + signOptions.Output);
await sig.WriteAsync(signOptions.Output);
return(0);
}
