public static void VerifyFileHash(string filePath, HashCollection hashCollection)
{
string fileName = Path.GetFileName(filePath);
if (hashCollection.Count == 0)
{
if (!PolicyKeys.RequireHashInManifests())
{
Logger.AddWarningInformation(string.Format((IFormatProvider)CultureInfo.CurrentUICulture, Resources.GetString("NoHashFile"), new object[1]
{
(object)fileName
}));
}
else
{
throw new InvalidDeploymentException(ExceptionTypes.HashValidation, string.Format((IFormatProvider)CultureInfo.CurrentUICulture, Resources.GetString("Ex_HashNotSpecified"), new object[1]
{
(object)fileName
}));
}
}
foreach (Hash hash in hashCollection)
{
ComponentVerifier.VerifyFileHash(filePath, hash);
}
}
private void CheckApplicationPayload(CommitApplicationParams commitParams)
{
if (commitParams.AppGroup == null && commitParams.appType != AppType.CustomHostSpecified)
{
string path = Path.Combine(commitParams.AppPayloadPath, commitParams.AppManifest.EntryPoints[0].CommandFile);
if (!PlatformDetector.IsWin8orLater())
{
SystemUtils.CheckSupportedImageAndCLRVersions(path);
}
}
string str = (string)null;
Store.IPathLock pathLock = (Store.IPathLock)null;
try
{
pathLock = this._compStore.LockAssemblyPath(commitParams.AppManifest.Identity);
str = Path.GetDirectoryName(pathLock.Path);
str = Path.Combine(str, "manifests");
str = Path.Combine(str, Path.GetFileName(pathLock.Path) + ".manifest");
}
catch (DeploymentException ex)
{
}
catch (COMException ex)
{
}
finally
{
if (pathLock != null)
{
pathLock.Dispose();
}
}
if (string.IsNullOrEmpty(str) || !System.IO.File.Exists(str) || (string.IsNullOrEmpty(commitParams.AppManifestPath) || !System.IO.File.Exists(commitParams.AppManifestPath)))
{
return;
}
byte[] digestValue1 = ComponentVerifier.GenerateDigestValue(str, CMS_HASH_DIGESTMETHOD.CMS_HASH_DIGESTMETHOD_SHA1, CMS_HASH_TRANSFORM.CMS_HASH_TRANSFORM_IDENTITY);
byte[] digestValue2 = ComponentVerifier.GenerateDigestValue(commitParams.AppManifestPath, CMS_HASH_DIGESTMETHOD.CMS_HASH_DIGESTMETHOD_SHA1, CMS_HASH_TRANSFORM.CMS_HASH_TRANSFORM_IDENTITY);
bool flag = false;
Logger.AddInternalState("In-place update check. Existing manifest path = " + str + ", Existing manifest hash=" + Encoding.UTF8.GetString(digestValue1) + ", New manifest path=" + commitParams.AppManifestPath + ", New manifest hash=" + Encoding.UTF8.GetString(digestValue2));
if (digestValue1.Length == digestValue2.Length)
{
int index = 0;
while (index < digestValue1.Length && (int)digestValue1[index] == (int)digestValue2[index])
{
++index;
}
if (index >= digestValue1.Length)
{
flag = true;
}
}
if (!flag)
{
throw new DeploymentException(ExceptionTypes.Subscription, Resources.GetString("Ex_ApplicationInplaceUpdate"));
}
}
private void CheckApplicationPayload(CommitApplicationParams commitParams)
{
if ((commitParams.AppGroup == null) && (commitParams.appType != AppType.CustomHostSpecified))
{
SystemUtils.CheckSupportedImageAndCLRVersions(Path.Combine(commitParams.AppPayloadPath, commitParams.AppManifest.EntryPoints[0].CommandFile));
}
string directoryName = null;
System.Deployment.Internal.Isolation.Store.IPathLock @lock = null;
try
{
@lock = this._compStore.LockAssemblyPath(commitParams.AppManifest.Identity);
directoryName = Path.GetDirectoryName(@lock.Path);
directoryName = Path.Combine(directoryName, "manifests");
directoryName = Path.Combine(directoryName, Path.GetFileName(@lock.Path) + ".manifest");
}
catch (DeploymentException)
{
}
catch (COMException)
{
}
finally
{
if (@lock != null)
{
@lock.Dispose();
}
}
if ((!string.IsNullOrEmpty(directoryName) && System.IO.File.Exists(directoryName)) && (!string.IsNullOrEmpty(commitParams.AppManifestPath) && System.IO.File.Exists(commitParams.AppManifestPath)))
{
byte[] bytes = ComponentVerifier.GenerateDigestValue(directoryName, System.Deployment.Internal.Isolation.Manifest.CMS_HASH_DIGESTMETHOD.CMS_HASH_DIGESTMETHOD_SHA1, System.Deployment.Internal.Isolation.Manifest.CMS_HASH_TRANSFORM.CMS_HASH_TRANSFORM_IDENTITY);
byte[] buffer2 = ComponentVerifier.GenerateDigestValue(commitParams.AppManifestPath, System.Deployment.Internal.Isolation.Manifest.CMS_HASH_DIGESTMETHOD.CMS_HASH_DIGESTMETHOD_SHA1, System.Deployment.Internal.Isolation.Manifest.CMS_HASH_TRANSFORM.CMS_HASH_TRANSFORM_IDENTITY);
bool flag = false;
Logger.AddInternalState("In-place update check. Existing manifest path = " + directoryName + ", Existing manifest hash=" + Encoding.UTF8.GetString(bytes) + ", New manifest path=" + commitParams.AppManifestPath + ", New manifest hash=" + Encoding.UTF8.GetString(buffer2));
if (bytes.Length == buffer2.Length)
{
int index = 0;
while (index < bytes.Length)
{
if (bytes[index] != buffer2[index])
{
break;
}
index++;
}
if (index >= bytes.Length)
{
flag = true;
}
}
if (!flag)
{
throw new DeploymentException(ExceptionTypes.Subscription, Resources.GetString("Ex_ApplicationInplaceUpdate"));
}
}
}
public static bool IsVerifiableHashCollection(HashCollection hashCollection)
{
foreach (Hash hash in hashCollection)
{
if (!ComponentVerifier.IsVerifiableHash(hash))
{
return(false);
}
}
return(true);
}
protected static void VerifyManifestComponentFiles(AssemblyManifest manifest, string componentPath, bool ignoreSelfReferentialFileHash)
{
string directoryName = Path.GetDirectoryName(componentPath);
foreach (System.Deployment.Application.Manifest.File file in manifest.Files)
{
string str = Path.Combine(directoryName, file.NameFS);
if ((!ignoreSelfReferentialFileHash || string.Compare(componentPath, str, StringComparison.OrdinalIgnoreCase) != 0) && System.IO.File.Exists(str))
{
ComponentVerifier.VerifyFileHash(str, file.HashCollection);
}
}
}
private static bool FileHashVerified(HashCollection hashCollection, string location)
{
try
{
ComponentVerifier.VerifyFileHash(location, hashCollection);
}
catch (InvalidDeploymentException ex)
{
if (ex.SubType == ExceptionTypes.HashValidation)
{
return(false);
}
throw;
}
return(true);
}
public static byte[] GenerateDigestValue(string filePath, CMS_HASH_DIGESTMETHOD digestMethod, CMS_HASH_TRANSFORM transform)
{
Stream inputStream = (Stream)null;
try
{
HashAlgorithm hashAlgorithm = ComponentVerifier.GetHashAlgorithm(digestMethod);
inputStream = ComponentVerifier.GetTransformedStream(filePath, transform);
return(hashAlgorithm.ComputeHash(inputStream));
}
finally
{
if (inputStream != null)
{
inputStream.Close();
}
}
}
public static void VerifyFileHash(string filePath, Hash hash)
{
string fileName = Path.GetFileName(filePath);
byte[] digestValue1;
try
{
digestValue1 = ComponentVerifier.GenerateDigestValue(filePath, hash.DigestMethod, hash.Transform);
}
catch (IOException ex)
{
throw new InvalidDeploymentException(ExceptionTypes.HashValidation, Resources.GetString("Ex_HashValidationException"), (Exception)ex);
}
byte[] digestValue2 = hash.DigestValue;
bool flag = false;
if (digestValue1.Length == digestValue2.Length)
{
int index = 0;
while (index < digestValue2.Length && (int)digestValue2[index] == (int)digestValue1[index])
{
++index;
}
if (index >= digestValue2.Length)
{
flag = true;
}
}
if (!flag)
{
Logger.AddInternalState("File," + fileName + ", has a different computed hash than specified in manifest. Computed hash is " + Encoding.UTF8.GetString(digestValue1) + ". Specified hash is " + Encoding.UTF8.GetString(digestValue2));
throw new InvalidDeploymentException(ExceptionTypes.HashValidation, string.Format((IFormatProvider)CultureInfo.CurrentUICulture, Resources.GetString("Ex_DifferentHashes"), new object[1]
{
(object)fileName
}));
}
}
public override void Verify()
{
ComponentVerifier.VerifyStrongNameAssembly(this._filePath, this._assemblyManifest);
}
public override void Verify()
{
ComponentVerifier.VerifyFileHash(this._filePath, this._hashCollection);
}
public static void VerifyStrongNameAssembly(string filePath, AssemblyManifest assemblyManifest)
{
string fileName = Path.GetFileName(filePath);
if (assemblyManifest.Identity.PublicKeyToken == null)
{
throw new InvalidDeploymentException(ExceptionTypes.Validation, string.Format((IFormatProvider)CultureInfo.CurrentUICulture, Resources.GetString("Ex_StrongNameAsmWithNoPKT"), new object[1]
{
(object)fileName
}));
}
bool ignoreSelfReferentialFileHash = false;
if (assemblyManifest.ManifestSourceFormat == ManifestSourceFormat.XmlFile)
{
assemblyManifest.ValidateSignature((Stream)null);
}
else if (assemblyManifest.ManifestSourceFormat == ManifestSourceFormat.ID_1)
{
if (assemblyManifest.ComplibIdentity == null)
{
PEStream peStream = (PEStream)null;
MemoryStream memoryStream = (MemoryStream)null;
try
{
peStream = new PEStream(filePath, true);
byte[] manifestResource = peStream.GetDefaultId1ManifestResource();
if (manifestResource != null)
{
memoryStream = new MemoryStream(manifestResource);
}
if (memoryStream != null)
{
assemblyManifest.ValidateSignature((Stream)memoryStream);
}
else
{
throw new InvalidDeploymentException(ExceptionTypes.StronglyNamedAssemblyVerification, string.Format((IFormatProvider)CultureInfo.CurrentUICulture, Resources.GetString("Ex_StronglyNamedAssemblyNotVerifiable"), new object[1]
{
(object)fileName
}));
}
}
finally
{
if (peStream != null)
{
peStream.Close();
}
if (memoryStream != null)
{
memoryStream.Close();
}
}
}
else
{
if (!assemblyManifest.ComplibIdentity.Equals((object)assemblyManifest.Identity))
{
throw new InvalidDeploymentException(ExceptionTypes.IdentityMatchValidationForMixedModeAssembly, string.Format((IFormatProvider)CultureInfo.CurrentUICulture, Resources.GetString("Ex_IdentitiesDoNotMatchForMixedModeAssembly"), new object[1]
{
(object)fileName
}));
}
bool pfWasVerified;
if (!StrongNameHelpers.StrongNameSignatureVerificationEx(filePath, false, out pfWasVerified))
{
throw new InvalidDeploymentException(ExceptionTypes.SignatureValidation, string.Format((IFormatProvider)CultureInfo.CurrentUICulture, Resources.GetString("Ex_StrongNameSignatureInvalid"), new object[1]
{
(object)fileName
}));
}
ignoreSelfReferentialFileHash = true;
}
}
else if (assemblyManifest.ManifestSourceFormat == ManifestSourceFormat.CompLib)
{
bool pfWasVerified;
if (!StrongNameHelpers.StrongNameSignatureVerificationEx(filePath, false, out pfWasVerified))
{
throw new InvalidDeploymentException(ExceptionTypes.SignatureValidation, string.Format((IFormatProvider)CultureInfo.CurrentUICulture, Resources.GetString("Ex_StrongNameSignatureInvalid"), new object[1]
{
(object)fileName
}));
}
ignoreSelfReferentialFileHash = true;
}
else
{
throw new InvalidDeploymentException(ExceptionTypes.StronglyNamedAssemblyVerification, string.Format((IFormatProvider)CultureInfo.CurrentUICulture, Resources.GetString("Ex_StronglyNamedAssemblyNotVerifiable"), new object[1]
{
(object)fileName
}));
}
ComponentVerifier.VerifyManifestComponentFiles(assemblyManifest, filePath, ignoreSelfReferentialFileHash);
}
public static AssemblyManifest DownloadApplicationManifest(AssemblyManifest deploymentManifest, string targetDir, Uri deploymentUri, IDownloadNotification notification, DownloadOptions options, out Uri appSourceUri, out string appManifestPath)
{
Logger.AddMethodCall("DownloadApplicationManifest called.");
DependentAssembly dependentAssembly = deploymentManifest.MainDependentAssembly;
if (dependentAssembly == null || dependentAssembly.Codebase == null)
{
throw new InvalidDeploymentException(ExceptionTypes.ManifestSemanticValidation, Resources.GetString("Ex_NoAppInDeploymentManifest"));
}
appSourceUri = new Uri(deploymentUri, dependentAssembly.Codebase);
Zone fromUrl1 = Zone.CreateFromUrl(deploymentUri.AbsoluteUri);
Zone fromUrl2 = Zone.CreateFromUrl(appSourceUri.AbsoluteUri);
if (!fromUrl1.Equals((object)fromUrl2))
{
Logger.AddInternalState("Deployment and application does not have matching security zones. deploymentZone=" + (object)fromUrl1 + ",applicationZone=" + (object)fromUrl2);
throw new InvalidDeploymentException(ExceptionTypes.Zone, Resources.GetString("Ex_DeployAppZoneMismatch"));
}
appManifestPath = Path.Combine(targetDir, dependentAssembly.Identity.Name + ".manifest");
ServerInformation serverInformation;
AssemblyManifest assemblyManifest = DownloadManager.DownloadManifest(ref appSourceUri, appManifestPath, notification, options, AssemblyManifest.ManifestType.Application, out serverInformation);
Logger.SetApplicationUrl(appSourceUri);
Logger.SetApplicationServerInformation(serverInformation);
Zone fromUrl3 = Zone.CreateFromUrl(appSourceUri.AbsoluteUri);
if (!fromUrl1.Equals((object)fromUrl3))
{
Logger.AddInternalState("Deployment and application does not have matching security zones. deploymentZone=" + (object)fromUrl1 + ",applicationZone=" + (object)fromUrl3);
throw new InvalidDeploymentException(ExceptionTypes.Zone, Resources.GetString("Ex_DeployAppZoneMismatch"));
}
if (assemblyManifest.Identity.Equals((object)deploymentManifest.Identity))
{
throw new InvalidDeploymentException(ExceptionTypes.ManifestSemanticValidation, string.Format((IFormatProvider)CultureInfo.CurrentUICulture, Resources.GetString("Ex_DepSameDeploymentAndApplicationIdentity"), new object[1]
{
(object)assemblyManifest.Identity.ToString()
}));
}
if (!assemblyManifest.Identity.Matches(dependentAssembly.Identity, assemblyManifest.Application))
{
throw new InvalidDeploymentException(ExceptionTypes.SubscriptionSemanticValidation, Resources.GetString("Ex_RefDefMismatch"));
}
if (!PolicyKeys.SkipApplicationDependencyHashCheck())
{
try
{
ComponentVerifier.VerifyFileHash(appManifestPath, dependentAssembly.HashCollection);
}
catch (InvalidDeploymentException ex)
{
if (ex.SubType == ExceptionTypes.HashValidation)
{
throw new InvalidDeploymentException(ExceptionTypes.HashValidation, Resources.GetString("Ex_AppManInvalidHash"), (Exception)ex);
}
throw;
}
}
if (assemblyManifest.RequestedExecutionLevel != null)
{
Logger.AddInternalState("Application manifest has RequestedExecutionLevel specified. Check requested privileges.");
DownloadManager.VerifyRequestedPrivilegesSupport(assemblyManifest.RequestedExecutionLevel);
}
return(assemblyManifest);
}
