private static void StrongNameSignManifestDom(XmlDocument manifestDom, XmlDocument licenseDom, CmiManifestSigner2 signer, bool useSha256)
{
RSA snKey = signer.StrongNameKey as RSA;
// Make sure it is RSA, as this is the only one Fusion will support.
if (snKey == null)
{
throw new NotSupportedException();
}
// Setup namespace manager.
XmlNamespaceManager nsm = new XmlNamespaceManager(manifestDom.NameTable);
nsm.AddNamespace("asm", AssemblyNamespaceUri);
// Get to root element.
XmlElement signatureParent = manifestDom.SelectSingleNode("asm:assembly", nsm) as XmlElement;
if (signatureParent == null)
{
throw new CryptographicException(Win32.TRUST_E_SUBJECT_FORM_UNKNOWN);
}
if (signer.StrongNameKey.GetType() != typeof(RSACryptoServiceProvider))
{
throw new NotSupportedException();
}
// Setup up XMLDSIG engine.
ManifestSignedXml2 signedXml = new ManifestSignedXml2(signatureParent);
signedXml.SigningKey = GetFixedRSACryptoServiceProvider(signer.StrongNameKey as RSACryptoServiceProvider, useSha256);
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
if (signer.UseSha256)
signedXml.SignedInfo.SignatureMethod = Sha256SignatureMethodUri;
// Add the key information.
signedXml.KeyInfo.AddClause(new RSAKeyValue(snKey));
if (licenseDom != null)
{
signedXml.KeyInfo.AddClause(new KeyInfoNode(licenseDom.DocumentElement));
}
signedXml.KeyInfo.Id = "StrongNameKeyInfo";
// Add the enveloped reference.
Reference enveloped = new Reference();
enveloped.Uri = "";
if (signer.UseSha256)
enveloped.DigestMethod = Sha256DigestMethod;
// Add an enveloped then Exc-C14N transform.
enveloped.AddTransform(new XmlDsigEnvelopedSignatureTransform());
enveloped.AddTransform(new XmlDsigExcC14NTransform());
signedXml.AddReference(enveloped);
#if (false) // DSIE: New format does not sign KeyInfo.
// Add the key info reference.
Reference strongNameKeyInfo = new Reference();
strongNameKeyInfo.Uri = "#StrongNameKeyInfo";
strongNameKeyInfo.AddTransform(new XmlDsigExcC14NTransform());
signedXml.AddReference(strongNameKeyInfo);
#endif
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation
XmlElement xmlDigitalSignature = signedXml.GetXml();
xmlDigitalSignature.SetAttribute("Id", "StrongNameSignature");
// Insert the signature now.
signatureParent.AppendChild(xmlDigitalSignature);
}
private static void StrongNameSignManifestDom(XmlDocument manifestDom, XmlDocument licenseDom, CmiManifestSigner2 signer, bool useSha256)
{
RSA snKey = signer.StrongNameKey as RSA;
// Make sure it is RSA, as this is the only one Fusion will support.
if (snKey == null)
{
throw new NotSupportedException();
}
// Setup namespace manager.
XmlNamespaceManager nsm = new XmlNamespaceManager(manifestDom.NameTable);
nsm.AddNamespace("asm", AssemblyNamespaceUri);
// Get to root element.
XmlElement signatureParent = manifestDom.SelectSingleNode("asm:assembly", nsm) as XmlElement;
if (signatureParent == null)
{
throw new CryptographicException(Win32.TRUST_E_SUBJECT_FORM_UNKNOWN);
}
if (!(signer.StrongNameKey is RSA))
{
throw new NotSupportedException();
}
// Setup up XMLDSIG engine.
ManifestSignedXml2 signedXml = new ManifestSignedXml2(signatureParent);
if (signer.StrongNameKey is RSACryptoServiceProvider)
{
signedXml.SigningKey = GetFixedRSACryptoServiceProvider(signer.StrongNameKey as RSACryptoServiceProvider, useSha256);
}
else
{
signedXml.SigningKey = signer.StrongNameKey;
}
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
if (signer.UseSha256)
{
signedXml.SignedInfo.SignatureMethod = Sha256SignatureMethodUri;
}
else
{
signedXml.SignedInfo.SignatureMethod = Sha1SignatureMethodUri;
}
// Add the key information.
signedXml.KeyInfo.AddClause(new RSAKeyValue(snKey));
if (licenseDom != null)
{
signedXml.KeyInfo.AddClause(new KeyInfoNode(licenseDom.DocumentElement));
}
signedXml.KeyInfo.Id = "StrongNameKeyInfo";
// Add the enveloped reference.
Reference enveloped = new Reference();
enveloped.Uri = "";
if (signer.UseSha256)
{
enveloped.DigestMethod = Sha256DigestMethod;
}
else
{
enveloped.DigestMethod = Sha1DigestMethod;
}
// Add an enveloped then Exc-C14N transform.
enveloped.AddTransform(new XmlDsigEnvelopedSignatureTransform());
enveloped.AddTransform(new XmlDsigExcC14NTransform());
signedXml.AddReference(enveloped);
#if (false) // DSIE: New format does not sign KeyInfo.
// Add the key info reference.
Reference strongNameKeyInfo = new Reference();
strongNameKeyInfo.Uri = "#StrongNameKeyInfo";
strongNameKeyInfo.AddTransform(new XmlDsigExcC14NTransform());
signedXml.AddReference(strongNameKeyInfo);
#endif
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation
XmlElement xmlDigitalSignature = signedXml.GetXml();
xmlDigitalSignature.SetAttribute("Id", "StrongNameSignature");
// Insert the signature now.
signatureParent.AppendChild(xmlDigitalSignature);
}
private static void AuthenticodeSignLicenseDom(XmlDocument licenseDom, CmiManifestSigner2 signer, string timeStampUrl, bool useSha256)
{
// Make sure it is RSA, as this is the only one Fusion will support.
if (signer.Certificate.PublicKey.Key.GetType() != typeof(RSACryptoServiceProvider))
{
throw new NotSupportedException();
}
if (signer.Certificate.PrivateKey.GetType() != typeof(RSACryptoServiceProvider))
{
throw new NotSupportedException();
}
// Setup up XMLDSIG engine.
ManifestSignedXml2 signedXml = new ManifestSignedXml2(licenseDom);
signedXml.SigningKey = GetFixedRSACryptoServiceProvider(signer.Certificate.PrivateKey as RSACryptoServiceProvider, useSha256);
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
if (signer.UseSha256)
signedXml.SignedInfo.SignatureMethod = Sha256SignatureMethodUri;
// Add the key information.
signedXml.KeyInfo.AddClause(new RSAKeyValue(GetFixedRSACryptoServiceProvider(signer.Certificate.PrivateKey as RSACryptoServiceProvider, useSha256) as RSA));
signedXml.KeyInfo.AddClause(new KeyInfoX509Data(signer.Certificate, signer.IncludeOption));
// Add the enveloped reference.
Reference reference = new Reference();
reference.Uri = "";
if (signer.UseSha256)
reference.DigestMethod = Sha256DigestMethod;
// Add an enveloped and an Exc-C14N transform.
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
#if (false) // BUGBUG: LTA transform complaining about issuer node not found.
reference.AddTransform(new XmlLicenseTransform());
#endif
reference.AddTransform(new XmlDsigExcC14NTransform());
// Add the reference.
signedXml.AddReference(reference);
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation
XmlElement xmlDigitalSignature = signedXml.GetXml();
xmlDigitalSignature.SetAttribute("Id", "AuthenticodeSignature");
// Insert the signature node under the issuer element.
XmlNamespaceManager nsm = new XmlNamespaceManager(licenseDom.NameTable);
nsm.AddNamespace("r", LicenseNamespaceUri);
XmlElement issuerNode = licenseDom.SelectSingleNode("r:license/r:issuer", nsm) as XmlElement;
issuerNode.AppendChild(licenseDom.ImportNode(xmlDigitalSignature, true));
// Time stamp it if requested.
if (timeStampUrl != null && timeStampUrl.Length != 0)
{
TimestampSignedLicenseDom(licenseDom, timeStampUrl);
}
// Wrap it inside a RelData element.
licenseDom.DocumentElement.ParentNode.InnerXml = "<msrel:RelData xmlns:msrel=\"" +
MSRelNamespaceUri + "\">" +
licenseDom.OuterXml + "</msrel:RelData>";
}
private static void AuthenticodeSignLicenseDom(XmlDocument licenseDom, CmiManifestSigner2 signer, string timeStampUrl, bool useSha256)
{
// Make sure it is RSA, as this is the only one Fusion will support.
RSA rsaPrivateKey = CngLightup.GetRSAPrivateKey(signer.Certificate);
if (rsaPrivateKey == null)
{
throw new NotSupportedException();
}
// Setup up XMLDSIG engine.
ManifestSignedXml2 signedXml = new ManifestSignedXml2(licenseDom);
// only needs to change the provider type when RSACryptoServiceProvider is used
var rsaCsp = rsaPrivateKey is RSACryptoServiceProvider?
GetFixedRSACryptoServiceProvider(rsaPrivateKey as RSACryptoServiceProvider, useSha256) : rsaPrivateKey;
signedXml.SigningKey = rsaCsp;
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
if (signer.UseSha256)
{
signedXml.SignedInfo.SignatureMethod = Sha256SignatureMethodUri;
}
else
{
signedXml.SignedInfo.SignatureMethod = Sha1SignatureMethodUri;
}
// Add the key information.
signedXml.KeyInfo.AddClause(new RSAKeyValue(rsaCsp));
signedXml.KeyInfo.AddClause(new KeyInfoX509Data(signer.Certificate, signer.IncludeOption));
// Add the enveloped reference.
Reference reference = new Reference();
reference.Uri = "";
if (signer.UseSha256)
{
reference.DigestMethod = Sha256DigestMethod;
}
else
{
reference.DigestMethod = Sha1DigestMethod;
}
// Add an enveloped and an Exc-C14N transform.
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
#if (false) // BUGBUG: LTA transform complaining about issuer node not found.
reference.AddTransform(new XmlLicenseTransform());
#endif
reference.AddTransform(new XmlDsigExcC14NTransform());
// Add the reference.
signedXml.AddReference(reference);
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation
XmlElement xmlDigitalSignature = signedXml.GetXml();
xmlDigitalSignature.SetAttribute("Id", "AuthenticodeSignature");
// Insert the signature node under the issuer element.
XmlNamespaceManager nsm = new XmlNamespaceManager(licenseDom.NameTable);
nsm.AddNamespace("r", LicenseNamespaceUri);
XmlElement issuerNode = licenseDom.SelectSingleNode("r:license/r:issuer", nsm) as XmlElement;
issuerNode.AppendChild(licenseDom.ImportNode(xmlDigitalSignature, true));
// Time stamp it if requested.
if (timeStampUrl != null && timeStampUrl.Length != 0)
{
TimestampSignedLicenseDom(licenseDom, timeStampUrl);
}
// Wrap it inside a RelData element.
licenseDom.DocumentElement.ParentNode.InnerXml = "<msrel:RelData xmlns:msrel=\"" +
MSRelNamespaceUri + "\">" +
licenseDom.OuterXml + "</msrel:RelData>";
}
