public virtual void ResolvePatch(FileRow fileRow, out bool retainRangeWarning)
{
if (fileRow == null)
{
throw new ArgumentNullException("fileRow");
}
retainRangeWarning = false;
if (this.deltaBinaryPatch && RowOperation.Modify == fileRow.Operation)
{
if (0 != (PatchAttributeType.IncludeWholeFile | fileRow.PatchAttributes))
{
string deltaBase = Common.GenerateIdentifier("dlt", Common.GenerateGuid());
string deltaFile = Path.Combine(this.tempFilesLocation, String.Concat(deltaBase, ".dpf"));
string headerFile = Path.Combine(this.tempFilesLocation, String.Concat(deltaBase, ".phd"));
PatchAPI.PatchInterop.PatchSymbolFlagsType apiPatchingSymbolFlags = 0;
bool optimizePatchSizeForLargeFiles = false;
Table wixPatchIdTable = this.output.Tables["WixPatchId"];
if (null != wixPatchIdTable)
{
Row row = wixPatchIdTable.Rows[0];
if (null != row)
{
if (null != row[2])
{
optimizePatchSizeForLargeFiles = (1 == Convert.ToUInt32(row[2], CultureInfo.InvariantCulture));
}
if (null != row[3])
{
apiPatchingSymbolFlags = (PatchAPI.PatchInterop.PatchSymbolFlagsType)Convert.ToUInt32(row[3], CultureInfo.InvariantCulture);
}
}
}
if (PatchAPI.PatchInterop.CreateDelta(
deltaFile,
fileRow.Source,
fileRow.Symbols,
fileRow.RetainOffsets,
fileRow.PreviousSourceArray,
fileRow.PreviousSymbolsArray,
fileRow.PreviousIgnoreLengthsArray,
fileRow.PreviousIgnoreOffsetsArray,
fileRow.PreviousRetainLengthsArray,
fileRow.PreviousRetainOffsetsArray,
apiPatchingSymbolFlags,
optimizePatchSizeForLargeFiles,
out retainRangeWarning))
{
PatchAPI.PatchInterop.ExtractDeltaHeader(deltaFile, headerFile);
fileRow.Patch = headerFile;
fileRow.Source = deltaFile;
}
}
}
}
/// <summary>
/// Updates database with signatures from external cabinets.
/// </summary>
/// <param name="databaseFile">Path to MSI database.</param>
/// <param name="outputFile">Ouput for updated MSI database.</param>
/// <param name="tidy">Clean up files.</param>
/// <returns>True if database is updated.</returns>
public bool InscribeDatabase(string databaseFile, string outputFile, bool tidy)
{
// Keeps track of whether we've encountered at least one signed cab or not - we'll throw a warning if no signed cabs were encountered
bool foundUnsignedExternals = false;
bool shouldCommit = false;
FileAttributes attributes = File.GetAttributes(databaseFile);
if (FileAttributes.ReadOnly == (attributes & FileAttributes.ReadOnly))
{
this.OnMessage(WixErrors.ReadOnlyOutputFile(databaseFile));
return(shouldCommit);
}
using (Database database = new Database(databaseFile, OpenDatabase.Transact))
{
// Just use the English codepage, because the tables we're importing only have binary streams / MSI identifiers / other non-localizable content
int codepage = 1252;
// list of certificates for this database (hash/identifier)
Dictionary <string, string> certificates = new Dictionary <string, string>();
// Reset the in-memory tables for this new database
Table digitalSignatureTable = new Table(null, this.tableDefinitions["MsiDigitalSignature"]);
Table digitalCertificateTable = new Table(null, this.tableDefinitions["MsiDigitalCertificate"]);
// If any digital signature records exist that are not of the media type, preserve them
if (database.TableExists("MsiDigitalSignature"))
{
using (View digitalSignatureView = database.OpenExecuteView("SELECT `Table`, `SignObject`, `DigitalCertificate_`, `Hash` FROM `MsiDigitalSignature` WHERE `Table` <> 'Media'"))
{
while (true)
{
using (Record digitalSignatureRecord = digitalSignatureView.Fetch())
{
if (null == digitalSignatureRecord)
{
break;
}
Row digitalSignatureRow = null;
digitalSignatureRow = digitalSignatureTable.CreateRow(null);
string table = digitalSignatureRecord.GetString(0);
string signObject = digitalSignatureRecord.GetString(1);
digitalSignatureRow[0] = table;
digitalSignatureRow[1] = signObject;
digitalSignatureRow[2] = digitalSignatureRecord.GetString(2);
if (false == digitalSignatureRecord.IsNull(3))
{
// Export to a file, because the MSI API's require us to provide a file path on disk
string hashPath = Path.Combine(this.TempFilesLocation, "MsiDigitalSignature");
string hashFileName = string.Concat(table, ".", signObject, ".bin");
Directory.CreateDirectory(hashPath);
hashPath = Path.Combine(hashPath, hashFileName);
using (FileStream fs = File.Create(hashPath))
{
int bytesRead;
byte[] buffer = new byte[1024 * 4];
while (0 != (bytesRead = digitalSignatureRecord.GetStream(3, buffer, buffer.Length)))
{
fs.Write(buffer, 0, bytesRead);
}
}
digitalSignatureRow[3] = hashFileName;
}
}
}
}
}
// If any digital certificates exist, extract and preserve them
if (database.TableExists("MsiDigitalCertificate"))
{
using (View digitalCertificateView = database.OpenExecuteView("SELECT * FROM `MsiDigitalCertificate`"))
{
while (true)
{
using (Record digitalCertificateRecord = digitalCertificateView.Fetch())
{
if (null == digitalCertificateRecord)
{
break;
}
string certificateId = digitalCertificateRecord.GetString(1); // get the identifier of the certificate
// Export to a file, because the MSI API's require us to provide a file path on disk
string certPath = Path.Combine(this.TempFilesLocation, "MsiDigitalCertificate");
Directory.CreateDirectory(certPath);
certPath = Path.Combine(certPath, string.Concat(certificateId, ".cer"));
using (FileStream fs = File.Create(certPath))
{
int bytesRead;
byte[] buffer = new byte[1024 * 4];
while (0 != (bytesRead = digitalCertificateRecord.GetStream(2, buffer, buffer.Length)))
{
fs.Write(buffer, 0, bytesRead);
}
}
// Add it to our "add to MsiDigitalCertificate" table dictionary
Row digitalCertificateRow = digitalCertificateTable.CreateRow(null);
digitalCertificateRow[0] = certificateId;
// Now set the file path on disk where this binary stream will be picked up at import time
digitalCertificateRow[1] = string.Concat(certificateId, ".cer");
// Load the cert to get it's thumbprint
X509Certificate cert = X509Certificate.CreateFromCertFile(certPath);
X509Certificate2 cert2 = new X509Certificate2(cert);
certificates.Add(cert2.Thumbprint, certificateId);
}
}
}
}
using (View mediaView = database.OpenExecuteView("SELECT * FROM `Media`"))
{
while (true)
{
using (Record mediaRecord = mediaView.Fetch())
{
if (null == mediaRecord)
{
break;
}
X509Certificate2 cert2 = null;
Row digitalSignatureRow = null;
string cabName = mediaRecord.GetString(4); // get the name of the cab
// If there is no cabinet or it's an internal cab, skip it.
if (String.IsNullOrEmpty(cabName) || cabName.StartsWith("#", StringComparison.Ordinal))
{
continue;
}
string cabId = mediaRecord.GetString(1); // get the ID of the cab
string cabPath = Path.Combine(Path.GetDirectoryName(databaseFile), cabName);
// If the cabs aren't there, throw an error but continue to catch the other errors
if (!File.Exists(cabPath))
{
this.OnMessage(WixErrors.WixFileNotFound(cabPath));
continue;
}
try
{
// Get the certificate from the cab
X509Certificate signedFileCert = X509Certificate.CreateFromSignedFile(cabPath);
cert2 = new X509Certificate2(signedFileCert);
}
catch (System.Security.Cryptography.CryptographicException e)
{
uint HResult = unchecked ((uint)Marshal.GetHRForException(e));
// If the file has no cert, continue, but flag that we found at least one so we can later give a warning
if (0x80092009 == HResult) // CRYPT_E_NO_MATCH
{
foundUnsignedExternals = true;
continue;
}
// todo: exactly which HRESULT corresponds to this issue?
// If it's one of these exact platforms, warn the user that it may be due to their OS.
if ((5 == Environment.OSVersion.Version.Major && 2 == Environment.OSVersion.Version.Minor) || // W2K3
(5 == Environment.OSVersion.Version.Major && 1 == Environment.OSVersion.Version.Minor)) // XP
{
this.OnMessage(WixErrors.UnableToGetAuthenticodeCertOfFileDownlevelOS(cabPath, String.Format(CultureInfo.InvariantCulture, "HRESULT: 0x{0:x8}", HResult)));
}
else // otherwise, generic error
{
this.OnMessage(WixErrors.UnableToGetAuthenticodeCertOfFile(cabPath, String.Format(CultureInfo.InvariantCulture, "HRESULT: 0x{0:x8}", HResult)));
}
}
// If we haven't added this cert to the MsiDigitalCertificate table, set it up to be added
if (!certificates.ContainsKey(cert2.Thumbprint))
{
// generate a stable identifier
string certificateGeneratedId = Common.GenerateIdentifier("cer", cert2.Thumbprint);
// Add it to our "add to MsiDigitalCertificate" table dictionary
Row digitalCertificateRow = digitalCertificateTable.CreateRow(null);
digitalCertificateRow[0] = certificateGeneratedId;
// Export to a file, because the MSI API's require us to provide a file path on disk
string certPath = Path.Combine(this.TempFilesLocation, "MsiDigitalCertificate");
Directory.CreateDirectory(certPath);
certPath = Path.Combine(certPath, string.Concat(cert2.Thumbprint, ".cer"));
File.Delete(certPath);
using (BinaryWriter writer = new BinaryWriter(File.Open(certPath, FileMode.Create)))
{
writer.Write(cert2.RawData);
writer.Close();
}
// Now set the file path on disk where this binary stream will be picked up at import time
digitalCertificateRow[1] = string.Concat(cert2.Thumbprint, ".cer");
certificates.Add(cert2.Thumbprint, certificateGeneratedId);
}
digitalSignatureRow = digitalSignatureTable.CreateRow(null);
digitalSignatureRow[0] = "Media";
digitalSignatureRow[1] = cabId;
digitalSignatureRow[2] = certificates[cert2.Thumbprint];
}
}
}
if (digitalCertificateTable.Rows.Count > 0)
{
database.ImportTable(codepage, digitalCertificateTable, this.TempFilesLocation, true);
shouldCommit = true;
}
if (digitalSignatureTable.Rows.Count > 0)
{
database.ImportTable(codepage, digitalSignatureTable, this.TempFilesLocation, true);
shouldCommit = true;
}
// TODO: if we created the table(s), then we should add the _Validation records for them.
certificates = null;
// If we did find external cabs but none of them were signed, give a warning
if (foundUnsignedExternals)
{
this.OnMessage(WixWarnings.ExternalCabsAreNotSigned(databaseFile));
}
if (shouldCommit)
{
database.Commit();
}
}
return(shouldCommit);
}
public string GenerateIdentifier(string prefix, params string[] args)
{
return(Common.GenerateIdentifier(prefix, args));
}
public string GenerateIdentifier(string prefix, params string[] args)
{
// Backward compatibility not required for new code.
return(Common.GenerateIdentifier(prefix, args));
}
