Exemple #1
0
        private Dictionary <ExplicitCertificateKey, string> ParseFileSignInfo()
        {
            var mapOverridingSignInfos = new Dictionary <ExplicitCertificateKey, string>();

            if (FileSignInfo != null)
            {
                foreach (var item in FileSignInfo)
                {
                    var fileName        = item.ItemSpec;
                    var targetFramework = item.GetMetadata("TargetFramework");
                    var publicKeyToken  = item.GetMetadata("PublicKeyToken");
                    var certificateName = item.GetMetadata("CertificateName");

                    if (fileName.IndexOfAny(new char[] { '/', '\\' }) >= 0)
                    {
                        Log.LogError($"FileSignInfo should include only file name and extension, not the full path to the file: {fileName}");
                        return(null);
                    }

                    if (String.IsNullOrEmpty(targetFramework))
                    {
                        targetFramework = SignToolConstants.AllTargetFrameworksSentinel;
                    }
                    else if (!IsValidTargetFrameworkName(targetFramework))
                    {
                        Log.LogError($"This TargetFramework metadata for FileSignInfo isn't valid: {targetFramework}");
                        return(null);
                    }

                    if (String.IsNullOrWhiteSpace(certificateName))
                    {
                        Log.LogError($"This CertificateName informed for FileSignInfo isn't valid: {certificateName}");
                        return(null);
                    }

                    if (!string.IsNullOrEmpty(publicKeyToken) && !IsValidPublicKeyToken(publicKeyToken))
                    {
                        Log.LogError($"This PublicKeyToken metadata for FileSignInfo isn't valid: {publicKeyToken}");
                        return(null);
                    }

                    var outerKey = new ExplicitCertificateKey(fileName, publicKeyToken?.ToLower(), targetFramework);

                    if (mapOverridingSignInfos.TryGetValue(outerKey, out var existingCert))
                    {
                        Log.LogError($"Ignoring attempt to duplicate signing override information for this combination ({fileName}, {publicKeyToken}, {targetFramework}). " +
                                     $"Existing value {existingCert}, trying to add new value {certificateName}.");
                    }
                    else
                    {
                        mapOverridingSignInfos.Add(outerKey, certificateName);
                    }
                }
            }

            return(mapOverridingSignInfos);
        }
Exemple #2
0
        private SignInfo ExtractSignInfo(string fileFullPath)
        {
            if (FileName.IsPEFile(fileFullPath))
            {
                using (var stream = File.OpenRead(fileFullPath))
                {
                    if (ContentUtil.IsAssemblyStrongNameSigned(stream))
                    {
                        return(SignInfo.AlreadySigned);
                    }
                }

                if (!IsManaged(fileFullPath))
                {
                    return(new SignInfo(SignToolConstants.Certificate_MicrosoftSHA2, null));
                }
                else
                {
                    var fileAsm         = System.Reflection.AssemblyName.GetAssemblyName(fileFullPath);
                    var pktBytes        = fileAsm.GetPublicKeyToken();
                    var publicKeyToken  = (pktBytes == null || pktBytes.Length == 0) ? string.Empty : string.Join("", pktBytes.Select(b => b.ToString("x2")));
                    var targetFramework = GetTargetFrameworkName(fileFullPath).FullName;
                    var fileName        = Path.GetFileName(fileFullPath);

                    var keyForAllTargets     = new ExplicitCertificateKey(fileName, publicKeyToken, SignToolConstants.AllTargetFrameworksSentinel);
                    var keyForSpecificTarget = new ExplicitCertificateKey(fileName, publicKeyToken, targetFramework);

                    // Do we need to override the default certificate this file ?
                    if (_explicitCertificates.TryGetValue(keyForSpecificTarget, out var overridingCertificate) ||
                        _explicitCertificates.TryGetValue(keyForAllTargets, out overridingCertificate))
                    {
                        // If has overriding info, is it for ignoring the file?
                        if (overridingCertificate != null && overridingCertificate.Equals(SignToolConstants.IgnoreFileCertificateSentinel))
                        {
                            return(SignInfo.Ignore); // should ignore this file
                        }
                        // Otherwise, just use the overriding info if present
                    }

                    if (publicKeyToken == string.Empty)
                    {
                        if (string.IsNullOrEmpty(overridingCertificate))
                        {
                            _log.LogError($"SignInfo for file ({fileFullPath}) and empty PKT not found. Expected it to be informed in overriding infos.");
                            return(SignInfo.Empty);
                        }

                        return(new SignInfo(overridingCertificate, string.Empty));
                    }

                    if (_defaultSignInfoForPublicKeyToken.ContainsKey(publicKeyToken))
                    {
                        var signInfo = _defaultSignInfoForPublicKeyToken[publicKeyToken];

                        var certificate = overridingCertificate ?? signInfo.Certificate;

                        return(new SignInfo(certificate, signInfo.StrongName, signInfo.ShouldIgnore, signInfo.IsEmpty, signInfo.IsAlreadySigned));
                    }

                    _log.LogError($"SignInfo for file ({fileFullPath}) with Public Key Token {publicKeyToken} not found.");
                    return(SignInfo.Empty);
                }
            }
            else if (FileName.IsZipContainer(fileFullPath))
            {
                return(new SignInfo(FileName.IsNupkg(fileFullPath) ? SignToolConstants.Certificate_NuGet : SignToolConstants.Certificate_VsixSHA2, null));
            }
            else
            {
                _log.LogWarning($"Unidentified artifact type: {fileFullPath}");
                return(SignInfo.Ignore);
            }
        }