public async Task SignPackageWithDeviceGuard(IEnumerable <string> filePaths, string algorithmType, string dgssTokenPath, string timestampUrl, CancellationToken cancellationToken = default)
{
var signToolArguments = new StringBuilder();
signToolArguments.Append("sign");
signToolArguments.AppendFormat(" /debug /fd {0}", algorithmType);
if (!string.IsNullOrEmpty(timestampUrl))
{
signToolArguments.AppendFormat(" /tr \"{0}\"", timestampUrl);
// required in SDK builds 20236 and later
// see https://docs.microsoft.com/en-us/dotnet/framework/tools/signtool-exe
signToolArguments.Append(" /td SHA256");
}
var libPath = SdkPathHelper.GetSdkPath("Microsoft.Acs.Dlib.dll");
signToolArguments.AppendFormat(" /dlib \"{0}\"", libPath);
signToolArguments.AppendFormat(" /dmdf \"{0}\"", dgssTokenPath);
foreach (var filePath in filePaths)
{
signToolArguments.AppendFormat(" \"{0}\"", filePath);
}
var args = signToolArguments.ToString();
var signTool = SdkPathHelper.GetSdkPath("signTool.exe", BundleHelper.SdkPath);
Logger.Info("Executing {0} {1}", signTool, args);
Action <string> callBack = _ => { };
try
{
await RunAsync(signTool, args, cancellationToken, callBack, 0).ConfigureAwait(false);
}
catch (ProcessWrapperException e)
{
foreach (var err in e.StandardOutput)
{
if (err.IndexOf("0x80192ee7", StringComparison.OrdinalIgnoreCase) >= 0 ||
err.IndexOf("System.Net.WebException", StringComparison.OrdinalIgnoreCase) >= 0 &&
err.IndexOf("microsoft.com", StringComparison.OrdinalIgnoreCase) >= 0)
{
throw new WebException("Unable to reach the Device Guard Signing Service", e);
}
if (err.IndexOf("0x80190191", StringComparison.OrdinalIgnoreCase) >= 0 || err.IndexOf("System.Net.Http.HttpRequestException", StringComparison.OrdinalIgnoreCase) >= 0 && err.Contains("401"))
{
throw new UnauthorizedAccessException("The provided account is not authorized to sign via the Device Guard Signing Service", e);
}
if (err.IndexOf("0x8007000d", StringComparison.OrdinalIgnoreCase) >= 0)
{
throw new ArgumentException("The provided JSON token file is invalid", e);
}
}
var line = e.StandardError.FirstOrDefault(l => l.StartsWith("SignTool Error: "));
if (line != null)
{
if (TryGetErrorMessageFromSignToolOutput(e.StandardOutput, out var specialError))
{
throw new SdkException($"The package could not be signed (error 0x{e.ExitCode:X2}). {specialError}", e.ExitCode);
}
throw new SdkException($"The package could not be signed (error 0x{e.ExitCode:X2}). {line.Substring("SignTool Error: ".Length)}", e.ExitCode);
}
if (e.ExitCode != 0)
{
throw new SdkException(e.Message, e.ExitCode, e);
}
throw;
}
}
public async Task SignPackageWithPfx(IEnumerable <string> filePaths, string algorithmType, string pfxPath, string password, string timestampUrl, CancellationToken cancellationToken = default)
{
var remove = -1;
var removeLength = 0;
var signToolArguments = new StringBuilder();
signToolArguments.Append("sign");
signToolArguments.AppendFormat(" /debug /fd {0}", algorithmType);
signToolArguments.AppendFormat(" /a /f \"{0}\"", pfxPath);
if (!string.IsNullOrEmpty(password))
{
signToolArguments.Append(" /p \"");
remove = signToolArguments.Length;
signToolArguments.Append(password);
removeLength = signToolArguments.Length - remove;
signToolArguments.Append('"');
}
if (!string.IsNullOrEmpty(timestampUrl))
{
signToolArguments.AppendFormat(" /tr \"{0}\"", timestampUrl);
// required in SDK builds 20236 and later
// see https://docs.microsoft.com/en-us/dotnet/framework/tools/signtool-exe
signToolArguments.Append(" /td SHA256");
}
foreach (var filePath in filePaths)
{
signToolArguments.AppendFormat(" \"{0}\"", filePath);
}
var args = signToolArguments.ToString();
var maskedArgs = remove < 0 ? args : args.Remove(remove, removeLength).Insert(remove, "<removed-from-log>");
var signTool = SdkPathHelper.GetSdkPath("signTool.exe", BundleHelper.SdkPath);
Logger.Info("Executing {0} {1}", signTool, maskedArgs);
Action <string> callBack = _ => { };
try
{
await RunAsync(signTool, args, cancellationToken, callBack, 0).ConfigureAwait(false);
}
catch (ProcessWrapperException e)
{
var line = e.StandardError.FirstOrDefault(l => l.StartsWith("SignTool Error: "));
if (line != null)
{
if (TryGetErrorMessageFromSignToolOutput(e.StandardOutput, out var specialError))
{
throw new SdkException($"The package could not be signed (error 0x{e.ExitCode:X2}). {specialError}", e.ExitCode);
}
throw new SdkException($"The package could not be signed (error = 0x{e.ExitCode:X2}). {line.Substring("SignTool Error: ".Length)}", e.ExitCode);
}
if (e.ExitCode != 0)
{
throw new SdkException(e.Message, e.ExitCode, e);
}
throw;
}
}
public async Task SignPackageWithPersonal(IEnumerable <string> filePaths, string algorithmType, string thumbprint, bool useMachineStore, string timestampUrl, CancellationToken cancellationToken = default)
{
var signToolArguments = new StringBuilder();
signToolArguments.Append("sign");
signToolArguments.AppendFormat(" /debug /fd {0}", algorithmType);
if (useMachineStore)
{
signToolArguments.Append(" /sm");
}
if (!string.IsNullOrEmpty(timestampUrl))
{
signToolArguments.AppendFormat(" /tr \"{0}\"", timestampUrl);
// required in SDK builds 20236 and later
// see https://docs.microsoft.com/en-us/dotnet/framework/tools/signtool-exe
signToolArguments.Append(" /td SHA256");
}
signToolArguments.Append(" /a /s MY ");
signToolArguments.AppendFormat(" /sha1 \"{0}\"", thumbprint);
foreach (var filePath in filePaths)
{
signToolArguments.AppendFormat(" \"{0}\"", filePath);
}
var args = signToolArguments.ToString();
var signTool = SdkPathHelper.GetSdkPath("signTool.exe", BundleHelper.SdkPath);
Logger.Info("Executing {0} {1}", signTool, args);
Action <string> callBack = _ => { };
try
{
await RunAsync(signTool, args, cancellationToken, callBack, 0).ConfigureAwait(false);
}
catch (ProcessWrapperException e)
{
var line = e.StandardError.FirstOrDefault(l => l.StartsWith("SignTool Error: "));
if (line != null)
{
if (TryGetErrorMessageFromSignToolOutput(e.StandardOutput, out var specialError))
{
throw new SdkException($"The package could not be signed (exit code {e.ExitCode}). {specialError}", e.ExitCode);
}
throw new SdkException($"The package could not be signed (exit code {e.ExitCode}). {line.Substring("SignTool Error: ".Length)}", e.ExitCode);
}
if (e.ExitCode != 0)
{
throw new SdkException(e.Message, e.ExitCode, e);
}
throw;
}
}
private async Task RunMakeAppx(string arguments, CancellationToken cancellationToken, Action <string> callBack = null)
{
var makeAppx = SdkPathHelper.GetSdkPath("makeappx.exe", BundleHelper.SdkPath);
Logger.Info("Executing {0} {1}", makeAppx, arguments);
try
{
await RunAsync(makeAppx, arguments, cancellationToken, callBack, 0).ConfigureAwait(false);
}
catch (ProcessWrapperException e)
{
var findSimilar = e.StandardError.FirstOrDefault(item => item.StartsWith("MakeAppx : error: Error info: error ", StringComparison.OrdinalIgnoreCase));
if (findSimilar != null)
{
findSimilar = findSimilar.Substring("MakeAppx : error: Error info: error ".Length);
var error = Regex.Match(findSimilar, "([0-9a-zA-Z]+): ");
if (error.Success)
{
findSimilar = findSimilar.Substring(error.Length).Trim();
throw new SdkException($"MakeAppx.exe returned exit code {e.ExitCode} due to error {error.Groups[1].Value}. {findSimilar}", e.ExitCode);
}
throw new SdkException($"MakeAppx.exe returned exit code {e.ExitCode}. {findSimilar}", e.ExitCode);
}
findSimilar = e.StandardError.FirstOrDefault(item => item.StartsWith("MakeAppx : error: 0x", StringComparison.OrdinalIgnoreCase));
if (findSimilar != null)
{
var manifestError = e.StandardError.FirstOrDefault(item => item.StartsWith("MakeAppx : error: Manifest validation error: "));
manifestError = manifestError?.Substring("MakeAppx : error: Manifest validation error: ".Length);
findSimilar = findSimilar.Substring("MakeAppx : error: ".Length);
int exitCode;
var error = Regex.Match(findSimilar, "([0-9a-zA-Z]+) \\- ");
if (error.Success)
{
if (!string.IsNullOrEmpty(manifestError))
{
findSimilar = manifestError;
}
else
{
findSimilar = findSimilar.Substring(error.Length).Trim();
}
if (int.TryParse(error.Groups[1].Value, out exitCode) && exitCode > 0)
{
throw new SdkException($"MakeAppx.exe returned exit code {e.ExitCode} due to error {error.Groups[1].Value}. {findSimilar}", exitCode);
}
if (error.Groups[1].Value.StartsWith("0x", StringComparison.Ordinal))
{
exitCode = Convert.ToInt32(error.Groups[1].Value, 16);
if (exitCode != 0)
{
throw new SdkException($"MakeAppx.exe returned exit code {e.ExitCode} due to error {error.Groups[1].Value}. {findSimilar}", exitCode);
}
}
throw new InvalidOperationException($"MakeAppx.exe returned exit code {e.ExitCode} due to error {error.Groups[1].Value}. {findSimilar}");
}
if (!string.IsNullOrEmpty(manifestError))
{
findSimilar = manifestError;
}
if (int.TryParse(error.Groups[1].Value, out exitCode) && exitCode > 0)
{
throw new SdkException($"MakeAppx.exe returned exit code {e.ExitCode}. {findSimilar}", exitCode);
}
if (error.Groups[1].Value.StartsWith("0x", StringComparison.Ordinal))
{
exitCode = Convert.ToInt32(error.Groups[1].Value, 16);
if (exitCode != 0)
{
throw new SdkException($"MakeAppx.exe returned exit code {e.ExitCode}. {findSimilar}", exitCode);
}
}
throw new SdkException($"MakeAppx.exe returned exit code {e.ExitCode}. {findSimilar}", e.ExitCode);
}
throw;
}
}
