public static Task SignPackageWithDeviceGuardFromUi( this ISigningManager signingManager, string package, DeviceGuardConfiguration configuration, string timestampUrl = null, IncreaseVersionMethod increaseVersion = IncreaseVersionMethod.None, CancellationToken cancellationToken = default, IProgress <ProgressData> progress = default) { var tokens = configuration.FromConfiguration(); return(signingManager.SignPackageWithDeviceGuard(package, true, tokens, timestampUrl, increaseVersion, cancellationToken, progress)); }
public async Task SignPackageWithDeviceGuard(string package, bool updatePublisher, DeviceGuardConfig config, string timestampUrl = null, IncreaseVersionMethod increaseVersion = IncreaseVersionMethod.None, CancellationToken cancellationToken = default, IProgress <ProgressData> progress = null) { var manager = await this.managerFactory.GetProxyFor(SelfElevationLevel.AsInvoker, cancellationToken).ConfigureAwait(false); cancellationToken.ThrowIfCancellationRequested(); await manager.SignPackageWithDeviceGuard(package, updatePublisher, config, timestampUrl, increaseVersion, cancellationToken, progress).ConfigureAwait(false); }
public async Task SignPackageWithPfx( string package, bool updatePublisher, string pfxPath, SecureString password, string timestampUrl = null, IncreaseVersionMethod increaseVersion = IncreaseVersionMethod.None, CancellationToken cancellationToken = default, IProgress <ProgressData> progress = null) { Logger.Info("Signing package {0} using PFX {1}.", package, pfxPath); if (!File.Exists(pfxPath)) { throw new FileNotFoundException($"File {pfxPath} does not exit."); } Logger.Debug("Analyzing given certificate..."); var x509 = new X509Certificate2(await File.ReadAllBytesAsync(pfxPath, cancellationToken).ConfigureAwait(false), password); var localCopy = await this.PreparePackageForSigning(package, updatePublisher, increaseVersion, x509, cancellationToken).ConfigureAwait(false); try { cancellationToken.ThrowIfCancellationRequested(); string type; if (x509.SignatureAlgorithm.FriendlyName?.EndsWith("rsa", StringComparison.OrdinalIgnoreCase) == true) { type = x509.SignatureAlgorithm.FriendlyName.Substring(0, x509.SignatureAlgorithm.FriendlyName.Length - 3).ToUpperInvariant(); } else { throw new NotSupportedException($"Signature algorithm {x509.SignatureAlgorithm.FriendlyName} is not supported."); } var openTextPassword = new System.Net.NetworkCredential(string.Empty, password).Password; Logger.Debug("Signing package {0} with algorithm {1}.", localCopy, x509.SignatureAlgorithm.FriendlyName); var sdk = new SignToolWrapper(); progress?.Report(new ProgressData(25, "Signing...")); timestampUrl = await this.GetTimeStampUrl(timestampUrl).ConfigureAwait(false); await sdk.SignPackageWithPfx(new[] { localCopy }, type, pfxPath, openTextPassword, timestampUrl, cancellationToken).ConfigureAwait(false); progress?.Report(new ProgressData(75, "Signing...")); await Task.Delay(500, cancellationToken).ConfigureAwait(false); Logger.Debug("Moving {0} to {1}.", localCopy, package); File.Copy(localCopy, package, true); progress?.Report(new ProgressData(95, "Signing...")); } finally { try { if (File.Exists(localCopy)) { File.Delete(localCopy); } } catch (Exception e) { Logger.Warn(e, "Clean-up of a temporary file {0} failed.", localCopy); } } }
public async Task SignPackageWithDeviceGuard(string package, bool updatePublisher, DeviceGuardConfig config, string timestampUrl = null, IncreaseVersionMethod increaseVersion = IncreaseVersionMethod.None, CancellationToken cancellationToken = default, IProgress <ProgressData> progress = null) { Logger.Info("Signing package {0} using Device Guard for {1}.", package, config.Subject); var dgssTokenPath = await new DgssTokenCreator().CreateDeviceGuardJsonTokenFile(config, cancellationToken); try { var publisherName = config.Subject; if (publisherName == null) { var dgh = new DeviceGuardHelper(); publisherName = await dgh.GetSubjectFromDeviceGuardSigning(dgssTokenPath, cancellationToken).ConfigureAwait(false); } var localCopy = await this.PreparePackageForSigning(package, updatePublisher, increaseVersion, publisherName, cancellationToken).ConfigureAwait(false); try { cancellationToken.ThrowIfCancellationRequested(); var sdk = new SignToolWrapper(); progress?.Report(new ProgressData(25, "Signing with Device Guard...")); timestampUrl = await this.GetTimeStampUrl(timestampUrl).ConfigureAwait(false); await sdk.SignPackageWithDeviceGuard(new[] { localCopy }, "SHA256", dgssTokenPath, timestampUrl, cancellationToken).ConfigureAwait(false); progress?.Report(new ProgressData(75, "Signing with Device Guard...")); await Task.Delay(500, cancellationToken).ConfigureAwait(false); Logger.Debug("Moving {0} to {1}.", localCopy, package); File.Copy(localCopy, package, true); progress?.Report(new ProgressData(95, "Signing with Device Guard...")); } finally { try { if (File.Exists(localCopy)) { File.Delete(localCopy); } } catch (Exception e) { Logger.Warn(e, "Clean-up of a temporary file {0} failed.", localCopy); } } } finally { if (File.Exists(dgssTokenPath)) { ExceptionGuard.Guard(() => File.Delete(dgssTokenPath)); } } }
public async Task SignPackageWithInstalled( string package, bool updatePublisher, PersonalCertificate certificate, string timestampUrl = null, IncreaseVersionMethod increaseVersion = IncreaseVersionMethod.None, CancellationToken cancellationToken = default, IProgress <ProgressData> progress = null) { if (certificate == null) { throw new ArgumentNullException(nameof(certificate)); } Logger.Info("Signing package {0} using personal certificate {1}.", package, certificate.Subject); StoreLocation loc; switch (certificate.StoreType) { case CertificateStoreType.User: loc = StoreLocation.CurrentUser; break; case CertificateStoreType.Machine: loc = StoreLocation.LocalMachine; break; default: throw new ArgumentOutOfRangeException(); } using var store = new X509Store(StoreName.My, loc); store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); var x509 = store.Certificates.Find(X509FindType.FindByThumbprint, certificate.Thumbprint, false); if (x509.Count < 1) { throw new ArgumentException("Certificate could not be located in the store."); } var isForCodeSigning = x509[0].Extensions.OfType <X509KeyUsageExtension>().Any(ke => ke.KeyUsages.HasFlag(X509KeyUsageFlags.DigitalSignature)); if (!isForCodeSigning) { throw new ArgumentException("Selected certificate is not for code-signing."); } if (!x509[0].HasPrivateKey) { throw new ArgumentException("Selected certificate does not contain a private key."); } var localCopy = await this.PreparePackageForSigning( package, updatePublisher, increaseVersion, x509[0], cancellationToken).ConfigureAwait(false); try { cancellationToken.ThrowIfCancellationRequested(); string type; if (x509[0].SignatureAlgorithm.FriendlyName?.EndsWith("rsa", StringComparison.OrdinalIgnoreCase) == true) { type = x509[0].SignatureAlgorithm.FriendlyName.Substring(0, x509[0].SignatureAlgorithm.FriendlyName.Length - 3).ToUpperInvariant(); } else { throw new NotSupportedException($"Signature algorithm {x509[0].SignatureAlgorithm.FriendlyName} is not supported."); } Logger.Debug("Signing package {0} with algorithm {1}.", localCopy, x509[0].SignatureAlgorithm.FriendlyName); var sdk = new SignToolWrapper(); progress?.Report(new ProgressData(25, "Signing...")); timestampUrl = await this.GetTimeStampUrl(timestampUrl).ConfigureAwait(false); await sdk.SignPackageWithPersonal(new[] { localCopy }, type, certificate.Thumbprint, certificate.StoreType == CertificateStoreType.Machine, timestampUrl, cancellationToken).ConfigureAwait(false); progress?.Report(new ProgressData(75, "Signing...")); await Task.Delay(500, cancellationToken).ConfigureAwait(false); Logger.Debug("Moving {0} to {1}.", localCopy, package); File.Copy(localCopy, package, true); progress?.Report(new ProgressData(95, "Signing...")); } finally { try { if (File.Exists(localCopy)) { File.Delete(localCopy); } } catch (Exception e) { Logger.Warn(e, "Clean-up of a temporary file {0} failed.", localCopy); } } }