public override bool VerifySignedAssembly(Stream assemblyStream)
{
// The assembly won't verify by design when doing test signing.
if (TestSign)
{
return(true);
}
return(ContentUtil.IsAssemblyStrongNameSigned(assemblyStream));
}
private SignInfo ExtractSignInfo(string fileFullPath)
{
if (FileName.IsPEFile(fileFullPath))
{
using (var stream = File.OpenRead(fileFullPath))
{
if (ContentUtil.IsAssemblyStrongNameSigned(stream))
{
return(SignInfo.AlreadySigned);
}
}
if (!IsManaged(fileFullPath))
{
return(new SignInfo(SignToolConstants.Certificate_MicrosoftSHA2, null));
}
else
{
var fileAsm = System.Reflection.AssemblyName.GetAssemblyName(fileFullPath);
var pktBytes = fileAsm.GetPublicKeyToken();
var publicKeyToken = (pktBytes == null || pktBytes.Length == 0) ? string.Empty : string.Join("", pktBytes.Select(b => b.ToString("x2")));
var targetFramework = GetTargetFrameworkName(fileFullPath).FullName;
var fileName = Path.GetFileName(fileFullPath);
var keyForAllTargets = new ExplicitCertificateKey(fileName, publicKeyToken, SignToolConstants.AllTargetFrameworksSentinel);
var keyForSpecificTarget = new ExplicitCertificateKey(fileName, publicKeyToken, targetFramework);
// Do we need to override the default certificate this file ?
if (_explicitCertificates.TryGetValue(keyForSpecificTarget, out var overridingCertificate) ||
_explicitCertificates.TryGetValue(keyForAllTargets, out overridingCertificate))
{
// If has overriding info, is it for ignoring the file?
if (overridingCertificate != null && overridingCertificate.Equals(SignToolConstants.IgnoreFileCertificateSentinel))
{
return(SignInfo.Ignore); // should ignore this file
}
// Otherwise, just use the overriding info if present
}
if (publicKeyToken == string.Empty)
{
if (string.IsNullOrEmpty(overridingCertificate))
{
_log.LogError($"SignInfo for file ({fileFullPath}) and empty PKT not found. Expected it to be informed in overriding infos.");
return(SignInfo.Empty);
}
return(new SignInfo(overridingCertificate, string.Empty));
}
if (_defaultSignInfoForPublicKeyToken.ContainsKey(publicKeyToken))
{
var signInfo = _defaultSignInfoForPublicKeyToken[publicKeyToken];
var certificate = overridingCertificate ?? signInfo.Certificate;
return(new SignInfo(certificate, signInfo.StrongName, signInfo.ShouldIgnore, signInfo.IsEmpty, signInfo.IsAlreadySigned));
}
_log.LogError($"SignInfo for file ({fileFullPath}) with Public Key Token {publicKeyToken} not found.");
return(SignInfo.Empty);
}
}
else if (FileName.IsZipContainer(fileFullPath))
{
return(new SignInfo(FileName.IsNupkg(fileFullPath) ? SignToolConstants.Certificate_NuGet : SignToolConstants.Certificate_VsixSHA2, null));
}
else
{
_log.LogWarning($"Unidentified artifact type: {fileFullPath}");
return(SignInfo.Ignore);
}
}
