private Dictionary <ExplicitCertificateKey, string> ParseFileSignInfo()
{
var mapOverridingSignInfos = new Dictionary <ExplicitCertificateKey, string>();
if (FileSignInfo != null)
{
foreach (var item in FileSignInfo)
{
var fileName = item.ItemSpec;
var targetFramework = item.GetMetadata("TargetFramework");
var publicKeyToken = item.GetMetadata("PublicKeyToken");
var certificateName = item.GetMetadata("CertificateName");
if (fileName.IndexOfAny(new char[] { '/', '\\' }) >= 0)
{
Log.LogError($"FileSignInfo should include only file name and extension, not the full path to the file: {fileName}");
return(null);
}
if (String.IsNullOrEmpty(targetFramework))
{
targetFramework = SignToolConstants.AllTargetFrameworksSentinel;
}
else if (!IsValidTargetFrameworkName(targetFramework))
{
Log.LogError($"This TargetFramework metadata for FileSignInfo isn't valid: {targetFramework}");
return(null);
}
if (String.IsNullOrWhiteSpace(certificateName))
{
Log.LogError($"This CertificateName informed for FileSignInfo isn't valid: {certificateName}");
return(null);
}
if (!string.IsNullOrEmpty(publicKeyToken) && !IsValidPublicKeyToken(publicKeyToken))
{
Log.LogError($"This PublicKeyToken metadata for FileSignInfo isn't valid: {publicKeyToken}");
return(null);
}
var outerKey = new ExplicitCertificateKey(fileName, publicKeyToken?.ToLower(), targetFramework);
if (mapOverridingSignInfos.TryGetValue(outerKey, out var existingCert))
{
Log.LogError($"Ignoring attempt to duplicate signing override information for this combination ({fileName}, {publicKeyToken}, {targetFramework}). " +
$"Existing value {existingCert}, trying to add new value {certificateName}.");
}
else
{
mapOverridingSignInfos.Add(outerKey, certificateName);
}
}
}
return(mapOverridingSignInfos);
}
private SignInfo ExtractSignInfo(string fileFullPath)
{
if (FileName.IsPEFile(fileFullPath))
{
using (var stream = File.OpenRead(fileFullPath))
{
if (ContentUtil.IsAssemblyStrongNameSigned(stream))
{
return(SignInfo.AlreadySigned);
}
}
if (!IsManaged(fileFullPath))
{
return(new SignInfo(SignToolConstants.Certificate_MicrosoftSHA2, null));
}
else
{
var fileAsm = System.Reflection.AssemblyName.GetAssemblyName(fileFullPath);
var pktBytes = fileAsm.GetPublicKeyToken();
var publicKeyToken = (pktBytes == null || pktBytes.Length == 0) ? string.Empty : string.Join("", pktBytes.Select(b => b.ToString("x2")));
var targetFramework = GetTargetFrameworkName(fileFullPath).FullName;
var fileName = Path.GetFileName(fileFullPath);
var keyForAllTargets = new ExplicitCertificateKey(fileName, publicKeyToken, SignToolConstants.AllTargetFrameworksSentinel);
var keyForSpecificTarget = new ExplicitCertificateKey(fileName, publicKeyToken, targetFramework);
// Do we need to override the default certificate this file ?
if (_explicitCertificates.TryGetValue(keyForSpecificTarget, out var overridingCertificate) ||
_explicitCertificates.TryGetValue(keyForAllTargets, out overridingCertificate))
{
// If has overriding info, is it for ignoring the file?
if (overridingCertificate != null && overridingCertificate.Equals(SignToolConstants.IgnoreFileCertificateSentinel))
{
return(SignInfo.Ignore); // should ignore this file
}
// Otherwise, just use the overriding info if present
}
if (publicKeyToken == string.Empty)
{
if (string.IsNullOrEmpty(overridingCertificate))
{
_log.LogError($"SignInfo for file ({fileFullPath}) and empty PKT not found. Expected it to be informed in overriding infos.");
return(SignInfo.Empty);
}
return(new SignInfo(overridingCertificate, string.Empty));
}
if (_defaultSignInfoForPublicKeyToken.ContainsKey(publicKeyToken))
{
var signInfo = _defaultSignInfoForPublicKeyToken[publicKeyToken];
var certificate = overridingCertificate ?? signInfo.Certificate;
return(new SignInfo(certificate, signInfo.StrongName, signInfo.ShouldIgnore, signInfo.IsEmpty, signInfo.IsAlreadySigned));
}
_log.LogError($"SignInfo for file ({fileFullPath}) with Public Key Token {publicKeyToken} not found.");
return(SignInfo.Empty);
}
}
else if (FileName.IsZipContainer(fileFullPath))
{
return(new SignInfo(FileName.IsNupkg(fileFullPath) ? SignToolConstants.Certificate_NuGet : SignToolConstants.Certificate_VsixSHA2, null));
}
else
{
_log.LogWarning($"Unidentified artifact type: {fileFullPath}");
return(SignInfo.Ignore);
}
}
