private Dictionary <string, SignInfo> ParseStrongNameSignInfo()
{
var mapTokenToSignInfo = new Dictionary <string, SignInfo>(StringComparer.OrdinalIgnoreCase);
foreach (var item in StrongNameSignInfo)
{
var strongName = item.ItemSpec;
var publicKeyToken = item.GetMetadata("PublicKeyToken");
var certificateName = item.GetMetadata("CertificateName");
if (String.IsNullOrWhiteSpace(strongName))
{
Log.LogError($"An invalid strong name was informed in StrongNameSignInfo: {strongName}");
return(null);
}
if (!IsValidPublicKeyToken(publicKeyToken))
{
Log.LogError($"This PublicKeyToken metadata for StrongNameSignInfo isn't valid: {publicKeyToken}");
return(null);
}
if (String.IsNullOrWhiteSpace(certificateName))
{
Log.LogError($"This CertificateName informed for FileSignInfo isn't valid: {certificateName}");
return(null);
}
var signInfo = new SignInfo(certificateName, strongName);
mapTokenToSignInfo.Add(publicKeyToken, signInfo);
}
return(mapTokenToSignInfo);
}
internal FileName(string fullPath, SignInfo signInfo)
{
Name = Path.GetFileName(fullPath);
FullPath = fullPath;
RelativePath = Name;
SignInfo = signInfo;
}
internal static BatchSignInput TryReadConfigFile(TaskLoggingHelper log, TextReader configReader, string outputPath)
{
var serializer = new JsonSerializer();
var fileJson = (FileJson)serializer.Deserialize(configReader, typeof(FileJson));
var map = new Dictionary <string, SignInfo>(StringComparer.OrdinalIgnoreCase);
foreach (var item in fileJson.SignList)
{
var data = new SignInfo(certificate: item.Certificate, strongName: item.StrongName);
foreach (var relativeFileName in ExpandFileList(log, outputPath, item.FileList))
{
if (map.ContainsKey(relativeFileName))
{
log.LogError($"Duplicate file entry: {relativeFileName}");
}
else
{
map.Add(relativeFileName, data);
}
}
}
if (log.HasLoggedErrors)
{
return(null);
}
return(new BatchSignInput(outputPath, map, fileJson.ExcludeList ?? Array.Empty <string>(), fileJson.PublishUrl ?? "unset"));
}
internal FileSignInfo(FileName name, SignInfo fileSignData)
{
Debug.Assert(name.IsAssembly || fileSignData.StrongName == null);
FileName = name;
SignInfo = fileSignData;
}
internal FileSignInfo(string fullPath, ImmutableArray <byte> contentHash, SignInfo signInfo, string targetFramework = null)
{
Debug.Assert(fullPath != null);
Debug.Assert(!contentHash.IsDefault && contentHash.Length == 256 / 8);
Debug.Assert(targetFramework != "");
FileName = Path.GetFileName(fullPath);
ContentHash = contentHash;
FullPath = fullPath;
SignInfo = signInfo;
TargetFramework = targetFramework;
}
internal FileSignInfo(PathWithHash pathWithHash, SignInfo signInfo, string targetFramework = null, string wixContentFilePath = null, bool hasSignableParts = false)
{
Debug.Assert(pathWithHash.FullPath != null);
Debug.Assert(!pathWithHash.ContentHash.IsDefault && pathWithHash.ContentHash.Length == 256 / 8);
Debug.Assert(targetFramework != "");
File = pathWithHash;
FileContentKey = new SignedFileContentKey(File.ContentHash, File.FileName);
SignInfo = signInfo;
TargetFramework = targetFramework;
WixContentFilePath = wixContentFilePath;
HasSignableParts = hasSignableParts;
}
internal FileSignInfo(string fullPath, ImmutableArray <byte> contentHash, SignInfo signInfo, string targetFramework = null, bool forceRepack = false, string wixContentFilePath = null, bool hasSignableParts = false)
{
Debug.Assert(fullPath != null);
Debug.Assert(!contentHash.IsDefault && contentHash.Length == 256 / 8);
Debug.Assert(targetFramework != "");
FileName = Path.GetFileName(fullPath);
ContentHash = contentHash;
FileContentKey = new SignedFileContentKey(contentHash, FileName);
FullPath = fullPath;
SignInfo = signInfo;
TargetFramework = targetFramework;
ForceRepack = forceRepack;
WixContentFilePath = wixContentFilePath;
HasSignableParts = hasSignableParts;
}
private FileSignInfo ExtractSignInfo(string fullPath, ImmutableArray <byte> hash, bool forceRepack = false)
{
// Try to determine default certificate name by the extension of the file
var hasSignInfo = _fileExtensionSignInfo.TryGetValue(Path.GetExtension(fullPath), out var signInfo);
var fileName = Path.GetFileName(fullPath);
var extension = Path.GetExtension(fullPath);
string explicitCertificateName = null;
var fileSpec = string.Empty;
var isAlreadySigned = false;
var matchedNameTokenFramework = false;
var matchedNameToken = false;
var matchedName = false;
PEInfo peInfo = null;
if (FileSignInfo.IsPEFile(fullPath))
{
using (var stream = File.OpenRead(fullPath))
{
isAlreadySigned = ContentUtil.IsAuthenticodeSigned(stream);
}
peInfo = GetPEInfo(fullPath);
// Get the default sign info based on the PKT, if applicable:
if (peInfo.IsManaged && _strongNameInfo.TryGetValue(peInfo.PublicKeyToken, out var pktBasedSignInfo))
{
if (peInfo.IsCrossgened)
{
signInfo = new SignInfo(pktBasedSignInfo.Certificate);
}
else
{
signInfo = pktBasedSignInfo;
}
hasSignInfo = true;
}
// Check if we have more specific sign info:
matchedNameTokenFramework = _fileSignInfo.TryGetValue(new ExplicitCertificateKey(fileName, peInfo.PublicKeyToken, peInfo.TargetFramework), out explicitCertificateName);
matchedNameToken = !matchedNameTokenFramework && _fileSignInfo.TryGetValue(new ExplicitCertificateKey(fileName, peInfo.PublicKeyToken), out explicitCertificateName);
fileSpec = matchedNameTokenFramework ? $" (PublicKeyToken = {peInfo.PublicKeyToken}, Framework = {peInfo.TargetFramework})" :
matchedNameToken ? $" (PublicKeyToken = {peInfo.PublicKeyToken})" : string.Empty;
}
// We didn't find any specific information for PE files using PKT + TargetFramework
if (explicitCertificateName == null)
{
matchedName = _fileSignInfo.TryGetValue(new ExplicitCertificateKey(fileName), out explicitCertificateName);
}
// If has overriding info, is it for ignoring the file?
if (SignToolConstants.IgnoreFileCertificateSentinel.Equals(explicitCertificateName, StringComparison.OrdinalIgnoreCase))
{
_log.LogMessage($"File configured to not be signed: {fileName}{fileSpec}");
return(new FileSignInfo(fullPath, hash, SignInfo.Ignore, forceRepack: forceRepack));
}
// Do we have an explicit certificate after all?
if (explicitCertificateName != null)
{
signInfo = signInfo.WithCertificateName(explicitCertificateName);
hasSignInfo = true;
}
if (hasSignInfo)
{
if (isAlreadySigned && !_dualCertificates.Contains(signInfo.Certificate))
{
return(new FileSignInfo(fullPath, hash, SignInfo.AlreadySigned, forceRepack: forceRepack));
}
// TODO: implement this check for native PE files as well:
// extract copyright from native resource (.rsrc section)
if (signInfo.ShouldSign && peInfo != null && peInfo.IsManaged)
{
bool?isMicrosoftLibrary = IsMicrosoftLibrary(peInfo.Copyright);
bool isMicrosoftCertificate = !IsThirdPartyCertificate(signInfo.Certificate);
if (isMicrosoftLibrary.HasValue && isMicrosoftLibrary != isMicrosoftCertificate)
{
if (isMicrosoftLibrary.Value)
{
LogWarning(SigningToolErrorCode.SIGN001, $"Signing Microsoft library '{fullPath}' with 3rd party certificate '{signInfo.Certificate}'. The library is considered Microsoft library due to its copyright: '{peInfo.Copyright}'.");
}
else
{
LogWarning(SigningToolErrorCode.SIGN001, $"Signing 3rd party library '{fullPath}' with Microsoft certificate '{signInfo.Certificate}'. The library is considered 3rd party library due to its copyright: '{peInfo.Copyright}'.");
}
}
}
return(new FileSignInfo(fullPath, hash, signInfo, (peInfo != null && peInfo.TargetFramework != "") ? peInfo.TargetFramework : null, forceRepack: forceRepack));
}
if (SignToolConstants.SignableExtensions.Contains(extension) || SignToolConstants.SignableOSXExtensions.Contains(extension))
{
// Extract the relative path inside the package / otherwise just return the full path of the file
var contentHash = ContentUtil.GetContentHash(fullPath);
var tempDir = Path.Combine(_pathToContainerUnpackingDirectory, ContentUtil.HashToString(contentHash));
var relativePath = fullPath.Replace($@"{tempDir}\", "");
LogError(SigningToolErrorCode.SIGN002, new SignedFileContentKey(contentHash, relativePath));
}
else
{
_log.LogMessage($"Ignoring non-signable file: {fullPath}");
}
return(new FileSignInfo(fullPath, hash, SignInfo.Ignore, forceRepack: forceRepack));
}
/// <summary>
/// Determine the file signing info of this file.
/// </summary>
/// <param name="fullPath">Full path to the file</param>
/// <param name="collisionPriorityId">ID used to disambiguate file signing info for nested files.</param>
/// <param name="contentHash">Content hash of the file</param>
/// <param name="wixContentFilePath">If a wix container, the corresponding wix pack zip</param>
/// <param name="parentContainerPath">Path to the parent container. If this is a non-nested container, this should be null</param>
/// <param name="parentContainerHash">Hash of the parent container. If this is a non-nested container, this should be null</param>
/// <returns>File signing information for this file.</returns>
private FileSignInfo ExtractSignInfo(
PathWithHash file,
PathWithHash parentContainer,
string collisionPriorityId,
string wixContentFilePath)
{
var extension = Path.GetExtension(file.FileName);
string explicitCertificateName = null;
var fileSpec = string.Empty;
var isAlreadySigned = false;
var matchedNameTokenFramework = false;
var matchedNameToken = false;
var matchedName = false;
PEInfo peInfo = null;
SignedFileContentKey signedFileContentKey = new SignedFileContentKey(file.ContentHash, file.FileName);
// handle multi-part extensions like ".symbols.nupkg" specified in FileExtensionSignInfo
if (_fileExtensionSignInfo != null)
{
extension = _fileExtensionSignInfo.OrderByDescending(o => o.Key.Length).FirstOrDefault(f => file.FileName.EndsWith(f.Key, StringComparison.OrdinalIgnoreCase)).Key ?? extension;
}
// Asset is nested asset part of a container. Try to get it from the visited assets first
if (string.IsNullOrEmpty(collisionPriorityId) && parentContainer != null)
{
if (!_hashToCollisionIdMap.TryGetValue(signedFileContentKey, out collisionPriorityId))
{
Debug.Assert(parentContainer.FullPath != file.FullPath);
// Hash doesn't exist so we use the CollisionPriorityId from the parent container
SignedFileContentKey parentSignedFileContentKey =
new SignedFileContentKey(parentContainer.ContentHash, parentContainer.FileName);
collisionPriorityId = _hashToCollisionIdMap[parentSignedFileContentKey];
}
}
// Update the hash map
if (!_hashToCollisionIdMap.ContainsKey(signedFileContentKey))
{
_hashToCollisionIdMap.Add(signedFileContentKey, collisionPriorityId);
}
else
{
string existingCollisionId = _hashToCollisionIdMap[signedFileContentKey];
// If we find that there is an asset which already was processed which has a lower
// collision id, we use that and update the map so we give it precedence
if (string.Compare(collisionPriorityId, existingCollisionId) < 0)
{
_hashToCollisionIdMap[signedFileContentKey] = collisionPriorityId;
}
}
// Try to determine default certificate name by the extension of the file. Since there might be dupes
// we get the one which maps a collision id or the first of the returned ones in case there is no
// collision id
bool hasSignInfos = _fileExtensionSignInfo.TryGetValue(extension, out var signInfos);
SignInfo signInfo = SignInfo.Ignore;
bool hasSignInfo = false;
if (hasSignInfos)
{
if (!string.IsNullOrEmpty(collisionPriorityId))
{
hasSignInfo = signInfos.Where(s => s.CollisionPriorityId == collisionPriorityId).Any();
signInfo = signInfos.Where(s => s.CollisionPriorityId == collisionPriorityId).FirstOrDefault();
}
else
{
hasSignInfo = true;
signInfo = signInfos.FirstOrDefault();
}
}
if (FileSignInfo.IsPEFile(file.FullPath))
{
using (var stream = File.OpenRead(file.FullPath))
{
isAlreadySigned = ContentUtil.IsAuthenticodeSigned(stream);
}
peInfo = GetPEInfo(file.FullPath);
if (peInfo.IsManaged && _strongNameInfo.TryGetValue(peInfo.PublicKeyToken, out var pktBasedSignInfos))
{
// Get the default sign info based on the PKT, if applicable. Since there might be dupes
// we get the one which maps a collision id or the first of the returned ones in case there is no
// collision id
SignInfo pktBasedSignInfo = SignInfo.Ignore;
if (!string.IsNullOrEmpty(collisionPriorityId))
{
pktBasedSignInfo = pktBasedSignInfos.Where(s => s.CollisionPriorityId == collisionPriorityId).FirstOrDefault();
}
else
{
pktBasedSignInfo = pktBasedSignInfos.FirstOrDefault();
}
if (peInfo.IsCrossgened)
{
signInfo = new SignInfo(pktBasedSignInfo.Certificate, collisionPriorityId: _hashToCollisionIdMap[signedFileContentKey]);
}
else
{
signInfo = pktBasedSignInfo;
}
hasSignInfo = true;
}
// Check if we have more specific sign info:
matchedNameTokenFramework = _fileSignInfo.TryGetValue(
new ExplicitCertificateKey(file.FileName, peInfo.PublicKeyToken, peInfo.TargetFramework, _hashToCollisionIdMap[signedFileContentKey]),
out explicitCertificateName);
matchedNameToken = !matchedNameTokenFramework && _fileSignInfo.TryGetValue(
new ExplicitCertificateKey(file.FileName, peInfo.PublicKeyToken, collisionPriorityId: _hashToCollisionIdMap[signedFileContentKey]),
out explicitCertificateName);
fileSpec = matchedNameTokenFramework ? $" (PublicKeyToken = {peInfo.PublicKeyToken}, Framework = {peInfo.TargetFramework})" :
matchedNameToken ? $" (PublicKeyToken = {peInfo.PublicKeyToken})" : string.Empty;
}
else if (FileSignInfo.IsNupkg(file.FullPath) || FileSignInfo.IsVsix(file.FullPath))
{
isAlreadySigned = VerifySignatures.IsSignedContainer(file.FullPath);
if (!isAlreadySigned)
{
_log.LogMessage(MessageImportance.Low, $"Container {file.FullPath} does not have a signature marker.");
}
else
{
_log.LogMessage(MessageImportance.Low, $"Container {file.FullPath} has a signature marker.");
}
}
else if (FileSignInfo.IsWix(file.FullPath))
{
isAlreadySigned = VerifySignatures.IsDigitallySigned(file.FullPath);
if (!isAlreadySigned)
{
_log.LogMessage(MessageImportance.Low, $"File {file.FullPath} is not digitally signed.");
}
else
{
_log.LogMessage(MessageImportance.Low, $"File {file.FullPath} is digitally signed.");
}
}
else if (FileSignInfo.IsPowerShellScript(file.FullPath))
{
isAlreadySigned = VerifySignatures.VerifySignedPowerShellFile(file.FullPath);
if (!isAlreadySigned)
{
_log.LogMessage(MessageImportance.Low, $"File {file.FullPath} does not have a signature block.");
}
else
{
_log.LogMessage(MessageImportance.Low, $"File {file.FullPath} has a signature block.");
}
}
// We didn't find any specific information for PE files using PKT + TargetFramework
if (explicitCertificateName == null)
{
matchedName = _fileSignInfo.TryGetValue(new ExplicitCertificateKey(file.FileName,
collisionPriorityId: _hashToCollisionIdMap[signedFileContentKey]), out explicitCertificateName);
}
// If has overriding info, is it for ignoring the file?
if (SignToolConstants.IgnoreFileCertificateSentinel.Equals(explicitCertificateName, StringComparison.OrdinalIgnoreCase))
{
_log.LogMessage(MessageImportance.Low, $"File configured to not be signed: {file.FullPath}{fileSpec}");
return(new FileSignInfo(file, SignInfo.Ignore));
}
// Do we have an explicit certificate after all?
if (explicitCertificateName != null)
{
signInfo = signInfo.WithCertificateName(explicitCertificateName, _hashToCollisionIdMap[signedFileContentKey]);
hasSignInfo = true;
}
if (hasSignInfo)
{
bool dualCerts = _dualCertificates
.Where(d => d.ItemSpec == signInfo.Certificate &&
(d.GetMetadata(SignToolConstants.CollisionPriorityId) == "" ||
d.GetMetadata(SignToolConstants.CollisionPriorityId) == _hashToCollisionIdMap[signedFileContentKey])).Any();
if (isAlreadySigned && !dualCerts)
{
return(new FileSignInfo(file, signInfo.WithIsAlreadySigned(isAlreadySigned), wixContentFilePath: wixContentFilePath));
}
// TODO: implement this check for native PE files as well:
// extract copyright from native resource (.rsrc section)
if (signInfo.ShouldSign && peInfo != null && peInfo.IsManaged)
{
bool isMicrosoftLibrary = IsMicrosoftLibrary(peInfo.Copyright);
bool isMicrosoftCertificate = !IsThirdPartyCertificate(signInfo.Certificate);
if (isMicrosoftLibrary != isMicrosoftCertificate)
{
if (isMicrosoftLibrary)
{
LogWarning(SigningToolErrorCode.SIGN001, $"Signing Microsoft library '{file.FullPath}' with 3rd party certificate '{signInfo.Certificate}'. The library is considered Microsoft library due to its copyright: '{peInfo.Copyright}'.");
}
else
{
LogWarning(SigningToolErrorCode.SIGN001, $"Signing 3rd party library '{file.FullPath}' with Microsoft certificate '{signInfo.Certificate}'. The library is considered 3rd party library due to its copyright: '{peInfo.Copyright}'.");
}
}
}
return(new FileSignInfo(file, signInfo, (peInfo != null && peInfo.TargetFramework != "") ? peInfo.TargetFramework : null, wixContentFilePath: wixContentFilePath));
}
if (SignToolConstants.SignableExtensions.Contains(extension) || SignToolConstants.SignableOSXExtensions.Contains(extension))
{
// Extract the relative path inside the package / otherwise just return the full path of the file
LogError(SigningToolErrorCode.SIGN002, signedFileContentKey);
}
else
{
_log.LogMessage(MessageImportance.Low, $"Ignoring non-signable file: {file.FullPath}");
}
return(new FileSignInfo(file, SignInfo.Ignore, wixContentFilePath: wixContentFilePath));
}
private FileSignInfo ExtractSignInfo(
string fullPath,
string collisionPriorityId,
ImmutableArray <byte> hash,
bool forceRepack = false,
string wixContentFilePath = null,
string containerPath = null)
{
var fileName = Path.GetFileName(fullPath);
var extension = Path.GetExtension(fullPath);
string explicitCertificateName = null;
var fileSpec = string.Empty;
var isAlreadySigned = false;
var matchedNameTokenFramework = false;
var matchedNameToken = false;
var matchedName = false;
PEInfo peInfo = null;
string stringHash = ContentUtil.HashToString(hash);
// Asset is nested asset part of a container. Try to get it from the visited assets first
if (string.IsNullOrEmpty(collisionPriorityId) &&
!string.IsNullOrEmpty(containerPath))
{
if (!_hashToCollisionIdMap.TryGetValue(stringHash, out collisionPriorityId))
{
// Hash doesn't exist so we use the CollisionPriorityId from the parent container
string parentStringHash = ContentUtil.HashToString(ContentUtil.GetContentHash(containerPath));
collisionPriorityId = _hashToCollisionIdMap[parentStringHash];
}
}
// Update the hash map
if (!_hashToCollisionIdMap.ContainsKey(stringHash))
{
_hashToCollisionIdMap.Add(stringHash, collisionPriorityId);
}
else
{
string existingCollisionId = _hashToCollisionIdMap[stringHash];
// If we find that there is an asset which already was processed which has a lower
// collision id, we use that and update the map so we give it precedence
if (string.Compare(collisionPriorityId, existingCollisionId) < 0)
{
_hashToCollisionIdMap[stringHash] = collisionPriorityId;
}
}
// Try to determine default certificate name by the extension of the file. Since there might be dupes
// we get the one which maps a collision id or the first of the returned ones in case there is no
// collision id
bool hasSignInfos = _fileExtensionSignInfo.TryGetValue(Path.GetExtension(fullPath), out var signInfos);
SignInfo signInfo = SignInfo.Ignore;
bool hasSignInfo = false;
if (hasSignInfos)
{
if (!string.IsNullOrEmpty(collisionPriorityId))
{
hasSignInfo = signInfos.Where(s => s.CollisionPriorityId == collisionPriorityId).Any();
signInfo = signInfos.Where(s => s.CollisionPriorityId == collisionPriorityId).FirstOrDefault();
}
else
{
hasSignInfo = true;
signInfo = signInfos.FirstOrDefault();
}
}
if (FileSignInfo.IsPEFile(fullPath))
{
using (var stream = File.OpenRead(fullPath))
{
isAlreadySigned = ContentUtil.IsAuthenticodeSigned(stream);
}
peInfo = GetPEInfo(fullPath);
if (peInfo.IsManaged && _strongNameInfo.TryGetValue(peInfo.PublicKeyToken, out var pktBasedSignInfos))
{
// Get the default sign info based on the PKT, if applicable. Since there might be dupes
// we get the one which maps a collision id or the first of the returned ones in case there is no
// collision id
SignInfo pktBasedSignInfo = SignInfo.Ignore;
if (!string.IsNullOrEmpty(collisionPriorityId))
{
pktBasedSignInfo = pktBasedSignInfos.Where(s => s.CollisionPriorityId == collisionPriorityId).FirstOrDefault();
}
else
{
pktBasedSignInfo = pktBasedSignInfos.FirstOrDefault();
}
if (peInfo.IsCrossgened)
{
signInfo = new SignInfo(pktBasedSignInfo.Certificate, collisionPriorityId: _hashToCollisionIdMap[stringHash]);
}
else
{
signInfo = pktBasedSignInfo;
}
hasSignInfo = true;
}
// Check if we have more specific sign info:
matchedNameTokenFramework = _fileSignInfo.TryGetValue(new ExplicitCertificateKey(fileName, peInfo.PublicKeyToken, peInfo.TargetFramework, _hashToCollisionIdMap[stringHash]), out explicitCertificateName);
matchedNameToken = !matchedNameTokenFramework && _fileSignInfo.TryGetValue(new ExplicitCertificateKey(fileName, peInfo.PublicKeyToken, collisionPriorityId: _hashToCollisionIdMap[stringHash]), out explicitCertificateName);
fileSpec = matchedNameTokenFramework ? $" (PublicKeyToken = {peInfo.PublicKeyToken}, Framework = {peInfo.TargetFramework})" :
matchedNameToken ? $" (PublicKeyToken = {peInfo.PublicKeyToken})" : string.Empty;
}
// We didn't find any specific information for PE files using PKT + TargetFramework
if (explicitCertificateName == null)
{
matchedName = _fileSignInfo.TryGetValue(new ExplicitCertificateKey(fileName, collisionPriorityId: _hashToCollisionIdMap[stringHash]), out explicitCertificateName);
}
// If has overriding info, is it for ignoring the file?
if (SignToolConstants.IgnoreFileCertificateSentinel.Equals(explicitCertificateName, StringComparison.OrdinalIgnoreCase))
{
_log.LogMessage($"File configured to not be signed: {fileName}{fileSpec}");
return(new FileSignInfo(fullPath, hash, SignInfo.Ignore, forceRepack: forceRepack));
}
// Do we have an explicit certificate after all?
if (explicitCertificateName != null)
{
signInfo = signInfo.WithCertificateName(explicitCertificateName, _hashToCollisionIdMap[stringHash]);
hasSignInfo = true;
}
if (hasSignInfo)
{
bool dualCerts = _dualCertificates
.Where(d => d.ItemSpec == signInfo.Certificate &&
d.GetMetadata(SignToolConstants.CollisionPriorityId) == _hashToCollisionIdMap[stringHash]).Any();
if (isAlreadySigned && !dualCerts)
{
return(new FileSignInfo(fullPath, hash, SignInfo.AlreadySigned, forceRepack: forceRepack, wixContentFilePath: wixContentFilePath));
}
// TODO: implement this check for native PE files as well:
// extract copyright from native resource (.rsrc section)
if (signInfo.ShouldSign && peInfo != null && peInfo.IsManaged)
{
bool isMicrosoftLibrary = IsMicrosoftLibrary(peInfo.Copyright);
bool isMicrosoftCertificate = !IsThirdPartyCertificate(signInfo.Certificate);
if (isMicrosoftLibrary != isMicrosoftCertificate)
{
if (isMicrosoftLibrary)
{
LogWarning(SigningToolErrorCode.SIGN001, $"Signing Microsoft library '{fullPath}' with 3rd party certificate '{signInfo.Certificate}'. The library is considered Microsoft library due to its copyright: '{peInfo.Copyright}'.");
}
else
{
LogWarning(SigningToolErrorCode.SIGN001, $"Signing 3rd party library '{fullPath}' with Microsoft certificate '{signInfo.Certificate}'. The library is considered 3rd party library due to its copyright: '{peInfo.Copyright}'.");
}
}
}
return(new FileSignInfo(fullPath, hash, signInfo, (peInfo != null && peInfo.TargetFramework != "") ? peInfo.TargetFramework : null, forceRepack: forceRepack, wixContentFilePath: wixContentFilePath));
}
if (SignToolConstants.SignableExtensions.Contains(extension) || SignToolConstants.SignableOSXExtensions.Contains(extension))
{
// Extract the relative path inside the package / otherwise just return the full path of the file
var contentHash = ContentUtil.GetContentHash(fullPath);
var tempDir = Path.Combine(_pathToContainerUnpackingDirectory, ContentUtil.HashToString(contentHash));
var relativePath = fullPath.Replace($@"{tempDir}\", "");
LogError(SigningToolErrorCode.SIGN002, new SignedFileContentKey(contentHash, relativePath));
}
else
{
_log.LogMessage($"Ignoring non-signable file: {fullPath}");
}
return(new FileSignInfo(fullPath, hash, SignInfo.Ignore, forceRepack: forceRepack, wixContentFilePath: wixContentFilePath));
}
