private static unsafe void TimestampSignedLicenseDom(XmlDocument licenseDom, string timeStampUrl)
{
Win32.CRYPT_DATA_BLOB pTimestampSignatureBlob = new Win32.CRYPT_DATA_BLOB();
XmlNamespaceManager nsmgr = new XmlNamespaceManager(licenseDom.NameTable);
nsmgr.AddNamespace("r", "urn:mpeg:mpeg21:2003:01-REL-R-NS");
nsmgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
nsmgr.AddNamespace("as", "http://schemas.microsoft.com/windows/pki/2005/Authenticode");
byte[] bytes = Encoding.UTF8.GetBytes(licenseDom.OuterXml);
fixed(byte *numPtr = bytes)
{
Win32.CRYPT_DATA_BLOB pSignedLicenseBlob = new Win32.CRYPT_DATA_BLOB();
IntPtr num = new IntPtr((void *)numPtr);
pSignedLicenseBlob.cbData = (uint)bytes.Length;
pSignedLicenseBlob.pbData = num;
int hr = Win32.CertTimestampAuthenticodeLicense(ref pSignedLicenseBlob, timeStampUrl, out pTimestampSignatureBlob);
if (hr != 0)
{
throw new CryptographicException(hr);
}
}
byte[] numArray = new byte[(int)pTimestampSignatureBlob.cbData];
Marshal.Copy(pTimestampSignatureBlob.pbData, numArray, 0, numArray.Length);
Win32.HeapFree(Win32.GetProcessHeap(), 0U, pTimestampSignatureBlob.pbData);
XmlElement element1 = licenseDom.CreateElement("as", "Timestamp", "http://schemas.microsoft.com/windows/pki/2005/Authenticode");
element1.InnerText = Encoding.UTF8.GetString(numArray);
XmlElement element2 = licenseDom.CreateElement("Object", "http://www.w3.org/2000/09/xmldsig#");
element2.AppendChild((XmlNode)element1);
(licenseDom.SelectSingleNode("r:license/r:issuer/ds:Signature", nsmgr) as XmlElement).AppendChild((XmlNode)element2);
}
private unsafe string VerifyPublicKeyToken()
{
XmlNamespaceManager nsmgr = new XmlNamespaceManager(this.m_manifestDom.NameTable);
nsmgr.AddNamespace("asm", "urn:schemas-microsoft-com:asm.v1");
nsmgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
XmlElement xmlElement1 = this.m_manifestDom.SelectSingleNode("asm:assembly/ds:Signature/ds:KeyInfo/ds:KeyValue/ds:RSAKeyValue/ds:Modulus", nsmgr) as XmlElement;
XmlElement xmlElement2 = this.m_manifestDom.SelectSingleNode("asm:assembly/ds:Signature/ds:KeyInfo/ds:KeyValue/ds:RSAKeyValue/ds:Exponent", nsmgr) as XmlElement;
if (xmlElement1 == null || xmlElement2 == null)
{
throw new CryptographicException(-2146762749);
}
byte[] bytes1 = Encoding.UTF8.GetBytes(xmlElement1.InnerXml);
byte[] bytes2 = Encoding.UTF8.GetBytes(xmlElement2.InnerXml);
string publicKeyToken1 = SignedCmiManifest.GetPublicKeyToken(this.m_manifestDom);
byte[] bytes3 = SignedCmiManifest.HexStringToBytes(publicKeyToken1);
byte[] bytes4;
fixed(byte *numPtr1 = bytes1)
fixed(byte *numPtr2 = bytes2)
{
Win32.CRYPT_DATA_BLOB pModulusBlob = new Win32.CRYPT_DATA_BLOB();
Win32.CRYPT_DATA_BLOB pExponentBlob = new Win32.CRYPT_DATA_BLOB();
IntPtr ppwszPublicKeyToken = new IntPtr();
pModulusBlob.cbData = (uint)bytes1.Length;
pModulusBlob.pbData = new IntPtr((void *)numPtr1);
pExponentBlob.cbData = (uint)bytes2.Length;
pExponentBlob.pbData = new IntPtr((void *)numPtr2);
int publicKeyToken2 = Win32._AxlRSAKeyValueToPublicKeyToken(ref pModulusBlob, ref pExponentBlob, out ppwszPublicKeyToken);
if (publicKeyToken2 != 0)
{
throw new CryptographicException(publicKeyToken2);
}
bytes4 = SignedCmiManifest.HexStringToBytes(Marshal.PtrToStringUni(ppwszPublicKeyToken));
Win32.HeapFree(Win32.GetProcessHeap(), 0U, ppwszPublicKeyToken);
}
if (bytes3.Length == 0 || bytes3.Length != bytes4.Length)
{
throw new CryptographicException(-2146762485);
}
for (int index = 0; index < bytes3.Length; ++index)
{
if ((int)bytes3[index] != (int)bytes4[index])
{
throw new CryptographicException(-2146762485);
}
}
return(publicKeyToken1);
}
private unsafe void VerifyLicense(CmiManifestVerifyFlags verifyFlags, bool oldFormat)
{
XmlNamespaceManager namespaceManager = new XmlNamespaceManager(this.m_manifestDom.NameTable);
namespaceManager.AddNamespace("asm", "urn:schemas-microsoft-com:asm.v1");
namespaceManager.AddNamespace("asm2", "urn:schemas-microsoft-com:asm.v2");
namespaceManager.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
namespaceManager.AddNamespace("msrel", "http://schemas.microsoft.com/windows/rel/2005/reldata");
namespaceManager.AddNamespace("r", "urn:mpeg:mpeg21:2003:01-REL-R-NS");
namespaceManager.AddNamespace("as", "http://schemas.microsoft.com/windows/pki/2005/Authenticode");
XmlElement xmlElement = this.m_manifestDom.SelectSingleNode("asm:assembly/ds:Signature/ds:KeyInfo/msrel:RelData/r:license", namespaceManager) as XmlElement;
if (xmlElement == null)
{
return;
}
this.VerifyAssemblyIdentity(namespaceManager);
this.m_authenticodeSignerInfo = new CmiAuthenticodeSignerInfo(-2146762485);
byte[] bytes = Encoding.UTF8.GetBytes(xmlElement.OuterXml);
fixed(byte *numPtr = bytes)
{
Win32.AXL_SIGNER_INFO pSignerInfo = new Win32.AXL_SIGNER_INFO();
pSignerInfo.cbSize = (uint)Marshal.SizeOf(typeof(Win32.AXL_SIGNER_INFO));
Win32.AXL_TIMESTAMPER_INFO pTimestamperInfo = new Win32.AXL_TIMESTAMPER_INFO();
pTimestamperInfo.cbSize = (uint)Marshal.SizeOf(typeof(Win32.AXL_TIMESTAMPER_INFO));
Win32.CRYPT_DATA_BLOB pLicenseBlob = new Win32.CRYPT_DATA_BLOB();
IntPtr num = new IntPtr((void *)numPtr);
pLicenseBlob.cbData = (uint)bytes.Length;
pLicenseBlob.pbData = num;
int hr = Win32.CertVerifyAuthenticodeLicense(ref pLicenseBlob, (uint)verifyFlags, out pSignerInfo, out pTimestamperInfo);
if (-2146762496 != (int)pSignerInfo.dwError)
{
this.m_authenticodeSignerInfo = new CmiAuthenticodeSignerInfo(pSignerInfo, pTimestamperInfo);
}
Win32.CertFreeAuthenticodeSignerInfo(ref pSignerInfo);
Win32.CertFreeAuthenticodeTimestamperInfo(ref pTimestamperInfo);
if (hr != 0)
{
throw new CryptographicException(hr);
}
}
if (oldFormat)
{
return;
}
this.VerifyPublisherIdentity(namespaceManager);
}
private static void ReplacePublicKeyToken(XmlDocument manifestDom, AsymmetricAlgorithm snKey, bool useSha256)
{
// Make sure we can find the publicKeyToken attribute.
XmlNamespaceManager nsm = new XmlNamespaceManager(manifestDom.NameTable);
nsm.AddNamespace("asm", AssemblyNamespaceUri);
XmlElement assemblyIdentity = manifestDom.SelectSingleNode("asm:assembly/asm:assemblyIdentity", nsm) as XmlElement;
if (assemblyIdentity == null)
{
throw new CryptographicException(Win32.TRUST_E_SUBJECT_FORM_UNKNOWN);
}
if (!assemblyIdentity.HasAttribute("publicKeyToken"))
{
throw new CryptographicException(Win32.TRUST_E_SUBJECT_FORM_UNKNOWN);
}
byte[] cspPublicKeyBlob = (GetFixedRSACryptoServiceProvider((RSACryptoServiceProvider)snKey, useSha256)).ExportCspBlob(false);
if (cspPublicKeyBlob == null || cspPublicKeyBlob.Length == 0)
{
throw new CryptographicException(Win32.NTE_BAD_KEY);
}
// Now compute the public key token.
unsafe
{
fixed(byte *pbPublicKeyBlob = cspPublicKeyBlob)
{
Win32.CRYPT_DATA_BLOB publicKeyBlob = new Win32.CRYPT_DATA_BLOB();
publicKeyBlob.cbData = (uint)cspPublicKeyBlob.Length;
publicKeyBlob.pbData = new IntPtr(pbPublicKeyBlob);
IntPtr pPublicKeyToken = new IntPtr();
int hr = Win32._AxlPublicKeyBlobToPublicKeyToken(ref publicKeyBlob, ref pPublicKeyToken);
if (hr != Win32.S_OK)
{
throw new CryptographicException(hr);
}
string publicKeyToken = Marshal.PtrToStringUni(pPublicKeyToken);
Win32.HeapFree(Win32.GetProcessHeap(), 0, pPublicKeyToken);
assemblyIdentity.SetAttribute("publicKeyToken", publicKeyToken);
}
}
}
private static void TimestampSignedLicenseDom(XmlDocument licenseDom, string timeStampUrl)
{
Win32.CRYPT_DATA_BLOB timestampBlob = new Win32.CRYPT_DATA_BLOB();
XmlNamespaceManager nsm = new XmlNamespaceManager(licenseDom.NameTable);
nsm.AddNamespace("r", LicenseNamespaceUri);
nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
nsm.AddNamespace("as", AuthenticodeNamespaceUri);
byte[] licenseXml = Encoding.UTF8.GetBytes(licenseDom.OuterXml);
unsafe
{
fixed(byte *pbLicense = licenseXml)
{
Win32.CRYPT_DATA_BLOB licenseBlob = new Win32.CRYPT_DATA_BLOB();
IntPtr pvLicense = new IntPtr(pbLicense);
licenseBlob.cbData = (uint)licenseXml.Length;
licenseBlob.pbData = pvLicense;
int hr = Win32.CertTimestampAuthenticodeLicense(ref licenseBlob, timeStampUrl, ref timestampBlob);
if (hr != Win32.S_OK)
{
throw new CryptographicException(hr);
}
}
}
byte[] timestampSignature = new byte[timestampBlob.cbData];
Marshal.Copy(timestampBlob.pbData, timestampSignature, 0, timestampSignature.Length);
Win32.HeapFree(Win32.GetProcessHeap(), 0, timestampBlob.pbData);
XmlElement asTimestamp = licenseDom.CreateElement("as", "Timestamp", AuthenticodeNamespaceUri);
asTimestamp.InnerText = Encoding.UTF8.GetString(timestampSignature);
XmlElement dsObject = licenseDom.CreateElement("Object", SignedXml.XmlDsigNamespaceUrl);
dsObject.AppendChild(asTimestamp);
XmlElement signatureNode = licenseDom.SelectSingleNode("r:license/r:issuer/ds:Signature", nsm) as XmlElement;
signatureNode.AppendChild(dsObject);
}
private static unsafe void ReplacePublicKeyToken(XmlDocument manifestDom, AsymmetricAlgorithm snKey)
{
XmlNamespaceManager nsmgr = new XmlNamespaceManager(manifestDom.NameTable);
nsmgr.AddNamespace("asm", "urn:schemas-microsoft-com:asm.v1");
XmlElement xmlElement = manifestDom.SelectSingleNode("asm:assembly/asm:assemblyIdentity", nsmgr) as XmlElement;
if (xmlElement == null)
{
throw new CryptographicException(-2146762749);
}
if (!xmlElement.HasAttribute("publicKeyToken"))
{
throw new CryptographicException(-2146762749);
}
byte[] numArray = ((RSACryptoServiceProvider)snKey).ExportCspBlob(false);
if (numArray == null || numArray.Length == 0)
{
throw new CryptographicException(-2146893821);
fixed(byte *numPtr = numArray)
{
Win32.CRYPT_DATA_BLOB pCspPublicKeyBlob = new Win32.CRYPT_DATA_BLOB();
pCspPublicKeyBlob.cbData = (uint)numArray.Length;
pCspPublicKeyBlob.pbData = new IntPtr((void *)numPtr);
IntPtr ppwszPublicKeyToken = new IntPtr();
int publicKeyToken = Win32._AxlPublicKeyBlobToPublicKeyToken(ref pCspPublicKeyBlob, out ppwszPublicKeyToken);
if (publicKeyToken != 0)
{
throw new CryptographicException(publicKeyToken);
}
string stringUni = Marshal.PtrToStringUni(ppwszPublicKeyToken);
Win32.HeapFree(Win32.GetProcessHeap(), 0U, ppwszPublicKeyToken);
xmlElement.SetAttribute("publicKeyToken", stringUni);
}
}
private static void ReplacePublicKeyToken(XmlDocument manifestDom, AsymmetricAlgorithm snKey)
{
// Make sure we can find the publicKeyToken attribute.
XmlNamespaceManager nsm = new XmlNamespaceManager(manifestDom.NameTable);
nsm.AddNamespace("asm", AssemblyNamespaceUri);
XmlElement assemblyIdentity = manifestDom.SelectSingleNode("asm:assembly/asm:assemblyIdentity", nsm) as XmlElement;
if (assemblyIdentity == null)
{
throw new CryptographicException(Win32.TRUST_E_SUBJECT_FORM_UNKNOWN);
}
if (!assemblyIdentity.HasAttribute("publicKeyToken"))
{
throw new CryptographicException(Win32.TRUST_E_SUBJECT_FORM_UNKNOWN);
}
byte[] cspPublicKeyBlob = ((RSACryptoServiceProvider)snKey).ExportCspBlob(false);
if (cspPublicKeyBlob == null || cspPublicKeyBlob.Length == 0)
{
throw new CryptographicException(Win32.NTE_BAD_KEY);
}
// Now compute the public key token.
unsafe
{
fixed (byte* pbPublicKeyBlob = cspPublicKeyBlob)
{
Win32.CRYPT_DATA_BLOB publicKeyBlob = new Win32.CRYPT_DATA_BLOB();
publicKeyBlob.cbData = (uint)cspPublicKeyBlob.Length;
publicKeyBlob.pbData = new IntPtr(pbPublicKeyBlob);
IntPtr pPublicKeyToken = new IntPtr();
int hr = Win32._AxlPublicKeyBlobToPublicKeyToken(ref publicKeyBlob, ref pPublicKeyToken);
if (hr != Win32.S_OK)
{
throw new CryptographicException(hr);
}
string publicKeyToken = Marshal.PtrToStringUni(pPublicKeyToken);
Win32.HeapFree(Win32.GetProcessHeap(), 0, pPublicKeyToken);
assemblyIdentity.SetAttribute("publicKeyToken", publicKeyToken);
}
}
}
private string VerifyPublicKeyToken()
{
XmlNamespaceManager nsm = new XmlNamespaceManager(_manifestDom.NameTable);
nsm.AddNamespace("asm", AssemblyNamespaceUri);
nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
XmlElement snModulus = _manifestDom.SelectSingleNode("asm:assembly/ds:Signature/ds:KeyInfo/ds:KeyValue/ds:RSAKeyValue/ds:Modulus", nsm) as XmlElement;
XmlElement snExponent = _manifestDom.SelectSingleNode("asm:assembly/ds:Signature/ds:KeyInfo/ds:KeyValue/ds:RSAKeyValue/ds:Exponent", nsm) as XmlElement;
if (snModulus == null || snExponent == null)
{
throw new CryptographicException(Win32.TRUST_E_SUBJECT_FORM_UNKNOWN);
}
byte[] modulus = Encoding.UTF8.GetBytes(snModulus.InnerXml);
byte[] exponent = Encoding.UTF8.GetBytes(snExponent.InnerXml);
string tokenString = GetPublicKeyToken(_manifestDom);
byte[] publicKeyToken = HexStringToBytes(tokenString);
byte[] computedPublicKeyToken;
unsafe
{
fixed (byte* pbModulus = modulus)
{
fixed (byte* pbExponent = exponent)
{
Win32.CRYPT_DATA_BLOB modulusBlob = new Win32.CRYPT_DATA_BLOB();
Win32.CRYPT_DATA_BLOB exponentBlob = new Win32.CRYPT_DATA_BLOB();
IntPtr pComputedToken = new IntPtr();
modulusBlob.cbData = (uint)modulus.Length;
modulusBlob.pbData = new IntPtr(pbModulus);
exponentBlob.cbData = (uint)exponent.Length;
exponentBlob.pbData = new IntPtr(pbExponent);
// Now compute the public key token.
int hr = Win32._AxlRSAKeyValueToPublicKeyToken(ref modulusBlob, ref exponentBlob, ref pComputedToken);
if (hr != Win32.S_OK)
{
throw new CryptographicException(hr);
}
computedPublicKeyToken = HexStringToBytes(Marshal.PtrToStringUni(pComputedToken));
Win32.HeapFree(Win32.GetProcessHeap(), 0, pComputedToken);
}
}
}
// Do they match?
if (publicKeyToken.Length == 0 || publicKeyToken.Length != computedPublicKeyToken.Length)
{
throw new CryptographicException(Win32.TRUST_E_FAIL);
}
for (int i = 0; i < publicKeyToken.Length; i++)
{
if (publicKeyToken[i] != computedPublicKeyToken[i])
{
throw new CryptographicException(Win32.TRUST_E_FAIL);
}
}
return tokenString;
}
//
// Privates.
//
private void VerifyLicense(CmiManifestVerifyFlags verifyFlags, bool oldFormat)
{
XmlNamespaceManager nsm = new XmlNamespaceManager(_manifestDom.NameTable);
nsm.AddNamespace("asm", AssemblyNamespaceUri);
nsm.AddNamespace("asm2", AssemblyV2NamespaceUri);
nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
nsm.AddNamespace("msrel", MSRelNamespaceUri);
nsm.AddNamespace("r", LicenseNamespaceUri);
nsm.AddNamespace("as", AuthenticodeNamespaceUri);
// We are done if no license.
XmlElement licenseNode = _manifestDom.SelectSingleNode("asm:assembly/ds:Signature/ds:KeyInfo/msrel:RelData/r:license", nsm) as XmlElement;
if (licenseNode == null)
{
return;
}
// Make sure this license is for this manifest.
VerifyAssemblyIdentity(nsm);
// Found a license, so instantiate signer info property.
_authenticodeSignerInfo = new CmiAuthenticodeSignerInfo(Win32.TRUST_E_FAIL);
unsafe
{
byte[] licenseXml = Encoding.UTF8.GetBytes(licenseNode.OuterXml);
fixed (byte* pbLicense = licenseXml)
{
Win32.AXL_SIGNER_INFO signerInfo = new Win32.AXL_SIGNER_INFO();
signerInfo.cbSize = (uint)Marshal.SizeOf<Win32.AXL_SIGNER_INFO>();
Win32.AXL_TIMESTAMPER_INFO timestamperInfo = new Win32.AXL_TIMESTAMPER_INFO();
timestamperInfo.cbSize = (uint)Marshal.SizeOf<Win32.AXL_TIMESTAMPER_INFO>();
Win32.CRYPT_DATA_BLOB licenseBlob = new Win32.CRYPT_DATA_BLOB();
IntPtr pvLicense = new IntPtr(pbLicense);
licenseBlob.cbData = (uint)licenseXml.Length;
licenseBlob.pbData = pvLicense;
int hr = Win32.CertVerifyAuthenticodeLicense(ref licenseBlob, (uint)verifyFlags, ref signerInfo, ref timestamperInfo);
if (Win32.TRUST_E_NOSIGNATURE != (int)signerInfo.dwError)
{
_authenticodeSignerInfo = new CmiAuthenticodeSignerInfo(signerInfo, timestamperInfo);
}
Win32.CertFreeAuthenticodeSignerInfo(ref signerInfo);
Win32.CertFreeAuthenticodeTimestamperInfo(ref timestamperInfo);
if (hr != Win32.S_OK)
{
throw new CryptographicException(hr);
}
}
}
if (!oldFormat)
// Make sure we have the intended Authenticode signer.
VerifyPublisherIdentity(nsm);
}
private static void TimestampSignedLicenseDom(XmlDocument licenseDom, string timeStampUrl)
{
Win32.CRYPT_DATA_BLOB timestampBlob = new Win32.CRYPT_DATA_BLOB();
XmlNamespaceManager nsm = new XmlNamespaceManager(licenseDom.NameTable);
nsm.AddNamespace("r", LicenseNamespaceUri);
nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
nsm.AddNamespace("as", AuthenticodeNamespaceUri);
byte[] licenseXml = Encoding.UTF8.GetBytes(licenseDom.OuterXml);
unsafe
{
fixed (byte* pbLicense = licenseXml)
{
Win32.CRYPT_DATA_BLOB licenseBlob = new Win32.CRYPT_DATA_BLOB();
IntPtr pvLicense = new IntPtr(pbLicense);
licenseBlob.cbData = (uint)licenseXml.Length;
licenseBlob.pbData = pvLicense;
int hr = Win32.CertTimestampAuthenticodeLicense(ref licenseBlob, timeStampUrl, ref timestampBlob);
if (hr != Win32.S_OK)
{
throw new CryptographicException(hr);
}
}
}
byte[] timestampSignature = new byte[timestampBlob.cbData];
Marshal.Copy(timestampBlob.pbData, timestampSignature, 0, timestampSignature.Length);
Win32.HeapFree(Win32.GetProcessHeap(), 0, timestampBlob.pbData);
XmlElement asTimestamp = licenseDom.CreateElement("as", "Timestamp", AuthenticodeNamespaceUri);
asTimestamp.InnerText = Encoding.UTF8.GetString(timestampSignature);
XmlElement dsObject = licenseDom.CreateElement("Object", SignedXml.XmlDsigNamespaceUrl);
dsObject.AppendChild(asTimestamp);
XmlElement signatureNode = licenseDom.SelectSingleNode("r:license/r:issuer/ds:Signature", nsm) as XmlElement;
signatureNode.AppendChild(dsObject);
}
internal static extern int _AxlPublicKeyBlobToPublicKeyToken([In] ref Win32.CRYPT_DATA_BLOB pCspPublicKeyBlob, [In, Out] ref IntPtr ppwszPublicKeyToken);
internal static extern int _AxlRSAKeyValueToPublicKeyToken([In] ref Win32.CRYPT_DATA_BLOB pModulusBlob, [In] ref Win32.CRYPT_DATA_BLOB pExponentBlob, [In, Out] ref IntPtr ppwszPublicKeyToken);
internal static extern int CertVerifyAuthenticodeLicense([In] ref Win32.CRYPT_DATA_BLOB pLicenseBlob, [In] uint dwFlags, [In, Out] ref Win32.AXL_SIGNER_INFO pSignerInfo, [In, Out] ref Win32.AXL_TIMESTAMPER_INFO pTimestamperInfo);
internal static extern int CertTimestampAuthenticodeLicense([In] ref Win32.CRYPT_DATA_BLOB pSignedLicenseBlob, [In] string pwszTimestampURI, [In, Out] ref Win32.CRYPT_DATA_BLOB pTimestampSignatureBlob);
