public void ShouldSupportReSigningWithDifferentCertificate()
{
string path;
using (var package = ShadowCopyPackage(SamplePackage, out path, OpcPackageFileMode.ReadWrite))
{
var signerBuilder = package.CreateSignatureBuilder();
signerBuilder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>();
var rsaSha1Cert = new X509Certificate2(CertPath("rsa-2048-sha1.pfx"), "test");
signerBuilder.Sign(
new SignConfigurationSet(
publicCertificate: rsaSha1Cert,
signatureDigestAlgorithm: HashAlgorithmName.SHA256,
fileDigestAlgorithm: HashAlgorithmName.SHA256,
signingKey: rsaSha1Cert.GetRSAPrivateKey()
));
}
using (var package = OpcPackage.Open(path, OpcPackageFileMode.ReadWrite))
{
var signerBuilder = package.CreateSignatureBuilder();
signerBuilder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>();
var rsaSha256Cert = new X509Certificate2(CertPath("rsa-2048-sha256.pfx"), "test");
signerBuilder.Sign(
new SignConfigurationSet(
publicCertificate: rsaSha256Cert,
signatureDigestAlgorithm: HashAlgorithmName.SHA256,
fileDigestAlgorithm: HashAlgorithmName.SHA256,
signingKey: rsaSha256Cert.GetRSAPrivateKey()
));
}
using (var netfxPackage = OpcPackage.Open(path))
{
Assert.NotEmpty(netfxPackage.GetSignatures());
}
}
public int Unsign(CommandArgument vsixPath)
{
var vsixPathValue = vsixPath.Value;
if (!File.Exists(vsixPathValue))
{
_unsignConfiguration.Out.WriteLine("Specified file does not exist.");
return(SignCommand.EXIT_CODES.INVALID_OPTIONS);
}
using (var package = OpcPackage.Open(vsixPathValue, OpcPackageFileMode.ReadWrite))
{
var unsigned = false;
foreach (var signature in package.GetSignatures())
{
unsigned = true;
signature.Remove();
}
if (!unsigned)
{
_unsignConfiguration.Out.WriteLine("Specified VSIX is not signed.");
return(EXIT_CODES.FAILED);
}
_unsignConfiguration.Out.WriteLine("The unsigning operation is complete.");
return(EXIT_CODES.SUCCESS);
}
}
public async Task ShouldSignWithAzureCertificateAndTimestamp()
{
var creds = TestAzureCredentials.Credentials;
string path;
using (var package = ShadowCopyPackage(SamplePackage, out path, OpcPackageFileMode.ReadWrite))
{
var builder = package.CreateSignatureBuilder();
builder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>();
var signature = await builder.SignAsync(
new AzureKeyVaultSignConfigurationSet
{
FileDigestAlgorithm = HashAlgorithmName.SHA256,
PkcsDigestAlgorithm = HashAlgorithmName.SHA256,
AzureClientId = creds.ClientId,
AzureClientSecret = creds.ClientSecret,
AzureKeyVaultUrl = creds.AzureKeyVaultUrl,
AzureKeyVaultCertificateName = creds.AzureKeyVaultCertificateName
}
);
Assert.NotNull(signature);
var timestampBuilder = signature.CreateTimestampBuilder();
var timestampServer = new Uri("http://timestamp.digicert.com", UriKind.Absolute);
var result = await timestampBuilder.SignAsync(timestampServer, HashAlgorithmName.SHA256);
}
using (var netfxPackage = OpcPackage.Open(path))
{
Assert.NotEmpty(netfxPackage.GetSignatures());
}
}
public void ShouldReturnEmptyEnumerableForNoSignatureOriginRelationship()
{
using (var package = OpcPackage.Open(SamplePackage))
{
Assert.Empty(package.GetSignatures());
}
}
public void ShouldReturnSignatureForSignedPackage()
{
using (var package = OpcPackage.Open(SamplePackageSigned))
{
Assert.NotEmpty(package.GetSignatures());
}
}
public void ShouldRemoveSignature()
{
string path;
using (var package = ShadowCopyPackage(SamplePackage, out path, OpcPackageFileMode.ReadWrite))
{
var certificate = new X509Certificate2(CertPath("rsa-2048-sha1.pfx"), "test");
var signerBuilder = package.CreateSignatureBuilder();
signerBuilder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>();
signerBuilder.Sign(
new SignConfigurationSet(
publicCertificate: certificate,
signatureDigestAlgorithm: HashAlgorithmName.SHA1,
fileDigestAlgorithm: HashAlgorithmName.SHA1,
signingKey: certificate.GetRSAPrivateKey()
));
}
using (var package = OpcPackage.Open(path, OpcPackageFileMode.ReadWrite))
{
var signatures = package.GetSignatures().ToList();
Assert.Single(signatures);
var signature = signatures[0];
signature.Remove();
Assert.Null(signature.Part);
Assert.Throws <InvalidOperationException>(() => signature.CreateTimestampBuilder());
Assert.Empty(package.GetSignatures());
}
}
public async Task ShouldSupportReSigningWithDifferentCertificate()
{
string path;
using (var package = ShadowCopyPackage(SamplePackage, out path, OpcPackageFileMode.ReadWrite))
{
var signerBuilder = package.CreateSignatureBuilder();
signerBuilder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>();
await signerBuilder.SignAsync(
new CertificateSignConfigurationSet
{
PkcsDigestAlgorithm = HashAlgorithmName.SHA1,
FileDigestAlgorithm = HashAlgorithmName.SHA1,
SigningCertificate = new X509Certificate2(@"certs\rsa-2048-sha1.pfx", "test")
}
);
}
using (var package = OpcPackage.Open(path, OpcPackageFileMode.ReadWrite))
{
var signerBuilder = package.CreateSignatureBuilder();
signerBuilder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>();
await signerBuilder.SignAsync(
new CertificateSignConfigurationSet
{
PkcsDigestAlgorithm = HashAlgorithmName.SHA256,
FileDigestAlgorithm = HashAlgorithmName.SHA256,
SigningCertificate = new X509Certificate2(@"certs\rsa-2048-sha256.pfx", "test")
}
);
}
using (var netfxPackage = OpcPackage.Open(path))
{
Assert.NotEmpty(netfxPackage.GetSignatures());
}
}
public void ShouldOpenAndDisposeAPackageAndDisposeIsIdempotent()
{
var package = OpcPackage.Open(SamplePackage);
package.Dispose();
package.Dispose();
}
public async Task ShouldRemoveSignature()
{
string path;
using (var package = ShadowCopyPackage(SamplePackage, out path, OpcPackageFileMode.ReadWrite))
{
var signerBuilder = package.CreateSignatureBuilder();
signerBuilder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>();
await signerBuilder.SignAsync(
new CertificateSignConfigurationSet
{
FileDigestAlgorithm = HashAlgorithmName.SHA1,
PkcsDigestAlgorithm = HashAlgorithmName.SHA1,
SigningCertificate = new X509Certificate2(@"certs\rsa-2048-sha1.pfx", "test")
}
);
}
using (var package = OpcPackage.Open(path, OpcPackageFileMode.ReadWrite))
{
var signatures = package.GetSignatures().ToList();
Assert.Equal(1, signatures.Count);
var signature = signatures[0];
signature.Remove();
Assert.Null(signature.Part);
Assert.Throws <InvalidOperationException>(() => signature.CreateTimestampBuilder());
Assert.Equal(0, package.GetSignatures().Count());
}
}
async Task <bool> RunSignTool(string file, RsaSignConfigurationSet config, string timestampUrl, HashAlgorithmName alg)
{
// Append a sha256 signature
using (var package = OpcPackage.Open(file, OpcPackageFileMode.ReadWrite))
{
var startTime = DateTimeOffset.UtcNow;
var stopwatch = Stopwatch.StartNew();
logger.LogInformation("Signing {fileName}", file);
var signBuilder = package.CreateSignatureBuilder();
signBuilder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>();
var signature = await signBuilder.SignAsync(config);
var failed = false;
if (timestampUrl != null)
{
var timestampBuilder = signature.CreateTimestampBuilder();
var result = await timestampBuilder.SignAsync(new Uri(timestampUrl), alg);
if (result == TimestampResult.Failed)
{
failed = true;
logger.LogError("Error timestamping VSIX");
}
}
telemetryLogger.TrackSignToolDependency(signToolName, file, startTime, stopwatch.Elapsed, null, failed ? 1 : 0);
return(!failed);
}
}
public void ShouldEnumerateAllParts()
{
using (var package = OpcPackage.Open(SamplePackage))
{
var parts = package.GetParts().ToArray();
Assert.Single(parts);
}
}
public void ShouldEnumerateAllParts()
{
using (var package = OpcPackage.Open(SamplePackage))
{
var parts = package.GetParts().ToArray();
Assert.Equal(2, parts.Length);
}
}
public void ShouldNotAllowUpdatingContentTypesInReadOnly()
{
using (var package = OpcPackage.Open(SamplePackage))
{
var newItem = new OpcContentType("test", "test", OpcContentTypeMode.Default);
var contentTypes = package.ContentTypes;
Assert.Throws <InvalidOperationException>(() => contentTypes.Add(newItem));
}
}
public void ShouldOpenSinglePartByRelativeUri(string uri)
{
var partUri = new Uri(uri, UriKind.RelativeOrAbsolute);
using (var package = OpcPackage.Open(SamplePackage))
{
Assert.NotNull(package.GetPart(partUri));
}
}
private OpcPackage ShadowCopyPackage(string packagePath, out string path, OpcPackageFileMode mode = OpcPackageFileMode.Read)
{
var temp = Path.GetTempFileName();
_shadowFiles.Add(temp);
File.Copy(packagePath, temp, true);
path = temp;
return(OpcPackage.Open(temp, mode));
}
public void ShouldReadContentTypes()
{
using (var package = OpcPackage.Open(SamplePackage))
{
Assert.Equal(3, package.ContentTypes.Count);
var first = package.ContentTypes[0];
Assert.Equal("vsixmanifest", first.Extension);
Assert.Equal("text/xml", first.ContentType);
Assert.Equal(OpcContentTypeMode.Default, first.Mode);
}
}
public void ShouldCreateSignatureBuilder()
{
using (var package = OpcPackage.Open(SamplePackage))
{
var builder = package.CreateSignatureBuilder();
foreach (var part in package.GetParts())
{
builder.EnqueuePart(part);
Assert.True(builder.DequeuePart(part));
}
}
}
public void ShouldAllowUpdatingContentType()
{
int initialCount;
string shadowPath;
using (var package = ShadowCopyPackage(SamplePackage, out shadowPath, OpcPackageFileMode.ReadWrite))
{
initialCount = package.ContentTypes.Count;
var newItem = new OpcContentType("test", "application/test", OpcContentTypeMode.Default);
package.ContentTypes.Add(newItem);
}
using (var reopenedPackage = OpcPackage.Open(shadowPath))
{
Assert.Equal(initialCount + 1, reopenedPackage.ContentTypes.Count);
}
}
public void ShouldAllowUpdatingRelationships()
{
int initialCount;
string shadowPath;
using (var package = ShadowCopyPackage(SamplePackage, out shadowPath, OpcPackageFileMode.ReadWrite))
{
initialCount = package.Relationships.Count;
var newItem = new OpcRelationship(new Uri("/test", UriKind.RelativeOrAbsolute), new Uri("/test", UriKind.RelativeOrAbsolute));
package.Relationships.Add(newItem);
Assert.True(newItem.Id != null && newItem.Id.Length == 9);
}
using (var reopenedPackage = OpcPackage.Open(shadowPath))
{
Assert.Equal(initialCount + 1, reopenedPackage.Relationships.Count);
}
}
public void ShouldRemoveRelationshipsForRemovedPartWhereRelationshipIsNotMaterialized()
{
string path;
using (var package = ShadowCopyPackage(SamplePackage, out path, OpcPackageFileMode.ReadWrite))
{
var partToRemove = new Uri("/extension.vsixmanifest", UriKind.Relative);
var part = package.GetPart(partToRemove);
part.Relationships.Add(new OpcRelationship(new Uri("/foo", UriKind.Relative), new Uri("http://foo.com", UriKind.Absolute)));
package.RemovePart(part);
}
using (var package = OpcPackage.Open(path))
{
var relationshipPartUri = new Uri("/_rels/extension.vsixmanifest.rels", UriKind.Relative);
Assert.False(package.HasPart(relationshipPartUri));
Assert.Null(package.GetPart(relationshipPartUri));
}
}
public async Task ShouldSupportReSigningWithDifferentCertificate()
{
string path;
using (var package = ShadowCopyPackage(SamplePackage, out path, OpcPackageFileMode.ReadWrite))
{
var signerBuilder = package.CreateSignatureBuilder();
signerBuilder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>();
await signerBuilder.SignAsync(
new CertificateSignConfigurationSet
{
PkcsDigestAlgorithm = HashAlgorithmName.SHA1,
FileDigestAlgorithm = HashAlgorithmName.SHA1,
SigningCertificate = new X509Certificate2(@"certs\rsa-2048-sha1.pfx", "test")
}
);
}
using (var package = OpcPackage.Open(path, OpcPackageFileMode.ReadWrite))
{
var signerBuilder = package.CreateSignatureBuilder();
signerBuilder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>();
await signerBuilder.SignAsync(
new CertificateSignConfigurationSet
{
PkcsDigestAlgorithm = HashAlgorithmName.SHA256,
FileDigestAlgorithm = HashAlgorithmName.SHA256,
SigningCertificate = new X509Certificate2(@"certs\rsa-2048-sha256.pfx", "test")
}
);
}
using (var netfxPackage = Package.Open(path, FileMode.Open))
{
var signatureManager = new PackageDigitalSignatureManager(netfxPackage);
Assert.Equal(VerifyResult.Success, signatureManager.VerifySignatures(true));
if (signatureManager.Signatures.Count != 1 || signatureManager.Signatures[0].SignedParts.Count != netfxPackage.GetParts().Count() - 1)
{
Assert.True(false, "Missing parts");
}
var packageSignature = signatureManager.Signatures[0];
Assert.Equal(OpcKnownUris.SignatureAlgorithms.rsaSHA256.AbsoluteUri, packageSignature.Signature.SignedInfo.SignatureMethod);
}
}
private async Task <int> PerformAzureSignOnVsixAsync(string vsixPath, bool force,
Uri timestampUri, HashAlgorithmName fileDigestAlgorithm, HashAlgorithmName timestampDigestAlgorithm,
string azureUri, string azureClientId, string azureClientCertificateName, string azureClientSecret, string azureAccessToken
)
{
using (var package = OpcPackage.Open(vsixPath, OpcPackageFileMode.ReadWrite))
{
if (package.GetSignatures().Any() && !force)
{
_signCommandApplication.Out.WriteLine("The VSIX is already signed.");
return(EXIT_CODES.FAILED);
}
var signBuilder = package.CreateSignatureBuilder();
signBuilder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>();
var signingConfiguration = new AzureKeyVaultSignConfigurationSet
{
FileDigestAlgorithm = fileDigestAlgorithm,
PkcsDigestAlgorithm = fileDigestAlgorithm,
AzureClientId = azureClientId,
AzureClientSecret = azureClientSecret,
AzureKeyVaultCertificateName = azureClientCertificateName,
AzureKeyVaultUrl = azureUri,
AzureAccessToken = azureAccessToken
};
var signature = await signBuilder.SignAsync(signingConfiguration);
if (timestampUri != null)
{
var timestampBuilder = signature.CreateTimestampBuilder();
var result = await timestampBuilder.SignAsync(timestampUri, timestampDigestAlgorithm);
if (result == TimestampResult.Failed)
{
return(EXIT_CODES.FAILED);
}
}
_signCommandApplication.Out.WriteLine("The signing operation is complete.");
return(EXIT_CODES.SUCCESS);
}
}
private async Task <int> PerformSignOnVsixAsync(string vsixPath, bool force,
Uri timestampUri, HashAlgorithmName fileDigestAlgorithm, HashAlgorithmName timestampDigestAlgorithm,
X509Certificate2 certificate, AsymmetricAlgorithm signingKey
)
{
using (var package = OpcPackage.Open(vsixPath, OpcPackageFileMode.ReadWrite))
{
if (package.GetSignatures().Any() && !force)
{
_signCommandApplication.Out.WriteLine("The VSIX is already signed.");
return(EXIT_CODES.FAILED);
}
var signBuilder = package.CreateSignatureBuilder();
signBuilder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>();
var signingConfiguration = new SignConfigurationSet
(
fileDigestAlgorithm: fileDigestAlgorithm,
signatureDigestAlgorithm: fileDigestAlgorithm,
publicCertificate: certificate,
signingKey: signingKey
);
var signature = signBuilder.Sign(signingConfiguration);
if (timestampUri != null)
{
var timestampBuilder = signature.CreateTimestampBuilder();
var result = await timestampBuilder.SignAsync(timestampUri, timestampDigestAlgorithm);
if (result == TimestampResult.Failed)
{
return(EXIT_CODES.FAILED);
}
}
_signCommandApplication.Out.WriteLine("The signing operation is complete.");
return(EXIT_CODES.SUCCESS);
}
}