private void SignOpenOfficeXML(Package package) { try { Licensing.ShowDemoMessage(); DigitalCertificate.LogOnEToken(this.DigitalSignatureCertificate); if (package == null) { throw new ArgumentNullException(); } List <Uri> uris = new List <Uri>(); List <PackageRelationshipSelector> packageRelationshipSelectors = new List <PackageRelationshipSelector>(); foreach (PackageRelationship relationshipsByType in package.GetRelationshipsByType("http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument")) { this.CreateListOfSignableItems(relationshipsByType, uris, packageRelationshipSelectors); } PackageDigitalSignatureManager packageDigitalSignatureManager = new PackageDigitalSignatureManager(package) { CertificateOption = CertificateEmbeddingOption.InSignaturePart }; packageDigitalSignatureManager.Sign(uris, this.DigitalSignatureCertificate, packageRelationshipSelectors); } catch { throw; } }
private void SignAllParts(Package package, X509Certificate2 certificate) { var partsToSign = new List <Uri>(); var relationshipsToSign = new List <PackageRelationshipSelector>(); foreach (var relationship in package.GetRelationshipsByType(RtOfficeDocument)) { AddSignableItems(relationship, partsToSign, relationshipsToSign); } var mgr = new PackageDigitalSignatureManager(package) { CertificateOption = CertificateEmbeddingOption.InSignaturePart }; var officeObject = CreateOfficeObject(SignatureID, ManifestHashAlgorithm); var officeObjectReference = new Reference("#" + OfficeObjectID); mgr.Sign(partsToSign, certificate, relationshipsToSign, SignatureID, new[] { officeObject }, new[] { officeObjectReference }); package.Close(); }
public static OpenXmlPowerToolsDocument Insert(OpenXmlPowerToolsDocument doc, IEnumerable <string> certificateList) { using (OpenXmlMemoryStreamDocument streamDoc = new OpenXmlMemoryStreamDocument(doc)) { using (Package package = streamDoc.GetPackage()) { foreach (string digitalCertificate in certificateList) { X509Certificate x509Certificate = X509Certificate2.CreateFromCertFile(digitalCertificate); PackageDigitalSignatureManager digitalSigntaureManager = new PackageDigitalSignatureManager(package); digitalSigntaureManager.CertificateOption = CertificateEmbeddingOption.InSignaturePart; System.Collections.Generic.List <Uri> partsToSign = new System.Collections.Generic.List <Uri>(); //Adds each part to the list, except relationships parts. foreach (PackagePart openPackagePart in package.GetParts()) { if (!PackUriHelper.IsRelationshipPartUri(openPackagePart.Uri)) { partsToSign.Add(openPackagePart.Uri); } } List <PackageRelationshipSelector> relationshipSelectors = new List <PackageRelationshipSelector>(); //Creates one selector for each package-level relationship, based on id foreach (PackageRelationship relationship in package.GetRelationships()) { PackageRelationshipSelector relationshipSelector = new PackageRelationshipSelector(relationship.SourceUri, PackageRelationshipSelectorType.Id, relationship.Id); relationshipSelectors.Add(relationshipSelector); } digitalSigntaureManager.Sign(partsToSign, x509Certificate, relationshipSelectors); } } return(streamDoc.GetModifiedDocument()); } }
public static PackageDigitalSignature Sign( OpenXmlPackage openXmlPackage, X509Certificate2 certificate, string signatureId = "idPackageSignature") { if (openXmlPackage == null) { throw new ArgumentNullException(nameof(openXmlPackage)); } if (certificate == null) { throw new ArgumentNullException(nameof(certificate)); } if (signatureId == null) { throw new ArgumentNullException(nameof(signatureId)); } Package package = openXmlPackage.Package; var dsm = new PackageDigitalSignatureManager(package) { CertificateOption = CertificateEmbeddingOption.InSignaturePart }; return(dsm.Sign(GetParts(package), certificate, GetRelationshipSelectors(package), signatureId)); }
private static bool SignVsix(string vsixPackagePath, X509Certificate2 certificate) { // many thanks to Jeff Wilcox for the idea and code // check for details: http://www.jeff.wilcox.name/2010/03/vsixcodesigning/ using (var package = Package.Open(vsixPackagePath)) { var signatureManager = new PackageDigitalSignatureManager(package); signatureManager.CertificateOption = CertificateEmbeddingOption.InSignaturePart; var partsToSign = new List <Uri>(); foreach (var packagePart in package.GetParts()) { partsToSign.Add(packagePart.Uri); } partsToSign.Add(PackUriHelper.GetRelationshipPartUri(signatureManager.SignatureOrigin)); partsToSign.Add(signatureManager.SignatureOrigin); partsToSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute))); try { signatureManager.Sign(partsToSign, certificate); } catch (CryptographicException) { return(false); } return(true); } }
private static void SignAllParts(Package package, X509Certificate certificate) { List <Uri> PartstobeSigned = new List <Uri>(); List <PackageRelationshipSelector> SignableReleationships = new List <PackageRelationshipSelector>(); foreach (PackageRelationship relationship in package.GetRelationshipsByType(RT_OfficeDocument)) { // Pass the releationship of the root. This is decided based on the RT_OfficeDocument // http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument CreateListOfSignableItems(relationship, PartstobeSigned, SignableReleationships); } // Create the DigitalSignature Manager PackageDigitalSignatureManager dsm = new PackageDigitalSignatureManager(package); dsm.CertificateOption = CertificateEmbeddingOption.InSignaturePart; dsm.HashAlgorithm = ManifestHashAlgorithm; try { System.Security.Cryptography.Xml.DataObject officeObject = CreateOfficeObject(SignatureID, dsm.HashAlgorithm); Reference officeObjectReference = new Reference("#" + OfficeObjectID); var sgn = dsm.Sign(PartstobeSigned, certificate, SignableReleationships, SignatureID, new System.Security.Cryptography.Xml.DataObject[] { officeObject }, new Reference[] { officeObjectReference }); } catch (CryptographicException ex) { Console.WriteLine(ex.InnerException.ToString()); } }
/// <summary> /// Method that Sign the document, he call the others methods and uses the lists and OfficeObject to Sign /// </summary> /// <param name="certificate">the digital certificate that will sign</param> public void SignDocument(X509Certificate2 certificate) { if (certificate != null) { if (DocumentType.Equals(Types.XpsDocument)) { xpsDocument.SignDigitally( certificate, true, XpsDigSigPartAlteringRestrictions.None); } else { List <Uri> partsToSign = new List <Uri>(); List <PackageRelationshipSelector> relationshipsToSign = new List <PackageRelationshipSelector>(); List <Uri> finishedItems = new List <Uri>(); foreach (PackageRelationship relationship in package.GetRelationshipsByType(RT_OfficeDocument)) { AddSignableItems(relationship, partsToSign, relationshipsToSign); } PackageDigitalSignatureManager mgr = new PackageDigitalSignatureManager(package); mgr.CertificateOption = CertificateEmbeddingOption.InSignaturePart; string signatureID = SignatureID; string manifestHashAlgorithm = ManifestHashAlgorithm; System.Security.Cryptography.Xml.DataObject officeObject = CreateOfficeObject(signatureID, manifestHashAlgorithm); Reference officeObjectReference = new Reference("#" + OfficeObjectID); mgr.Sign(partsToSign, certificate, relationshipsToSign, signatureID, new System.Security.Cryptography.Xml.DataObject[] { officeObject }, new Reference[] { officeObjectReference }); } } }
public override bool Execute() { using (Package package = Package.Open(PackageFile, FileMode.Open)) { try { PackageDigitalSignatureManager signatureManager = new PackageDigitalSignatureManager(package); signatureManager.CertificateOption = CertificateEmbeddingOption.InSignaturePart; List <Uri> toSign = package.GetParts().Select(part => part.Uri).ToList(); toSign.Add(PackUriHelper.GetRelationshipPartUri(signatureManager.SignatureOrigin)); toSign.Add(signatureManager.SignatureOrigin); toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute))); signatureManager.Sign(toSign, new X509Certificate2(Certificate, CertificatePassword)); return(true); } catch (Exception ex) { Log.LogError("Error signing package: ", ex); return(false); } } }
static void SignPackage(Package package, X509Certificate2 certificate) { List <Uri> partsToSign = new List <Uri>(); List <PackageRelationshipSelector> relationshipsToSign = new List <PackageRelationshipSelector>(); List <Uri> finishedItems = new List <Uri>(); foreach (PackageRelationship relationship in package.GetRelationshipsByType(RT_OfficeDocument)) { AddSignableItems(relationship, partsToSign, relationshipsToSign); } PackageDigitalSignatureManager mgr = new PackageDigitalSignatureManager(package); mgr.CertificateOption = CertificateEmbeddingOption.InSignaturePart; string signatureID = SignatureID; string manifestHashAlgorithm = ManifestHashAlgorithm; DataObject officeObject = CreateOfficeObject(signatureID, manifestHashAlgorithm); Reference officeObjectReference = new Reference("#" + OfficeObjectID); mgr.Sign(partsToSign, certificate, relationshipsToSign, signatureID, new DataObject[] { officeObject }, new Reference[] { officeObjectReference }); }
/// <summary> /// Main signing process /// </summary> /// <param name="package"></param> /// <returns></returns> private bool SignAllParts(Package package) { if (package == null) { throw new ArgumentNullException("SignAllParts(package)"); } // Create the DigitalSignature Manager PackageDigitalSignatureManager dsm = new PackageDigitalSignatureManager(package); dsm.CertificateOption = CertificateEmbeddingOption.InSignaturePart; // Create a list of all the part URIs in the package to sign // (GetParts() also includes PackageRelationship parts). System.Collections.Generic.List <Uri> toSign = new System.Collections.Generic.List <Uri>(); foreach (PackagePart packagePart in package.GetParts()) { // Add all package parts to the list for signing. toSign.Add(packagePart.Uri); } // Add the URI for SignatureOrigin PackageRelationship part. // The SignatureOrigin relationship is created when Sign() is called. // Signing the SignatureOrigin relationship disables counter-signatures. toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin)); // Also sign the SignatureOrigin part. toSign.Add(dsm.SignatureOrigin); // Add the package relationship to the signature origin to be signed. toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute))); // Sign() will prompt the user to select a Certificate to sign with. try { var cert = new X509Certificate2(this.CertificatePath, (String.IsNullOrEmpty(this.CertificatePassword) ? null : this.CertificatePassword)); dsm.Sign(toSign, cert); } // If there are no certificates or the SmartCard manager is // not running, catch the exception and show an error message. catch (CryptographicException ex) { Console.WriteLine( "Cannot Sign: {0}", ex.Message); } return(dsm.IsSigned && dsm.VerifySignatures(true) == VerifyResult.Success); }// end:SignAllParts()
}// end:ValidateSignatures() //</SnippetPackageDigSigValidate> //<SnippetPackageDigSigSign> private static void SignAllParts(Package package) { if (package == null) { throw new ArgumentNullException("SignAllParts(package)"); } // Create the DigitalSignature Manager PackageDigitalSignatureManager dsm = new PackageDigitalSignatureManager(package); dsm.CertificateOption = CertificateEmbeddingOption.InSignaturePart; // Create a list of all the part URIs in the package to sign // (GetParts() also includes PackageRelationship parts). System.Collections.Generic.List <Uri> toSign = new System.Collections.Generic.List <Uri>(); foreach (PackagePart packagePart in package.GetParts()) { // Add all package parts to the list for signing. toSign.Add(packagePart.Uri); } // Add the URI for SignatureOrigin PackageRelationship part. // The SignatureOrigin relationship is created when Sign() is called. // Signing the SignatureOrigin relationship disables counter-signatures. toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin)); // Also sign the SignatureOrigin part. toSign.Add(dsm.SignatureOrigin); // Add the package relationship to the signature origin to be signed. toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute))); // Sign() will prompt the user to select a Certificate to sign with. try { dsm.Sign(toSign); } // If there are no certificates or the SmartCard manager is // not running, catch the exception and show an error message. catch (CryptographicException ex) { MessageBox.Show( "Cannot Sign\n" + ex.Message, "No Digital Certificates Available", MessageBoxButton.OK, MessageBoxImage.Exclamation); } }// end:SignAllParts()
internal static bool Sign(string inputPath, string outputPath, X509Certificate2 certificate) { if (string.IsNullOrEmpty(inputPath) || !File.Exists(inputPath)) { throw new ArgumentException("inputPath"); } if (string.IsNullOrEmpty(outputPath)) { throw new Exception("outputPath"); } if (certificate == null) { throw new Exception("certificate"); } using (Package signedPackage = Package.Open(outputPath, FileMode.Create)) { var uriString = "/" + InnerPackageName + ".pgx"; var uri = new Uri(uriString, UriKind.Relative); var innerPackagePart = signedPackage.CreatePart(uri, "application/zip"); using (var fileStream = File.Open(inputPath, FileMode.Open, FileAccess.Read)) { using (var stream = innerPackagePart.GetStream()) { var array = new byte[81920]; int count; while ((count = fileStream.Read(array, 0, array.Length)) != 0) { stream.Write(array, 0, count); } } } //Make a list of parts to sign (in this case, only one package) var partsToSign = new List <Uri> { innerPackagePart.Uri }; var dsm = new PackageDigitalSignatureManager(signedPackage) { CertificateOption = CertificateEmbeddingOption.InSignaturePart, HashAlgorithm = "http://www.w3.org/2001/04/xmlenc#sha256" }; if (dsm.Sign(partsToSign, certificate) != null) { Console.WriteLine("Signed package {0} created.", outputPath); return(true); } } return(false); }
public static void Sign(Package package, X509Certificate2 certificate) { var dsm = new PackageDigitalSignatureManager(package) { CertificateOption = CertificateEmbeddingOption.InSignaturePart }; List <Uri> parts = package.GetParts() .Select(part => part.Uri) .Where(uri => !PackUriHelper.IsRelationshipPartUri(uri)) .ToList(); dsm.Sign(parts, certificate); }
private static void SignPackage(MemoryStream outputStream, string certPath, string certPassword) { // this from Richard diZerega // https://github.com/richdizz/microsoft-graph-app-only/blob/master/RichdizzReady/Program.cs var certfile = System.IO.File.OpenRead(certPath); var certificateBytes = new byte[certfile.Length]; certfile.Read(certificateBytes, 0, (int)certfile.Length); var certificate = new X509Certificate2( certificateBytes, certPassword, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet); //switches are important to work in webjob var package = WordprocessingDocument.Open(outputStream, true).Package; // This from Wouter's sample code from 10 years ago List <Uri> partsToSign = new List <Uri>(); List <PackageRelationshipSelector> relationshipsToSign = new List <PackageRelationshipSelector>(); List <Uri> finishedItems = new List <Uri>(); foreach (PackageRelationship relationship in package.GetRelationshipsByType(RT_OfficeDocument)) { AddSignableItems(relationship, partsToSign, relationshipsToSign); } PackageDigitalSignatureManager mgr = new PackageDigitalSignatureManager(package); mgr.CertificateOption = CertificateEmbeddingOption.InSignaturePart; string signatureID = SignatureID; string manifestHashAlgorithm = ManifestHashAlgorithm; DataObject officeObject = CreateOfficeObject(signatureID, manifestHashAlgorithm); Reference officeObjectReference = new Reference("#" + OfficeObjectID); mgr.Sign(partsToSign, certificate, relationshipsToSign, signatureID, new DataObject[] { officeObject }, new Reference[] { officeObjectReference }); }
/// <summary> /// /// </summary> /// <param name="path"></param> /// <param name="overrideCurrentSignature"></param> /// <from>http://msdn.microsoft.com/en-us/library/system.io.packaging.packagedigitalsignaturemanager.sign(v=vs.100).aspx</from> public void Sign(string path, bool overrideCurrentSignature) { { _log.Debug("We're going to try signing {0}, override current signature {1}".format(path, overrideCurrentSignature)); var package = Package.Open(path); _log.Debug("Opened {0}".format(path)); var signatureManager = new PackageDigitalSignatureManager(package) { CertificateOption = CertificateEmbeddingOption.InSignaturePart }; if (signatureManager.IsSigned) { if (overrideCurrentSignature) { _log.Debug("{0} is signed we'll try to remove signatures".format(path)); //TODO: make smarter so we only remove signatures for the relevant parts signatureManager.RemoveAllSignatures(); package.Flush(); } else { _log.Debug("{0} is signed, we're going to throw".format(path)); throw new AlreadySignedException(); } } var toSign = package.GetParts().Select(packagePart => packagePart.Uri).ToList(); toSign.Add(PackUriHelper.GetRelationshipPartUri(signatureManager.SignatureOrigin)); toSign.Add(signatureManager.SignatureOrigin); toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute))); _log.Debug("About to start signing {0}".format(path)); signatureManager.Sign(toSign, Certificate); _log.Debug("signed {0}, going to close".format(path)); package.Close(); _log.Debug("closed {0}".format(path)); } GC.Collect(); }
/// <summary> /// Signs all parts of the VSIX file /// </summary> /// <param name="vsixFileName">The file path of the VSIX file</param> /// <param name="pfxFileName">The file path of the certificate</param> /// <param name="password">The password for the certificate</param> /// <returns>True if the file has been signed, false otherwise</returns> private bool SignVSIXFile(string vsixFileName, string pfxFileName, string password) { if (File.Exists(vsixFileName) == false) { this.LogBuildError("VSIX file doesn't exist"); return(false); } if (File.Exists(pfxFileName) == false) { this.LogBuildError("Certificate file doesn't exist"); return(false); } LogBuildMessage(string.Format("Signing {0} ", Path.GetFileName(vsixFileName)), BuildMessageImportance.High); using (var package = Package.Open(vsixFileName, FileMode.Open)) { var packageSignatureManager = new PackageDigitalSignatureManager(package) { CertificateOption = CertificateEmbeddingOption.InSignaturePart }; var partsToSign = package.GetParts().Select(packagePart => packagePart.Uri).ToList(); partsToSign.Add(PackUriHelper.GetRelationshipPartUri(packageSignatureManager.SignatureOrigin)); partsToSign.Add(packageSignatureManager.SignatureOrigin); partsToSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute))); try { packageSignatureManager.Sign(partsToSign, new System.Security.Cryptography.X509Certificates.X509Certificate2(pfxFileName, password)); } catch (System.Security.Cryptography.CryptographicException ex) { this.LogBuildError("Error Signing File " + ex.Message); return(false); } return(packageSignatureManager.IsSigned && packageSignatureManager.VerifySignatures(true) == VerifyResult.Success); } }
public void SignPackage(Package package, X509Certificate cert) { var dsm = new PackageDigitalSignatureManager(package) { CertificateOption = CertificateEmbeddingOption.InSignaturePart, HashAlgorithm = SignedXml.XmlDsigSHA512Url, }; var toSign = new List <Uri>(); foreach (PackagePart packagePart in package.GetParts()) { toSign.Add(packagePart.Uri); } toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin)); toSign.Add(dsm.SignatureOrigin); toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute))); dsm.Sign(toSign, cert); }
private static void SignAllParts(Package package, X509Certificate cert) { if (package == null) { throw new ArgumentNullException("SignAllParts(package)"); } if (cert == null) { throw new ArgumentNullException("SignAllParts(cert)"); } PackageDigitalSignatureManager dsm = new PackageDigitalSignatureManager(package) { CertificateOption = CertificateEmbeddingOption.InSignaturePart, HashAlgorithm = SignedXml.XmlDsigSHA512Url }; List <Uri> toSign = new List <Uri>(); foreach (PackagePart packagePart in package.GetParts()) { toSign.Add(packagePart.Uri); } toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin)); toSign.Add(dsm.SignatureOrigin); toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute))); try { dsm.Sign(toSign, cert); } catch (CryptographicException ex) { AppHealth.Current.Error.TrackAsync("Error sigingn package.", ex).FireAndForget(); throw; } }
/// <summary> /// /// </summary> /// <param name="path"></param> /// <from>http://msdn.microsoft.com/en-us/library/system.io.packaging.packagedigitalsignaturemanager.sign(v=vs.100).aspx</from> public void Sign(string path) { var package = Package.Open(path); var signatureManager = new PackageDigitalSignatureManager(package); signatureManager.CertificateOption = CertificateEmbeddingOption.InSignaturePart; var toSign = new List <Uri>(); foreach (PackagePart packagePart in package.GetParts()) { toSign.Add(packagePart.Uri); } toSign.Add(PackUriHelper.GetRelationshipPartUri(signatureManager.SignatureOrigin)); toSign.Add(signatureManager.SignatureOrigin); toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute))); signatureManager.Sign(toSign, Certificate); package.Close(); }
private static bool SignVsix(string vsixPackagePath, SignData arguments, StringBuilder outputBuffer, StringBuilder errorBuffer, bool signContentInVsix = false) { if (arguments == null) { throw new ArgumentNullException("arguments"); } // try to load the certificate: try { arguments.VerifyCertificate(); } catch (Exception ex) { if (errorBuffer != null) { errorBuffer.AppendLine("Certificate error."); errorBuffer.AppendLine(ex.Message); } return(false); } // many thanks to Jeff Wilcox for the idea and code // check for details: http://www.jeff.wilcox.name/2010/03/vsixcodesigning/ using (var package = Package.Open(vsixPackagePath)) { var signatureManager = new PackageDigitalSignatureManager(package); signatureManager.CertificateOption = CertificateEmbeddingOption.InSignaturePart; // select respective hashing algorithm (http://www.w3.org/TR/2001/WD-xmlenc-core-20010626/): if (arguments.HashAlgorithm == null || string.IsNullOrEmpty(arguments.HashAlgorithm.Uri)) { // fail gracefully: if (errorBuffer != null) { errorBuffer.AppendLine("Unable to sign VSIX with requested '" + (arguments.HashAlgorithm != null ? arguments.HashAlgorithm.Name : "<unknown>") + "' algorithm."); } return(false); } signatureManager.HashAlgorithm = arguments.HashAlgorithm.Uri; var partsToSign = new List <Uri>(); foreach (var packagePart in package.GetParts()) { if (signContentInVsix) { var fileName = Path.GetFileName(packagePart.Uri.OriginalString); var name = Path.Combine(Path.GetTempPath(), fileName); var extension = Path.GetExtension(name); using (var stream = packagePart.GetStream(FileMode.Open, FileAccess.Read)) { using (var fileStream = new FileStream(name, FileMode.Create)) { stream.CopyTo(fileStream); } } if ((extension.Equals(".dll") || extension.Equals(".exe")) && !VerifyBinaryDigitalSignature(name)) { if (!SignBinary(name, arguments, outputBuffer, errorBuffer)) { return(false); } using (var stream = packagePart.GetStream(FileMode.Open, FileAccess.Write)) { using (var fileStream = new FileStream(name, FileMode.Open)) { fileStream.CopyTo(stream); } } } } partsToSign.Add(packagePart.Uri); } partsToSign.Add(PackUriHelper.GetRelationshipPartUri(signatureManager.SignatureOrigin)); partsToSign.Add(signatureManager.SignatureOrigin); partsToSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute))); try { signatureManager.Sign(partsToSign, arguments.Certificate); } catch (CryptographicException ex) { if (errorBuffer != null) { errorBuffer.AppendLine("Signing could not be completed: " + ex.Message); } return(false); } finally { signatureManager.HashAlgorithm = PackageDigitalSignatureManager.DefaultHashAlgorithm; } if (ValidateSignatures(package)) { if (outputBuffer != null) { outputBuffer.AppendLine("VSIX signing completed successfully."); } return(true); } if (outputBuffer != null) { outputBuffer.AppendLine("The digital signature is invalid, there may have been a problem with the signing process."); } return(false); } }
public PackageDigitalSignature Sign(IEnumerable<Uri> partList, X509Certificate certificate, bool embedCertificate, IEnumerable<PackageRelationshipSelector> relationshipSelectors, string id) { if (this._metroPackage == null) { throw new ObjectDisposedException("XpsManager"); } PackageDigitalSignatureManager manager = new PackageDigitalSignatureManager(this._metroPackage); if (embedCertificate) { manager.CertificateOption = CertificateEmbeddingOption.InCertificatePart; } else { manager.CertificateOption = CertificateEmbeddingOption.NotEmbedded; } if (id != null) { return manager.Sign(partList, certificate, relationshipSelectors, id); } return manager.Sign(partList, certificate, relationshipSelectors); }
// TODO (Andreas Orzelski, 2020-08-01): The signature file and [Content_Types].xml can be tampered? // Is this an issue? /// <summary> /// Will sign all parts and relationships in the package (any modification will invalidate the signature) /// Will prompt the user to select a certificate to sign with. /// New files can be added to the package, but they will not be signed, /// therefore easy to detect during verification. /// </summary> /// <param name="packagePath"></param> /// <param name="storeName"></param> public static void SignAll(string packagePath, string storeName = "My") { using (Package package = Package.Open(packagePath, FileMode.Open)) { // Create the DigitalSignature Manager PackageDigitalSignatureManager dsm = new PackageDigitalSignatureManager(package); dsm.CertificateOption = CertificateEmbeddingOption.InSignaturePart; // Create a list of all the part URIs in the package to sign // (GetParts() also includes PackageRelationship parts). System.Collections.Generic.List <Uri> toSign = new System.Collections.Generic.List <Uri>(); foreach (PackagePart packagePart in package.GetParts()) { // Add all package parts to the list for signing. toSign.Add(packagePart.Uri); } // Create list of selectors for the list of relationships List <PackageRelationshipSelector> relationshipSelectors = new List <PackageRelationshipSelector>(); // Create one selector for each package-level relationship, based on id foreach (PackageRelationship relationship in package.GetRelationships()) { relationshipSelectors.Add( new PackageRelationshipSelector( relationship.SourceUri, PackageRelationshipSelectorType.Id, relationship.Id)); } // For parts-level relationships ... foreach (PackagePart packagePart in package.GetParts()) { try { foreach (PackageRelationship relationship in packagePart.GetRelationships()) { relationshipSelectors.Add( new PackageRelationshipSelector( relationship.SourceUri, PackageRelationshipSelectorType.Id, relationship.Id)); } } catch (Exception ex) { AdminShellNS.LogInternally.That.SilentlyIgnoredError(ex); } } // Also sign the SignatureOrigin part. toSign.Add(dsm.SignatureOrigin); // Add the URI for SignatureOrigin PackageRelationship part. // The SignatureOrigin relationship is created when Sign() is called. // Signing the SignatureOrigin relationship disables counter-signatures. toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin)); // Sign all relationships entry of signature-origin inside the root .rels file relationshipSelectors.Add( new PackageRelationshipSelector( new Uri("/", UriKind.Relative), PackageRelationshipSelectorType.Type, "http://schemas.openxmlformats.org/package/2006/relationships/digital-signature/origin")); // Sign() will prompt the user to select a Certificate to sign with. try { var dlg = new OpenFileDialog(); try { dlg.InitialDirectory = System.IO.Path.GetDirectoryName("\\"); } catch (Exception ex) { AdminShellNS.LogInternally.That.SilentlyIgnoredError(ex); } dlg.Filter = ".pfx files (*.pfx)|*.pfx"; dlg.ShowDialog(); X509Certificate2 x509 = new X509Certificate2(dlg.FileName, "i40"); X509Certificate2Collection scollection = new X509Certificate2Collection(x509); dsm.Sign(toSign, scollection[0], relationshipSelectors); } // If there are no certificates or the SmartCard manager is // not running, catch the exception and show an error message. catch (CryptographicException ex) { MessageBox.Show( "Cannot Sign\n" + ex.Message, "Error signing", MessageBoxButtons.OK, MessageBoxIcon.Error); } } }