public IEnumerable <PackageVerifierIssue> Validate(PackageAnalysisContext context) { if (context.Metadata.IsDotNetToolPackage()) { yield break; } foreach (var currentFile in context.PackageReader.GetFiles()) { var extension = Path.GetExtension(currentFile); if (extension.Equals(".dll", StringComparison.OrdinalIgnoreCase) || extension.Equals(".exe", StringComparison.OrdinalIgnoreCase)) { string assemblyPath; do { assemblyPath = Path.ChangeExtension( Path.Combine(Path.GetTempPath(), Path.GetRandomFileName()), extension); } while (File.Exists(assemblyPath)); var isManagedCode = false; var isStrongNameSigned = false; var hasCorrectPublicKeyToken = false; var hresult = 0; try { using (var packageFileStream = context.PackageReader.GetStream(currentFile)) using (var fileStream = new FileStream(assemblyPath, FileMode.Create)) { packageFileStream.CopyTo(fileStream); } if (AssemblyHelpers.IsAssemblyManaged(assemblyPath)) { isManagedCode = true; using (var assembly = AssemblyDefinition.ReadAssembly(assemblyPath)) { if (assembly.Modules.Any()) { isStrongNameSigned = assembly.Modules.All( module => module.Attributes.HasFlag(ModuleAttributes.StrongNameSigned)); } else { throw new InvalidOperationException("The managed assembly does not contain any modules."); } var tokenHexString = BitConverter.ToString(assembly.Name.PublicKeyToken).Replace("-", ""); if (_publicKeyToken.Equals(tokenHexString, StringComparison.OrdinalIgnoreCase)) { hasCorrectPublicKeyToken = true; } } } } catch (Exception ex) { context.Logger.LogError( "Error while verifying strong name signature for {0}: {1}", currentFile, ex.Message); } finally { if (File.Exists(assemblyPath)) { File.Delete(assemblyPath); } } if (isManagedCode && !isStrongNameSigned) { yield return(PackageIssueFactory.AssemblyNotStrongNameSigned(currentFile, hresult)); } if (isManagedCode && !hasCorrectPublicKeyToken) { yield return(PackageIssueFactory.AssemblyHasWrongPublicKeyToken(currentFile, _publicKeyToken)); } } } }