private static void SignFileInternal(X509Certificate2 cert, Uri timestampUrl, string path, bool targetFrameworkSupportsSha256, System.Resources.ResourceManager resources)
{
if (cert == null)
{
throw new ArgumentNullException(nameof(cert));
}
if (String.IsNullOrEmpty(path))
{
throw new ArgumentNullException(nameof(path));
}
if (!FileSystems.Default.FileExists(path))
{
throw new FileNotFoundException(String.Format(CultureInfo.InvariantCulture, resources.GetString("SecurityUtil.SignTargetNotFound"), path), path);
}
bool useSha256 = UseSha256Algorithm(cert) && targetFrameworkSupportsSha256;
if (PathUtil.IsPEFile(path))
{
if (IsCertInStore(cert))
{
SignPEFile(cert, timestampUrl, path, resources, useSha256);
}
else
{
throw new InvalidOperationException(resources.GetString("SignFile.CertNotInStore"));
}
}
else
{
using (RSA rsa = CngLightup.GetRSAPrivateKey(cert))
{
if (rsa == null)
{
throw new ApplicationException(resources.GetString("SecurityUtil.OnlyRSACertsAreAllowed"));
}
try
{
var doc = new XmlDocument {
PreserveWhitespace = true
};
var xrSettings = new XmlReaderSettings {
DtdProcessing = DtdProcessing.Ignore
};
using (XmlReader xr = XmlReader.Create(path, xrSettings))
{
doc.Load(xr);
}
var manifest = new SignedCmiManifest2(doc, useSha256);
CmiManifestSigner2 signer;
if (useSha256 && rsa is RSACryptoServiceProvider)
{
RSACryptoServiceProvider csp = SignedCmiManifest2.GetFixedRSACryptoServiceProvider(rsa as RSACryptoServiceProvider, useSha256);
signer = new CmiManifestSigner2(csp, cert, useSha256);
}
else
{
signer = new CmiManifestSigner2(rsa, cert, useSha256);
}
if (timestampUrl == null)
{
manifest.Sign(signer);
}
else
{
manifest.Sign(signer, timestampUrl.ToString());
}
doc.Save(path);
}
catch (Exception ex)
{
int exceptionHR = Marshal.GetHRForException(ex);
if (exceptionHR == -2147012889 || exceptionHR == -2147012867)
{
throw new ApplicationException(resources.GetString("SecurityUtil.TimestampUrlNotFound"), ex);
}
throw new ApplicationException(ex.Message, ex);
}
}
}
}
private void ValidateReferencesForClickOnceApplication()
{
int t1 = Environment.TickCount;
bool isPartialTrust = !TrustInfo.IsFullTrust;
Dictionary <string, NGen <bool> > targetPathList = new Dictionary <string, NGen <bool> >();
foreach (AssemblyReference assembly in AssemblyReferences)
{
// Check all resolved dependencies for partial trust apps...
if (isPartialTrust && (assembly != EntryPoint) && !String.IsNullOrEmpty(assembly.ResolvedPath))
{
ValidateReferenceForPartialTrust(assembly, TrustInfo);
}
// Check TargetPath for all local dependencies, ignoring any Prerequisites
if (!assembly.IsPrerequisite && !String.IsNullOrEmpty(assembly.TargetPath))
{
// Check target path does not exceed maximum...
if (_maxTargetPath > 0 && assembly.TargetPath.Length > _maxTargetPath)
{
OutputMessages.AddWarningMessage("GenerateManifest.TargetPathTooLong", assembly.ToString(), _maxTargetPath.ToString(CultureInfo.CurrentCulture));
}
// Check for two or more items with the same TargetPath...
string key = assembly.TargetPath.ToLowerInvariant();
if (!targetPathList.ContainsKey(key))
{
targetPathList.Add(key, false);
}
else if (targetPathList[key] == false)
{
OutputMessages.AddWarningMessage("GenerateManifest.DuplicateTargetPath", assembly.ToString());
targetPathList[key] = true; // only warn once per path
}
}
else
{
// Check assembly name does not exceed maximum...
if (_maxTargetPath > 0 && assembly.AssemblyIdentity.Name.Length > _maxTargetPath)
{
OutputMessages.AddWarningMessage("GenerateManifest.TargetPathTooLong", assembly.AssemblyIdentity.Name, _maxTargetPath.ToString(CultureInfo.CurrentCulture));
}
}
// Check that all prerequisites are strong named...
if (assembly.IsPrerequisite && !assembly.AssemblyIdentity.IsStrongName && !assembly.IsVirtual)
{
OutputMessages.AddErrorMessage("GenerateManifest.PrerequisiteNotSigned", assembly.ToString());
}
}
foreach (FileReference file in FileReferences)
{
// Check that file is not an assembly...
if (!String.IsNullOrEmpty(file.ResolvedPath) && PathUtil.IsAssembly(file.ResolvedPath))
{
OutputMessages.AddWarningMessage("GenerateManifest.AssemblyAsFile", file.ToString());
}
if (!String.IsNullOrEmpty(file.TargetPath))
{
// Check target path does not exceed maximum...
if (_maxTargetPath > 0 && file.TargetPath.Length > _maxTargetPath)
{
OutputMessages.AddWarningMessage("GenerateManifest.TargetPathTooLong", file.TargetPath, _maxTargetPath.ToString(CultureInfo.CurrentCulture));
}
// Check for two or more items with the same TargetPath...
string key = file.TargetPath.ToLowerInvariant();
if (!targetPathList.ContainsKey(key))
{
targetPathList.Add(key, false);
}
else if (targetPathList[key] == false)
{
OutputMessages.AddWarningMessage("GenerateManifest.DuplicateTargetPath", file.TargetPath);
targetPathList[key] = true; // only warn once per path
}
}
}
Util.WriteLog(String.Format(CultureInfo.CurrentCulture, "GenerateManifest.CheckManifestReferences t={0}", Environment.TickCount - t1));
}
private static void SignFileInternal(X509Certificate2 cert, Uri timestampUrl, string path, bool targetFrameworkSupportsSha256, System.Resources.ResourceManager resources)
{
if (cert == null)
{
throw new ArgumentNullException("cert");
}
if (String.IsNullOrEmpty(path))
{
throw new ArgumentNullException("path");
}
if (!File.Exists(path))
{
throw new FileNotFoundException(String.Format(CultureInfo.InvariantCulture, resources.GetString("SecurityUtil.SignTargetNotFound"), path), path);
}
bool useSha256 = UseSha256Algorithm(cert) && targetFrameworkSupportsSha256;
if (PathUtil.IsPEFile(path))
{
if (IsCertInStore(cert))
{
SignPEFile(cert, timestampUrl, path, resources, useSha256);
}
else
{
throw new InvalidOperationException(resources.GetString("SignFile.CertNotInStore"));
}
}
else
{
if (cert.PrivateKey == null)
{
throw new InvalidOperationException(resources.GetString("SignFile.CertMissingPrivateKey"));
}
if (cert.PrivateKey.GetType() != typeof(RSACryptoServiceProvider))
{
throw new ApplicationException(resources.GetString("SecurityUtil.OnlyRSACertsAreAllowed"));
}
try
{
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
XmlReaderSettings xrSettings = new XmlReaderSettings();
xrSettings.DtdProcessing = DtdProcessing.Ignore;
using (XmlReader xr = XmlReader.Create(path, xrSettings))
{
doc.Load(xr);
}
SignedCmiManifest2 manifest = new SignedCmiManifest2(doc, useSha256);
RSACryptoServiceProvider csp;
if (useSha256)
{
csp = SignedCmiManifest2.GetFixedRSACryptoServiceProvider(cert.PrivateKey as RSACryptoServiceProvider, useSha256);
}
else
{
csp = cert.PrivateKey as RSACryptoServiceProvider;
}
CmiManifestSigner2 signer = new CmiManifestSigner2(csp, cert, useSha256);
if (timestampUrl == null)
{
manifest.Sign(signer);
}
else
{
manifest.Sign(signer, timestampUrl.ToString());
}
doc.Save(path);
}
catch (Exception ex)
{
int exceptionHR = System.Runtime.InteropServices.Marshal.GetHRForException(ex);
if (exceptionHR == -2147012889 || exceptionHR == -2147012867)
{
throw new ApplicationException(resources.GetString("SecurityUtil.TimestampUrlNotFound"), ex);
}
throw new ApplicationException(ex.Message, ex);
}
}
}
