private static void StrongNameSignManifestDom(XmlDocument manifestDom, XmlDocument licenseDom, CmiManifestSigner2 signer, bool useSha256) { RSA snKey = signer.StrongNameKey as RSA; // Make sure it is RSA, as this is the only one Fusion will support. if (snKey == null) { throw new NotSupportedException(); } // Setup namespace manager. XmlNamespaceManager nsm = new XmlNamespaceManager(manifestDom.NameTable); nsm.AddNamespace("asm", AssemblyNamespaceUri); // Get to root element. XmlElement signatureParent = manifestDom.SelectSingleNode("asm:assembly", nsm) as XmlElement; if (signatureParent == null) { throw new CryptographicException(Win32.TRUST_E_SUBJECT_FORM_UNKNOWN); } if (signer.StrongNameKey.GetType() != typeof(RSACryptoServiceProvider)) { throw new NotSupportedException(); } // Setup up XMLDSIG engine. ManifestSignedXml2 signedXml = new ManifestSignedXml2(signatureParent); signedXml.SigningKey = GetFixedRSACryptoServiceProvider(signer.StrongNameKey as RSACryptoServiceProvider, useSha256); signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; if (signer.UseSha256) signedXml.SignedInfo.SignatureMethod = Sha256SignatureMethodUri; // Add the key information. signedXml.KeyInfo.AddClause(new RSAKeyValue(snKey)); if (licenseDom != null) { signedXml.KeyInfo.AddClause(new KeyInfoNode(licenseDom.DocumentElement)); } signedXml.KeyInfo.Id = "StrongNameKeyInfo"; // Add the enveloped reference. Reference enveloped = new Reference(); enveloped.Uri = ""; if (signer.UseSha256) enveloped.DigestMethod = Sha256DigestMethod; // Add an enveloped then Exc-C14N transform. enveloped.AddTransform(new XmlDsigEnvelopedSignatureTransform()); enveloped.AddTransform(new XmlDsigExcC14NTransform()); signedXml.AddReference(enveloped); #if (false) // DSIE: New format does not sign KeyInfo. // Add the key info reference. Reference strongNameKeyInfo = new Reference(); strongNameKeyInfo.Uri = "#StrongNameKeyInfo"; strongNameKeyInfo.AddTransform(new XmlDsigExcC14NTransform()); signedXml.AddReference(strongNameKeyInfo); #endif // Compute the signature. signedXml.ComputeSignature(); // Get the XML representation XmlElement xmlDigitalSignature = signedXml.GetXml(); xmlDigitalSignature.SetAttribute("Id", "StrongNameSignature"); // Insert the signature now. signatureParent.AppendChild(xmlDigitalSignature); }
private static void StrongNameSignManifestDom(XmlDocument manifestDom, XmlDocument licenseDom, CmiManifestSigner2 signer, bool useSha256) { RSA snKey = signer.StrongNameKey as RSA; // Make sure it is RSA, as this is the only one Fusion will support. if (snKey == null) { throw new NotSupportedException(); } // Setup namespace manager. XmlNamespaceManager nsm = new XmlNamespaceManager(manifestDom.NameTable); nsm.AddNamespace("asm", AssemblyNamespaceUri); // Get to root element. XmlElement signatureParent = manifestDom.SelectSingleNode("asm:assembly", nsm) as XmlElement; if (signatureParent == null) { throw new CryptographicException(Win32.TRUST_E_SUBJECT_FORM_UNKNOWN); } if (!(signer.StrongNameKey is RSA)) { throw new NotSupportedException(); } // Setup up XMLDSIG engine. ManifestSignedXml2 signedXml = new ManifestSignedXml2(signatureParent); if (signer.StrongNameKey is RSACryptoServiceProvider) { signedXml.SigningKey = GetFixedRSACryptoServiceProvider(signer.StrongNameKey as RSACryptoServiceProvider, useSha256); } else { signedXml.SigningKey = signer.StrongNameKey; } signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; if (signer.UseSha256) { signedXml.SignedInfo.SignatureMethod = Sha256SignatureMethodUri; } else { signedXml.SignedInfo.SignatureMethod = Sha1SignatureMethodUri; } // Add the key information. signedXml.KeyInfo.AddClause(new RSAKeyValue(snKey)); if (licenseDom != null) { signedXml.KeyInfo.AddClause(new KeyInfoNode(licenseDom.DocumentElement)); } signedXml.KeyInfo.Id = "StrongNameKeyInfo"; // Add the enveloped reference. Reference enveloped = new Reference(); enveloped.Uri = ""; if (signer.UseSha256) { enveloped.DigestMethod = Sha256DigestMethod; } else { enveloped.DigestMethod = Sha1DigestMethod; } // Add an enveloped then Exc-C14N transform. enveloped.AddTransform(new XmlDsigEnvelopedSignatureTransform()); enveloped.AddTransform(new XmlDsigExcC14NTransform()); signedXml.AddReference(enveloped); #if (false) // DSIE: New format does not sign KeyInfo. // Add the key info reference. Reference strongNameKeyInfo = new Reference(); strongNameKeyInfo.Uri = "#StrongNameKeyInfo"; strongNameKeyInfo.AddTransform(new XmlDsigExcC14NTransform()); signedXml.AddReference(strongNameKeyInfo); #endif // Compute the signature. signedXml.ComputeSignature(); // Get the XML representation XmlElement xmlDigitalSignature = signedXml.GetXml(); xmlDigitalSignature.SetAttribute("Id", "StrongNameSignature"); // Insert the signature now. signatureParent.AppendChild(xmlDigitalSignature); }
private static void AuthenticodeSignLicenseDom(XmlDocument licenseDom, CmiManifestSigner2 signer, string timeStampUrl, bool useSha256) { // Make sure it is RSA, as this is the only one Fusion will support. if (signer.Certificate.PublicKey.Key.GetType() != typeof(RSACryptoServiceProvider)) { throw new NotSupportedException(); } if (signer.Certificate.PrivateKey.GetType() != typeof(RSACryptoServiceProvider)) { throw new NotSupportedException(); } // Setup up XMLDSIG engine. ManifestSignedXml2 signedXml = new ManifestSignedXml2(licenseDom); signedXml.SigningKey = GetFixedRSACryptoServiceProvider(signer.Certificate.PrivateKey as RSACryptoServiceProvider, useSha256); signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; if (signer.UseSha256) signedXml.SignedInfo.SignatureMethod = Sha256SignatureMethodUri; // Add the key information. signedXml.KeyInfo.AddClause(new RSAKeyValue(GetFixedRSACryptoServiceProvider(signer.Certificate.PrivateKey as RSACryptoServiceProvider, useSha256) as RSA)); signedXml.KeyInfo.AddClause(new KeyInfoX509Data(signer.Certificate, signer.IncludeOption)); // Add the enveloped reference. Reference reference = new Reference(); reference.Uri = ""; if (signer.UseSha256) reference.DigestMethod = Sha256DigestMethod; // Add an enveloped and an Exc-C14N transform. reference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); #if (false) // BUGBUG: LTA transform complaining about issuer node not found. reference.AddTransform(new XmlLicenseTransform()); #endif reference.AddTransform(new XmlDsigExcC14NTransform()); // Add the reference. signedXml.AddReference(reference); // Compute the signature. signedXml.ComputeSignature(); // Get the XML representation XmlElement xmlDigitalSignature = signedXml.GetXml(); xmlDigitalSignature.SetAttribute("Id", "AuthenticodeSignature"); // Insert the signature node under the issuer element. XmlNamespaceManager nsm = new XmlNamespaceManager(licenseDom.NameTable); nsm.AddNamespace("r", LicenseNamespaceUri); XmlElement issuerNode = licenseDom.SelectSingleNode("r:license/r:issuer", nsm) as XmlElement; issuerNode.AppendChild(licenseDom.ImportNode(xmlDigitalSignature, true)); // Time stamp it if requested. if (timeStampUrl != null && timeStampUrl.Length != 0) { TimestampSignedLicenseDom(licenseDom, timeStampUrl); } // Wrap it inside a RelData element. licenseDom.DocumentElement.ParentNode.InnerXml = "<msrel:RelData xmlns:msrel=\"" + MSRelNamespaceUri + "\">" + licenseDom.OuterXml + "</msrel:RelData>"; }
private static void AuthenticodeSignLicenseDom(XmlDocument licenseDom, CmiManifestSigner2 signer, string timeStampUrl, bool useSha256) { // Make sure it is RSA, as this is the only one Fusion will support. RSA rsaPrivateKey = CngLightup.GetRSAPrivateKey(signer.Certificate); if (rsaPrivateKey == null) { throw new NotSupportedException(); } // Setup up XMLDSIG engine. ManifestSignedXml2 signedXml = new ManifestSignedXml2(licenseDom); // only needs to change the provider type when RSACryptoServiceProvider is used var rsaCsp = rsaPrivateKey is RSACryptoServiceProvider? GetFixedRSACryptoServiceProvider(rsaPrivateKey as RSACryptoServiceProvider, useSha256) : rsaPrivateKey; signedXml.SigningKey = rsaCsp; signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; if (signer.UseSha256) { signedXml.SignedInfo.SignatureMethod = Sha256SignatureMethodUri; } else { signedXml.SignedInfo.SignatureMethod = Sha1SignatureMethodUri; } // Add the key information. signedXml.KeyInfo.AddClause(new RSAKeyValue(rsaCsp)); signedXml.KeyInfo.AddClause(new KeyInfoX509Data(signer.Certificate, signer.IncludeOption)); // Add the enveloped reference. Reference reference = new Reference(); reference.Uri = ""; if (signer.UseSha256) { reference.DigestMethod = Sha256DigestMethod; } else { reference.DigestMethod = Sha1DigestMethod; } // Add an enveloped and an Exc-C14N transform. reference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); #if (false) // BUGBUG: LTA transform complaining about issuer node not found. reference.AddTransform(new XmlLicenseTransform()); #endif reference.AddTransform(new XmlDsigExcC14NTransform()); // Add the reference. signedXml.AddReference(reference); // Compute the signature. signedXml.ComputeSignature(); // Get the XML representation XmlElement xmlDigitalSignature = signedXml.GetXml(); xmlDigitalSignature.SetAttribute("Id", "AuthenticodeSignature"); // Insert the signature node under the issuer element. XmlNamespaceManager nsm = new XmlNamespaceManager(licenseDom.NameTable); nsm.AddNamespace("r", LicenseNamespaceUri); XmlElement issuerNode = licenseDom.SelectSingleNode("r:license/r:issuer", nsm) as XmlElement; issuerNode.AppendChild(licenseDom.ImportNode(xmlDigitalSignature, true)); // Time stamp it if requested. if (timeStampUrl != null && timeStampUrl.Length != 0) { TimestampSignedLicenseDom(licenseDom, timeStampUrl); } // Wrap it inside a RelData element. licenseDom.DocumentElement.ParentNode.InnerXml = "<msrel:RelData xmlns:msrel=\"" + MSRelNamespaceUri + "\">" + licenseDom.OuterXml + "</msrel:RelData>"; }