public override bool Execute()
{
using (Package package = Package.Open(PackageFile, FileMode.Open))
{
try
{
PackageDigitalSignatureManager signatureManager = new PackageDigitalSignatureManager(package);
signatureManager.CertificateOption = CertificateEmbeddingOption.InSignaturePart;
List<Uri> toSign = package.GetParts().Select(part => part.Uri).ToList();
toSign.Add(PackUriHelper.GetRelationshipPartUri(signatureManager.SignatureOrigin));
toSign.Add(signatureManager.SignatureOrigin);
toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));
signatureManager.Sign(toSign, new X509Certificate2(Certificate, CertificatePassword));
return true;
}
catch (Exception ex)
{
Log.LogError("Error signing package: ", ex);
return false;
}
}
}
public static OpenXmlPowerToolsDocument Insert(OpenXmlPowerToolsDocument doc, IEnumerable<string> certificateList)
{
using (OpenXmlMemoryStreamDocument streamDoc = new OpenXmlMemoryStreamDocument(doc))
{
using (Package package = streamDoc.GetPackage())
{
foreach (string digitalCertificate in certificateList)
{
X509Certificate x509Certificate = X509Certificate2.CreateFromCertFile(digitalCertificate);
PackageDigitalSignatureManager digitalSigntaureManager = new PackageDigitalSignatureManager(package);
digitalSigntaureManager.CertificateOption = CertificateEmbeddingOption.InSignaturePart;
System.Collections.Generic.List<Uri> partsToSign = new System.Collections.Generic.List<Uri>();
//Adds each part to the list, except relationships parts.
foreach (PackagePart openPackagePart in package.GetParts())
{
if (!PackUriHelper.IsRelationshipPartUri(openPackagePart.Uri))
partsToSign.Add(openPackagePart.Uri);
}
List<PackageRelationshipSelector> relationshipSelectors = new List<PackageRelationshipSelector>();
//Creates one selector for each package-level relationship, based on id
foreach (PackageRelationship relationship in package.GetRelationships())
{
PackageRelationshipSelector relationshipSelector =
new PackageRelationshipSelector(relationship.SourceUri, PackageRelationshipSelectorType.Id, relationship.Id);
relationshipSelectors.Add(relationshipSelector);
}
digitalSigntaureManager.Sign(partsToSign, x509Certificate, relationshipSelectors);
}
}
return streamDoc.GetModifiedDocument();
}
}
private static bool SignVsix(string vsixPackagePath, X509Certificate2 certificate)
{
// many thanks to Jeff Wilcox for the idea and code
// check for details: http://www.jeff.wilcox.name/2010/03/vsixcodesigning/
using (var package = Package.Open(vsixPackagePath))
{
var signatureManager = new PackageDigitalSignatureManager(package);
signatureManager.CertificateOption = CertificateEmbeddingOption.InSignaturePart;
var partsToSign = new List<Uri>();
foreach (var packagePart in package.GetParts())
{
partsToSign.Add(packagePart.Uri);
}
partsToSign.Add(PackUriHelper.GetRelationshipPartUri(signatureManager.SignatureOrigin));
partsToSign.Add(signatureManager.SignatureOrigin);
partsToSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));
try
{
signatureManager.Sign(partsToSign, certificate);
}
catch (CryptographicException)
{
return false;
}
return true;
}
}
private static void SignAllParts(Package package)
{
if (package == null)
throw new ArgumentNullException("SignAllParts(package)");
// Create the DigitalSignature Manager
PackageDigitalSignatureManager dsm =
new PackageDigitalSignatureManager(package);
dsm.CertificateOption =
CertificateEmbeddingOption.InSignaturePart;
// Create a list of all the part URIs in the package to sign
// (GetParts() also includes PackageRelationship parts).
System.Collections.Generic.List<Uri> toSign =
new System.Collections.Generic.List<Uri>();
foreach (PackagePart packagePart in package.GetParts())
{
// Add all package parts to the list for signing.
toSign.Add(packagePart.Uri);
}
// Add the URI for SignatureOrigin PackageRelationship part.
// The SignatureOrigin relationship is created when Sign() is called.
// Signing the SignatureOrigin relationship disables counter-signatures.
toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin));
// Also sign the SignatureOrigin part.
toSign.Add(dsm.SignatureOrigin);
// Add the package relationship to the signature origin to be signed.
toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));
// Sign() will prompt the user to select a Certificate to sign with.
try
{
dsm.Sign(toSign);
}
// If there are no certificates or the SmartCard manager is
// not running, catch the exception and show an error message.
catch (CryptographicException ex)
{
MessageBox.Show(
"Cannot Sign\n" + ex.Message,
"No Digital Certificates Available",
MessageBoxButton.OK,
MessageBoxImage.Exclamation);
}
}
/// <summary>
///
/// </summary>
/// <param name="path"></param>
/// <param name="overrideCurrentSignature"></param>
/// <from>http://msdn.microsoft.com/en-us/library/system.io.packaging.packagedigitalsignaturemanager.sign(v=vs.100).aspx</from>
public void Sign(string path, bool overrideCurrentSignature)
{
{
_log.Debug("We're going to try signing {0}, override current signature {1}".format(path,
overrideCurrentSignature));
var package = Package.Open(path);
_log.Debug("Opened {0}".format(path));
var signatureManager = new PackageDigitalSignatureManager(package)
{
CertificateOption = CertificateEmbeddingOption.InSignaturePart
};
if (signatureManager.IsSigned)
{
if (overrideCurrentSignature)
{
_log.Debug("{0} is signed we'll try to remove signatures".format(path));
//TODO: make smarter so we only remove signatures for the relevant parts
signatureManager.RemoveAllSignatures();
package.Flush();
}
else
{
_log.Debug("{0} is signed, we're going to throw".format(path));
throw new AlreadySignedException();
}
}
var toSign = package.GetParts().Select(packagePart => packagePart.Uri).ToList();
toSign.Add(PackUriHelper.GetRelationshipPartUri(signatureManager.SignatureOrigin));
toSign.Add(signatureManager.SignatureOrigin);
toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));
_log.Debug("About to start signing {0}".format(path));
signatureManager.Sign(toSign, Certificate);
_log.Debug("signed {0}, going to close".format(path));
package.Close();
_log.Debug("closed {0}".format(path));
}
GC.Collect();
}
/// <summary>
///
/// </summary>
/// <param name="path"></param>
/// <from>http://msdn.microsoft.com/en-us/library/system.io.packaging.packagedigitalsignaturemanager.sign(v=vs.100).aspx</from>
public void Sign(string path)
{
var package = Package.Open(path);
var signatureManager = new PackageDigitalSignatureManager(package);
signatureManager.CertificateOption = CertificateEmbeddingOption.InSignaturePart;
var toSign = new List<Uri>();
foreach (PackagePart packagePart in package.GetParts())
{
toSign.Add(packagePart.Uri);
}
toSign.Add(PackUriHelper.GetRelationshipPartUri(signatureManager.SignatureOrigin));
toSign.Add(signatureManager.SignatureOrigin);
toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));
signatureManager.Sign(toSign, Certificate);
package.Close();
}
/// <summary>
/// Main signing process
/// </summary>
/// <param name="package"></param>
/// <returns></returns>
private bool SignAllParts(Package package)
{
if (package == null)
throw new ArgumentNullException("SignAllParts(package)");
// Create the DigitalSignature Manager
PackageDigitalSignatureManager dsm =
new PackageDigitalSignatureManager(package);
dsm.CertificateOption =
CertificateEmbeddingOption.InSignaturePart;
// Create a list of all the part URIs in the package to sign
// (GetParts() also includes PackageRelationship parts).
System.Collections.Generic.List<Uri> toSign =
new System.Collections.Generic.List<Uri>();
foreach (PackagePart packagePart in package.GetParts())
{
// Add all package parts to the list for signing.
toSign.Add(packagePart.Uri);
}
// Add the URI for SignatureOrigin PackageRelationship part.
// The SignatureOrigin relationship is created when Sign() is called.
// Signing the SignatureOrigin relationship disables counter-signatures.
toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin));
// Also sign the SignatureOrigin part.
toSign.Add(dsm.SignatureOrigin);
// Add the package relationship to the signature origin to be signed.
toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));
// Sign() will prompt the user to select a Certificate to sign with.
try
{
var cert = new X509Certificate2(this.CertificatePath, (String.IsNullOrEmpty(this.CertificatePassword) ? null : this.CertificatePassword));
dsm.Sign(toSign, cert);
}
// If there are no certificates or the SmartCard manager is
// not running, catch the exception and show an error message.
catch (CryptographicException ex)
{
Console.WriteLine(
"Cannot Sign: {0}", ex.Message);
}
return dsm.IsSigned && dsm.VerifySignatures(true) == VerifyResult.Success;
}
private void SignAllParts(Package package, X509Certificate2 certificate)
{
var partsToSign = new List<Uri>();
var relationshipsToSign = new List<PackageRelationshipSelector>();
foreach (var relationship in package.GetRelationshipsByType(RtOfficeDocument))
{
AddSignableItems(relationship, partsToSign, relationshipsToSign);
}
var mgr = new PackageDigitalSignatureManager(package)
{
CertificateOption = CertificateEmbeddingOption.InSignaturePart
};
var officeObject = CreateOfficeObject(SignatureID, ManifestHashAlgorithm);
var officeObjectReference = new Reference("#" + OfficeObjectID);
mgr.Sign(partsToSign,
certificate,
relationshipsToSign,
SignatureID,
new[] { officeObject },
new[] { officeObjectReference });
package.Close();
}
