public void ShouldSupportReSigningWithDifferentCertificate()
        {
            string path;

            using (var package = ShadowCopyPackage(SamplePackage, out path, OpcPackageFileMode.ReadWrite))
            {
                var signerBuilder = package.CreateSignatureBuilder();
                signerBuilder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>();
                var rsaSha1Cert = new X509Certificate2(CertPath("rsa-2048-sha1.pfx"), "test");
                signerBuilder.Sign(
                    new SignConfigurationSet(
                        publicCertificate: rsaSha1Cert,
                        signatureDigestAlgorithm: HashAlgorithmName.SHA256,
                        fileDigestAlgorithm: HashAlgorithmName.SHA256,
                        signingKey: rsaSha1Cert.GetRSAPrivateKey()
                        ));
            }
            using (var package = OpcPackage.Open(path, OpcPackageFileMode.ReadWrite))
            {
                var signerBuilder = package.CreateSignatureBuilder();
                signerBuilder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>();
                var rsaSha256Cert = new X509Certificate2(CertPath("rsa-2048-sha256.pfx"), "test");
                signerBuilder.Sign(
                    new SignConfigurationSet(
                        publicCertificate: rsaSha256Cert,
                        signatureDigestAlgorithm: HashAlgorithmName.SHA256,
                        fileDigestAlgorithm: HashAlgorithmName.SHA256,
                        signingKey: rsaSha256Cert.GetRSAPrivateKey()
                        ));
            }
            using (var netfxPackage = OpcPackage.Open(path))
            {
                Assert.NotEmpty(netfxPackage.GetSignatures());
            }
        }
예제 #2
0
        public int Unsign(CommandArgument vsixPath)
        {
            var vsixPathValue = vsixPath.Value;

            if (!File.Exists(vsixPathValue))
            {
                _unsignConfiguration.Out.WriteLine("Specified file does not exist.");
                return(SignCommand.EXIT_CODES.INVALID_OPTIONS);
            }
            using (var package = OpcPackage.Open(vsixPathValue, OpcPackageFileMode.ReadWrite))
            {
                var unsigned = false;
                foreach (var signature in package.GetSignatures())
                {
                    unsigned = true;
                    signature.Remove();
                }
                if (!unsigned)
                {
                    _unsignConfiguration.Out.WriteLine("Specified VSIX is not signed.");
                    return(EXIT_CODES.FAILED);
                }
                _unsignConfiguration.Out.WriteLine("The unsigning operation is complete.");
                return(EXIT_CODES.SUCCESS);
            }
        }
예제 #3
0
        public async Task ShouldSignWithAzureCertificateAndTimestamp()
        {
            var    creds = TestAzureCredentials.Credentials;
            string path;

            using (var package = ShadowCopyPackage(SamplePackage, out path, OpcPackageFileMode.ReadWrite))
            {
                var builder = package.CreateSignatureBuilder();
                builder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>();
                var signature = await builder.SignAsync(
                    new AzureKeyVaultSignConfigurationSet
                {
                    FileDigestAlgorithm          = HashAlgorithmName.SHA256,
                    PkcsDigestAlgorithm          = HashAlgorithmName.SHA256,
                    AzureClientId                = creds.ClientId,
                    AzureClientSecret            = creds.ClientSecret,
                    AzureKeyVaultUrl             = creds.AzureKeyVaultUrl,
                    AzureKeyVaultCertificateName = creds.AzureKeyVaultCertificateName
                }
                    );

                Assert.NotNull(signature);
                var timestampBuilder = signature.CreateTimestampBuilder();
                var timestampServer  = new Uri("http://timestamp.digicert.com", UriKind.Absolute);
                var result           = await timestampBuilder.SignAsync(timestampServer, HashAlgorithmName.SHA256);
            }

            using (var netfxPackage = OpcPackage.Open(path))
            {
                Assert.NotEmpty(netfxPackage.GetSignatures());
            }
        }
예제 #4
0
 public void ShouldReturnEmptyEnumerableForNoSignatureOriginRelationship()
 {
     using (var package = OpcPackage.Open(SamplePackage))
     {
         Assert.Empty(package.GetSignatures());
     }
 }
예제 #5
0
 public void ShouldReturnSignatureForSignedPackage()
 {
     using (var package = OpcPackage.Open(SamplePackageSigned))
     {
         Assert.NotEmpty(package.GetSignatures());
     }
 }
        public void ShouldRemoveSignature()
        {
            string path;

            using (var package = ShadowCopyPackage(SamplePackage, out path, OpcPackageFileMode.ReadWrite))
            {
                var certificate   = new X509Certificate2(CertPath("rsa-2048-sha1.pfx"), "test");
                var signerBuilder = package.CreateSignatureBuilder();
                signerBuilder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>();
                signerBuilder.Sign(
                    new SignConfigurationSet(
                        publicCertificate: certificate,
                        signatureDigestAlgorithm: HashAlgorithmName.SHA1,
                        fileDigestAlgorithm: HashAlgorithmName.SHA1,
                        signingKey: certificate.GetRSAPrivateKey()
                        ));
            }
            using (var package = OpcPackage.Open(path, OpcPackageFileMode.ReadWrite))
            {
                var signatures = package.GetSignatures().ToList();
                Assert.Single(signatures);
                var signature = signatures[0];
                signature.Remove();
                Assert.Null(signature.Part);
                Assert.Throws <InvalidOperationException>(() => signature.CreateTimestampBuilder());
                Assert.Empty(package.GetSignatures());
            }
        }
        public async Task ShouldSupportReSigningWithDifferentCertificate()
        {
            string path;

            using (var package = ShadowCopyPackage(SamplePackage, out path, OpcPackageFileMode.ReadWrite))
            {
                var signerBuilder = package.CreateSignatureBuilder();
                signerBuilder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>();
                await signerBuilder.SignAsync(
                    new CertificateSignConfigurationSet
                {
                    PkcsDigestAlgorithm = HashAlgorithmName.SHA1,
                    FileDigestAlgorithm = HashAlgorithmName.SHA1,
                    SigningCertificate  = new X509Certificate2(@"certs\rsa-2048-sha1.pfx", "test")
                }
                    );
            }
            using (var package = OpcPackage.Open(path, OpcPackageFileMode.ReadWrite))
            {
                var signerBuilder = package.CreateSignatureBuilder();
                signerBuilder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>();
                await signerBuilder.SignAsync(
                    new CertificateSignConfigurationSet
                {
                    PkcsDigestAlgorithm = HashAlgorithmName.SHA256,
                    FileDigestAlgorithm = HashAlgorithmName.SHA256,
                    SigningCertificate  = new X509Certificate2(@"certs\rsa-2048-sha256.pfx", "test")
                }
                    );
            }
            using (var netfxPackage = OpcPackage.Open(path))
            {
                Assert.NotEmpty(netfxPackage.GetSignatures());
            }
        }
예제 #8
0
        public void ShouldOpenAndDisposeAPackageAndDisposeIsIdempotent()
        {
            var package = OpcPackage.Open(SamplePackage);

            package.Dispose();
            package.Dispose();
        }
        public async Task ShouldRemoveSignature()
        {
            string path;

            using (var package = ShadowCopyPackage(SamplePackage, out path, OpcPackageFileMode.ReadWrite))
            {
                var signerBuilder = package.CreateSignatureBuilder();
                signerBuilder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>();
                await signerBuilder.SignAsync(
                    new CertificateSignConfigurationSet
                {
                    FileDigestAlgorithm = HashAlgorithmName.SHA1,
                    PkcsDigestAlgorithm = HashAlgorithmName.SHA1,
                    SigningCertificate  = new X509Certificate2(@"certs\rsa-2048-sha1.pfx", "test")
                }
                    );
            }
            using (var package = OpcPackage.Open(path, OpcPackageFileMode.ReadWrite))
            {
                var signatures = package.GetSignatures().ToList();
                Assert.Equal(1, signatures.Count);
                var signature = signatures[0];
                signature.Remove();
                Assert.Null(signature.Part);
                Assert.Throws <InvalidOperationException>(() => signature.CreateTimestampBuilder());
                Assert.Equal(0, package.GetSignatures().Count());
            }
        }
예제 #10
0
        async Task <bool> RunSignTool(string file, RsaSignConfigurationSet config, string timestampUrl, HashAlgorithmName alg)
        {
            // Append a sha256 signature
            using (var package = OpcPackage.Open(file, OpcPackageFileMode.ReadWrite))
            {
                var startTime = DateTimeOffset.UtcNow;
                var stopwatch = Stopwatch.StartNew();


                logger.LogInformation("Signing {fileName}", file);


                var signBuilder = package.CreateSignatureBuilder();
                signBuilder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>();

                var signature = await signBuilder.SignAsync(config);

                var failed = false;
                if (timestampUrl != null)
                {
                    var timestampBuilder = signature.CreateTimestampBuilder();
                    var result           = await timestampBuilder.SignAsync(new Uri(timestampUrl), alg);

                    if (result == TimestampResult.Failed)
                    {
                        failed = true;
                        logger.LogError("Error timestamping VSIX");
                    }
                }

                telemetryLogger.TrackSignToolDependency(signToolName, file, startTime, stopwatch.Elapsed, null, failed ? 1 : 0);

                return(!failed);
            }
        }
예제 #11
0
 public void ShouldEnumerateAllParts()
 {
     using (var package = OpcPackage.Open(SamplePackage))
     {
         var parts = package.GetParts().ToArray();
         Assert.Single(parts);
     }
 }
예제 #12
0
 public void ShouldEnumerateAllParts()
 {
     using (var package = OpcPackage.Open(SamplePackage))
     {
         var parts = package.GetParts().ToArray();
         Assert.Equal(2, parts.Length);
     }
 }
예제 #13
0
 public void ShouldNotAllowUpdatingContentTypesInReadOnly()
 {
     using (var package = OpcPackage.Open(SamplePackage))
     {
         var newItem      = new OpcContentType("test", "test", OpcContentTypeMode.Default);
         var contentTypes = package.ContentTypes;
         Assert.Throws <InvalidOperationException>(() => contentTypes.Add(newItem));
     }
 }
예제 #14
0
        public void ShouldOpenSinglePartByRelativeUri(string uri)
        {
            var partUri = new Uri(uri, UriKind.RelativeOrAbsolute);

            using (var package = OpcPackage.Open(SamplePackage))
            {
                Assert.NotNull(package.GetPart(partUri));
            }
        }
        private OpcPackage ShadowCopyPackage(string packagePath, out string path, OpcPackageFileMode mode = OpcPackageFileMode.Read)
        {
            var temp = Path.GetTempFileName();

            _shadowFiles.Add(temp);
            File.Copy(packagePath, temp, true);
            path = temp;
            return(OpcPackage.Open(temp, mode));
        }
예제 #16
0
 public void ShouldReadContentTypes()
 {
     using (var package = OpcPackage.Open(SamplePackage))
     {
         Assert.Equal(3, package.ContentTypes.Count);
         var first = package.ContentTypes[0];
         Assert.Equal("vsixmanifest", first.Extension);
         Assert.Equal("text/xml", first.ContentType);
         Assert.Equal(OpcContentTypeMode.Default, first.Mode);
     }
 }
예제 #17
0
 public void ShouldCreateSignatureBuilder()
 {
     using (var package = OpcPackage.Open(SamplePackage))
     {
         var builder = package.CreateSignatureBuilder();
         foreach (var part in package.GetParts())
         {
             builder.EnqueuePart(part);
             Assert.True(builder.DequeuePart(part));
         }
     }
 }
예제 #18
0
        public void ShouldAllowUpdatingContentType()
        {
            int    initialCount;
            string shadowPath;

            using (var package = ShadowCopyPackage(SamplePackage, out shadowPath, OpcPackageFileMode.ReadWrite))
            {
                initialCount = package.ContentTypes.Count;
                var newItem = new OpcContentType("test", "application/test", OpcContentTypeMode.Default);
                package.ContentTypes.Add(newItem);
            }
            using (var reopenedPackage = OpcPackage.Open(shadowPath))
            {
                Assert.Equal(initialCount + 1, reopenedPackage.ContentTypes.Count);
            }
        }
예제 #19
0
        public void ShouldAllowUpdatingRelationships()
        {
            int    initialCount;
            string shadowPath;

            using (var package = ShadowCopyPackage(SamplePackage, out shadowPath, OpcPackageFileMode.ReadWrite))
            {
                initialCount = package.Relationships.Count;
                var newItem = new OpcRelationship(new Uri("/test", UriKind.RelativeOrAbsolute), new Uri("/test", UriKind.RelativeOrAbsolute));
                package.Relationships.Add(newItem);
                Assert.True(newItem.Id != null && newItem.Id.Length == 9);
            }
            using (var reopenedPackage = OpcPackage.Open(shadowPath))
            {
                Assert.Equal(initialCount + 1, reopenedPackage.Relationships.Count);
            }
        }
예제 #20
0
        public void ShouldRemoveRelationshipsForRemovedPartWhereRelationshipIsNotMaterialized()
        {
            string path;

            using (var package = ShadowCopyPackage(SamplePackage, out path, OpcPackageFileMode.ReadWrite))
            {
                var partToRemove = new Uri("/extension.vsixmanifest", UriKind.Relative);
                var part         = package.GetPart(partToRemove);
                part.Relationships.Add(new OpcRelationship(new Uri("/foo", UriKind.Relative), new Uri("http://foo.com", UriKind.Absolute)));
                package.RemovePart(part);
            }
            using (var package = OpcPackage.Open(path))
            {
                var relationshipPartUri = new Uri("/_rels/extension.vsixmanifest.rels", UriKind.Relative);
                Assert.False(package.HasPart(relationshipPartUri));
                Assert.Null(package.GetPart(relationshipPartUri));
            }
        }
예제 #21
0
        public async Task ShouldSupportReSigningWithDifferentCertificate()
        {
            string path;

            using (var package = ShadowCopyPackage(SamplePackage, out path, OpcPackageFileMode.ReadWrite))
            {
                var signerBuilder = package.CreateSignatureBuilder();
                signerBuilder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>();
                await signerBuilder.SignAsync(
                    new CertificateSignConfigurationSet
                {
                    PkcsDigestAlgorithm = HashAlgorithmName.SHA1,
                    FileDigestAlgorithm = HashAlgorithmName.SHA1,
                    SigningCertificate  = new X509Certificate2(@"certs\rsa-2048-sha1.pfx", "test")
                }
                    );
            }
            using (var package = OpcPackage.Open(path, OpcPackageFileMode.ReadWrite))
            {
                var signerBuilder = package.CreateSignatureBuilder();
                signerBuilder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>();
                await signerBuilder.SignAsync(
                    new CertificateSignConfigurationSet
                {
                    PkcsDigestAlgorithm = HashAlgorithmName.SHA256,
                    FileDigestAlgorithm = HashAlgorithmName.SHA256,
                    SigningCertificate  = new X509Certificate2(@"certs\rsa-2048-sha256.pfx", "test")
                }
                    );
            }
            using (var netfxPackage = Package.Open(path, FileMode.Open))
            {
                var signatureManager = new PackageDigitalSignatureManager(netfxPackage);
                Assert.Equal(VerifyResult.Success, signatureManager.VerifySignatures(true));
                if (signatureManager.Signatures.Count != 1 || signatureManager.Signatures[0].SignedParts.Count != netfxPackage.GetParts().Count() - 1)
                {
                    Assert.True(false, "Missing parts");
                }
                var packageSignature = signatureManager.Signatures[0];
                Assert.Equal(OpcKnownUris.SignatureAlgorithms.rsaSHA256.AbsoluteUri, packageSignature.Signature.SignedInfo.SignatureMethod);
            }
        }
예제 #22
0
        private async Task <int> PerformAzureSignOnVsixAsync(string vsixPath, bool force,
                                                             Uri timestampUri, HashAlgorithmName fileDigestAlgorithm, HashAlgorithmName timestampDigestAlgorithm,
                                                             string azureUri, string azureClientId, string azureClientCertificateName, string azureClientSecret, string azureAccessToken
                                                             )
        {
            using (var package = OpcPackage.Open(vsixPath, OpcPackageFileMode.ReadWrite))
            {
                if (package.GetSignatures().Any() && !force)
                {
                    _signCommandApplication.Out.WriteLine("The VSIX is already signed.");
                    return(EXIT_CODES.FAILED);
                }
                var signBuilder = package.CreateSignatureBuilder();
                signBuilder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>();
                var signingConfiguration = new AzureKeyVaultSignConfigurationSet
                {
                    FileDigestAlgorithm          = fileDigestAlgorithm,
                    PkcsDigestAlgorithm          = fileDigestAlgorithm,
                    AzureClientId                = azureClientId,
                    AzureClientSecret            = azureClientSecret,
                    AzureKeyVaultCertificateName = azureClientCertificateName,
                    AzureKeyVaultUrl             = azureUri,
                    AzureAccessToken             = azureAccessToken
                };

                var signature = await signBuilder.SignAsync(signingConfiguration);

                if (timestampUri != null)
                {
                    var timestampBuilder = signature.CreateTimestampBuilder();
                    var result           = await timestampBuilder.SignAsync(timestampUri, timestampDigestAlgorithm);

                    if (result == TimestampResult.Failed)
                    {
                        return(EXIT_CODES.FAILED);
                    }
                }
                _signCommandApplication.Out.WriteLine("The signing operation is complete.");
                return(EXIT_CODES.SUCCESS);
            }
        }
예제 #23
0
        private async Task <int> PerformSignOnVsixAsync(string vsixPath, bool force,
                                                        Uri timestampUri, HashAlgorithmName fileDigestAlgorithm, HashAlgorithmName timestampDigestAlgorithm,
                                                        X509Certificate2 certificate, AsymmetricAlgorithm signingKey
                                                        )
        {
            using (var package = OpcPackage.Open(vsixPath, OpcPackageFileMode.ReadWrite))
            {
                if (package.GetSignatures().Any() && !force)
                {
                    _signCommandApplication.Out.WriteLine("The VSIX is already signed.");
                    return(EXIT_CODES.FAILED);
                }
                var signBuilder = package.CreateSignatureBuilder();
                signBuilder.EnqueueNamedPreset <VSIXSignatureBuilderPreset>();
                var signingConfiguration = new SignConfigurationSet
                                           (
                    fileDigestAlgorithm: fileDigestAlgorithm,
                    signatureDigestAlgorithm: fileDigestAlgorithm,
                    publicCertificate: certificate,
                    signingKey: signingKey
                                           );

                var signature = signBuilder.Sign(signingConfiguration);
                if (timestampUri != null)
                {
                    var timestampBuilder = signature.CreateTimestampBuilder();
                    var result           = await timestampBuilder.SignAsync(timestampUri, timestampDigestAlgorithm);

                    if (result == TimestampResult.Failed)
                    {
                        return(EXIT_CODES.FAILED);
                    }
                }
                _signCommandApplication.Out.WriteLine("The signing operation is complete.");
                return(EXIT_CODES.SUCCESS);
            }
        }