public override bool Execute() { using (Package package = Package.Open(PackageFile, FileMode.Open)) { try { PackageDigitalSignatureManager signatureManager = new PackageDigitalSignatureManager(package); signatureManager.CertificateOption = CertificateEmbeddingOption.InSignaturePart; List <Uri> toSign = package.GetParts().Select(part => part.Uri).ToList(); toSign.Add(PackUriHelper.GetRelationshipPartUri(signatureManager.SignatureOrigin)); toSign.Add(signatureManager.SignatureOrigin); toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute))); signatureManager.Sign(toSign, new X509Certificate2(Certificate, CertificatePassword)); return(true); } catch (Exception ex) { Log.LogError("Error signing package: ", ex); return(false); } } }
private static bool SignVsix(string vsixPackagePath, X509Certificate2 certificate) { // many thanks to Jeff Wilcox for the idea and code // check for details: http://www.jeff.wilcox.name/2010/03/vsixcodesigning/ using (var package = Package.Open(vsixPackagePath)) { var signatureManager = new PackageDigitalSignatureManager(package); signatureManager.CertificateOption = CertificateEmbeddingOption.InSignaturePart; var partsToSign = new List <Uri>(); foreach (var packagePart in package.GetParts()) { partsToSign.Add(packagePart.Uri); } partsToSign.Add(PackUriHelper.GetRelationshipPartUri(signatureManager.SignatureOrigin)); partsToSign.Add(signatureManager.SignatureOrigin); partsToSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute))); try { signatureManager.Sign(partsToSign, certificate); } catch (CryptographicException) { return(false); } return(true); } }
}// end:ValidateSignatures() //</SnippetPackageDigSigValidate> //<SnippetPackageDigSigSign> private static void SignAllParts(Package package) { if (package == null) { throw new ArgumentNullException("SignAllParts(package)"); } // Create the DigitalSignature Manager PackageDigitalSignatureManager dsm = new PackageDigitalSignatureManager(package); dsm.CertificateOption = CertificateEmbeddingOption.InSignaturePart; // Create a list of all the part URIs in the package to sign // (GetParts() also includes PackageRelationship parts). System.Collections.Generic.List <Uri> toSign = new System.Collections.Generic.List <Uri>(); foreach (PackagePart packagePart in package.GetParts()) { // Add all package parts to the list for signing. toSign.Add(packagePart.Uri); } // Add the URI for SignatureOrigin PackageRelationship part. // The SignatureOrigin relationship is created when Sign() is called. // Signing the SignatureOrigin relationship disables counter-signatures. toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin)); // Also sign the SignatureOrigin part. toSign.Add(dsm.SignatureOrigin); // Add the package relationship to the signature origin to be signed. toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute))); // Sign() will prompt the user to select a Certificate to sign with. try { dsm.Sign(toSign); } // If there are no certificates or the SmartCard manager is // not running, catch the exception and show an error message. catch (CryptographicException ex) { MessageBox.Show( "Cannot Sign\n" + ex.Message, "No Digital Certificates Available", MessageBoxButton.OK, MessageBoxImage.Exclamation); } }// end:SignAllParts()
/// <summary> /// Main signing process /// </summary> /// <param name="package"></param> /// <returns></returns> private bool SignAllParts(Package package) { if (package == null) { throw new ArgumentNullException("SignAllParts(package)"); } // Create the DigitalSignature Manager PackageDigitalSignatureManager dsm = new PackageDigitalSignatureManager(package); dsm.CertificateOption = CertificateEmbeddingOption.InSignaturePart; // Create a list of all the part URIs in the package to sign // (GetParts() also includes PackageRelationship parts). System.Collections.Generic.List <Uri> toSign = new System.Collections.Generic.List <Uri>(); foreach (PackagePart packagePart in package.GetParts()) { // Add all package parts to the list for signing. toSign.Add(packagePart.Uri); } // Add the URI for SignatureOrigin PackageRelationship part. // The SignatureOrigin relationship is created when Sign() is called. // Signing the SignatureOrigin relationship disables counter-signatures. toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin)); // Also sign the SignatureOrigin part. toSign.Add(dsm.SignatureOrigin); // Add the package relationship to the signature origin to be signed. toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute))); // Sign() will prompt the user to select a Certificate to sign with. try { var cert = new X509Certificate2(this.CertificatePath, (String.IsNullOrEmpty(this.CertificatePassword) ? null : this.CertificatePassword)); dsm.Sign(toSign, cert); } // If there are no certificates or the SmartCard manager is // not running, catch the exception and show an error message. catch (CryptographicException ex) { Console.WriteLine( "Cannot Sign: {0}", ex.Message); } return(dsm.IsSigned && dsm.VerifySignatures(true) == VerifyResult.Success); }// end:SignAllParts()
/// <summary> /// /// </summary> /// <param name="path"></param> /// <param name="overrideCurrentSignature"></param> /// <from>http://msdn.microsoft.com/en-us/library/system.io.packaging.packagedigitalsignaturemanager.sign(v=vs.100).aspx</from> public void Sign(string path, bool overrideCurrentSignature) { { _log.Debug("We're going to try signing {0}, override current signature {1}".format(path, overrideCurrentSignature)); var package = Package.Open(path); _log.Debug("Opened {0}".format(path)); var signatureManager = new PackageDigitalSignatureManager(package) { CertificateOption = CertificateEmbeddingOption.InSignaturePart }; if (signatureManager.IsSigned) { if (overrideCurrentSignature) { _log.Debug("{0} is signed we'll try to remove signatures".format(path)); //TODO: make smarter so we only remove signatures for the relevant parts signatureManager.RemoveAllSignatures(); package.Flush(); } else { _log.Debug("{0} is signed, we're going to throw".format(path)); throw new AlreadySignedException(); } } var toSign = package.GetParts().Select(packagePart => packagePart.Uri).ToList(); toSign.Add(PackUriHelper.GetRelationshipPartUri(signatureManager.SignatureOrigin)); toSign.Add(signatureManager.SignatureOrigin); toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute))); _log.Debug("About to start signing {0}".format(path)); signatureManager.Sign(toSign, Certificate); _log.Debug("signed {0}, going to close".format(path)); package.Close(); _log.Debug("closed {0}".format(path)); } GC.Collect(); }
/// <summary> /// Signs all parts of the VSIX file /// </summary> /// <param name="vsixFileName">The file path of the VSIX file</param> /// <param name="pfxFileName">The file path of the certificate</param> /// <param name="password">The password for the certificate</param> /// <returns>True if the file has been signed, false otherwise</returns> private bool SignVSIXFile(string vsixFileName, string pfxFileName, string password) { if (File.Exists(vsixFileName) == false) { this.LogBuildError("VSIX file doesn't exist"); return(false); } if (File.Exists(pfxFileName) == false) { this.LogBuildError("Certificate file doesn't exist"); return(false); } LogBuildMessage(string.Format("Signing {0} ", Path.GetFileName(vsixFileName)), BuildMessageImportance.High); using (var package = Package.Open(vsixFileName, FileMode.Open)) { var packageSignatureManager = new PackageDigitalSignatureManager(package) { CertificateOption = CertificateEmbeddingOption.InSignaturePart }; var partsToSign = package.GetParts().Select(packagePart => packagePart.Uri).ToList(); partsToSign.Add(PackUriHelper.GetRelationshipPartUri(packageSignatureManager.SignatureOrigin)); partsToSign.Add(packageSignatureManager.SignatureOrigin); partsToSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute))); try { packageSignatureManager.Sign(partsToSign, new System.Security.Cryptography.X509Certificates.X509Certificate2(pfxFileName, password)); } catch (System.Security.Cryptography.CryptographicException ex) { this.LogBuildError("Error Signing File " + ex.Message); return(false); } return(packageSignatureManager.IsSigned && packageSignatureManager.VerifySignatures(true) == VerifyResult.Success); } }
public void SignPackage(Package package, X509Certificate cert) { var dsm = new PackageDigitalSignatureManager(package) { CertificateOption = CertificateEmbeddingOption.InSignaturePart, HashAlgorithm = SignedXml.XmlDsigSHA512Url, }; var toSign = new List <Uri>(); foreach (PackagePart packagePart in package.GetParts()) { toSign.Add(packagePart.Uri); } toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin)); toSign.Add(dsm.SignatureOrigin); toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute))); dsm.Sign(toSign, cert); }
private static void SignAllParts(Package package, X509Certificate cert) { if (package == null) { throw new ArgumentNullException("SignAllParts(package)"); } if (cert == null) { throw new ArgumentNullException("SignAllParts(cert)"); } PackageDigitalSignatureManager dsm = new PackageDigitalSignatureManager(package) { CertificateOption = CertificateEmbeddingOption.InSignaturePart, HashAlgorithm = SignedXml.XmlDsigSHA512Url }; List <Uri> toSign = new List <Uri>(); foreach (PackagePart packagePart in package.GetParts()) { toSign.Add(packagePart.Uri); } toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin)); toSign.Add(dsm.SignatureOrigin); toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute))); try { dsm.Sign(toSign, cert); } catch (CryptographicException ex) { AppHealth.Current.Error.TrackAsync("Error sigingn package.", ex).FireAndForget(); throw; } }
/// <summary> /// /// </summary> /// <param name="path"></param> /// <from>http://msdn.microsoft.com/en-us/library/system.io.packaging.packagedigitalsignaturemanager.sign(v=vs.100).aspx</from> public void Sign(string path) { var package = Package.Open(path); var signatureManager = new PackageDigitalSignatureManager(package); signatureManager.CertificateOption = CertificateEmbeddingOption.InSignaturePart; var toSign = new List <Uri>(); foreach (PackagePart packagePart in package.GetParts()) { toSign.Add(packagePart.Uri); } toSign.Add(PackUriHelper.GetRelationshipPartUri(signatureManager.SignatureOrigin)); toSign.Add(signatureManager.SignatureOrigin); toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute))); signatureManager.Sign(toSign, Certificate); package.Close(); }
public void GetRelationshipPartUriTest2() { PackUriHelper.GetRelationshipPartUri(null); }
public void GetRelationshipPartUriTest() { Assert.AreEqual("/_rels/file1.rels", PackUriHelper.GetRelationshipPartUri(part1).ToString()); }
// TODO (Andreas Orzelski, 2020-08-01): The signature file and [Content_Types].xml can be tampered? // Is this an issue? /// <summary> /// Will sign all parts and relationships in the package (any modification will invalidate the signature) /// Will prompt the user to select a certificate to sign with. /// New files can be added to the package, but they will not be signed, /// therefore easy to detect during verification. /// </summary> /// <param name="packagePath"></param> /// <param name="storeName"></param> public static void SignAll(string packagePath, string storeName = "My") { using (Package package = Package.Open(packagePath, FileMode.Open)) { // Create the DigitalSignature Manager PackageDigitalSignatureManager dsm = new PackageDigitalSignatureManager(package); dsm.CertificateOption = CertificateEmbeddingOption.InSignaturePart; // Create a list of all the part URIs in the package to sign // (GetParts() also includes PackageRelationship parts). System.Collections.Generic.List <Uri> toSign = new System.Collections.Generic.List <Uri>(); foreach (PackagePart packagePart in package.GetParts()) { // Add all package parts to the list for signing. toSign.Add(packagePart.Uri); } // Create list of selectors for the list of relationships List <PackageRelationshipSelector> relationshipSelectors = new List <PackageRelationshipSelector>(); // Create one selector for each package-level relationship, based on id foreach (PackageRelationship relationship in package.GetRelationships()) { relationshipSelectors.Add( new PackageRelationshipSelector( relationship.SourceUri, PackageRelationshipSelectorType.Id, relationship.Id)); } // For parts-level relationships ... foreach (PackagePart packagePart in package.GetParts()) { try { foreach (PackageRelationship relationship in packagePart.GetRelationships()) { relationshipSelectors.Add( new PackageRelationshipSelector( relationship.SourceUri, PackageRelationshipSelectorType.Id, relationship.Id)); } } catch (Exception ex) { AdminShellNS.LogInternally.That.SilentlyIgnoredError(ex); } } // Also sign the SignatureOrigin part. toSign.Add(dsm.SignatureOrigin); // Add the URI for SignatureOrigin PackageRelationship part. // The SignatureOrigin relationship is created when Sign() is called. // Signing the SignatureOrigin relationship disables counter-signatures. toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin)); // Sign all relationships entry of signature-origin inside the root .rels file relationshipSelectors.Add( new PackageRelationshipSelector( new Uri("/", UriKind.Relative), PackageRelationshipSelectorType.Type, "http://schemas.openxmlformats.org/package/2006/relationships/digital-signature/origin")); // Sign() will prompt the user to select a Certificate to sign with. try { var dlg = new OpenFileDialog(); try { dlg.InitialDirectory = System.IO.Path.GetDirectoryName("\\"); } catch (Exception ex) { AdminShellNS.LogInternally.That.SilentlyIgnoredError(ex); } dlg.Filter = ".pfx files (*.pfx)|*.pfx"; dlg.ShowDialog(); X509Certificate2 x509 = new X509Certificate2(dlg.FileName, "i40"); X509Certificate2Collection scollection = new X509Certificate2Collection(x509); dsm.Sign(toSign, scollection[0], relationshipSelectors); } // If there are no certificates or the SmartCard manager is // not running, catch the exception and show an error message. catch (CryptographicException ex) { MessageBox.Show( "Cannot Sign\n" + ex.Message, "Error signing", MessageBoxButtons.OK, MessageBoxIcon.Error); } } }
private static bool SignVsix(string vsixPackagePath, SignData arguments, StringBuilder outputBuffer, StringBuilder errorBuffer, bool signContentInVsix = false) { if (arguments == null) { throw new ArgumentNullException("arguments"); } // try to load the certificate: try { arguments.VerifyCertificate(); } catch (Exception ex) { if (errorBuffer != null) { errorBuffer.AppendLine("Certificate error."); errorBuffer.AppendLine(ex.Message); } return(false); } // many thanks to Jeff Wilcox for the idea and code // check for details: http://www.jeff.wilcox.name/2010/03/vsixcodesigning/ using (var package = Package.Open(vsixPackagePath)) { var signatureManager = new PackageDigitalSignatureManager(package); signatureManager.CertificateOption = CertificateEmbeddingOption.InSignaturePart; // select respective hashing algorithm (http://www.w3.org/TR/2001/WD-xmlenc-core-20010626/): if (arguments.HashAlgorithm == null || string.IsNullOrEmpty(arguments.HashAlgorithm.Uri)) { // fail gracefully: if (errorBuffer != null) { errorBuffer.AppendLine("Unable to sign VSIX with requested '" + (arguments.HashAlgorithm != null ? arguments.HashAlgorithm.Name : "<unknown>") + "' algorithm."); } return(false); } signatureManager.HashAlgorithm = arguments.HashAlgorithm.Uri; var partsToSign = new List <Uri>(); foreach (var packagePart in package.GetParts()) { if (signContentInVsix) { var fileName = Path.GetFileName(packagePart.Uri.OriginalString); var name = Path.Combine(Path.GetTempPath(), fileName); var extension = Path.GetExtension(name); using (var stream = packagePart.GetStream(FileMode.Open, FileAccess.Read)) { using (var fileStream = new FileStream(name, FileMode.Create)) { stream.CopyTo(fileStream); } } if ((extension.Equals(".dll") || extension.Equals(".exe")) && !VerifyBinaryDigitalSignature(name)) { if (!SignBinary(name, arguments, outputBuffer, errorBuffer)) { return(false); } using (var stream = packagePart.GetStream(FileMode.Open, FileAccess.Write)) { using (var fileStream = new FileStream(name, FileMode.Open)) { fileStream.CopyTo(stream); } } } } partsToSign.Add(packagePart.Uri); } partsToSign.Add(PackUriHelper.GetRelationshipPartUri(signatureManager.SignatureOrigin)); partsToSign.Add(signatureManager.SignatureOrigin); partsToSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute))); try { signatureManager.Sign(partsToSign, arguments.Certificate); } catch (CryptographicException ex) { if (errorBuffer != null) { errorBuffer.AppendLine("Signing could not be completed: " + ex.Message); } return(false); } finally { signatureManager.HashAlgorithm = PackageDigitalSignatureManager.DefaultHashAlgorithm; } if (ValidateSignatures(package)) { if (outputBuffer != null) { outputBuffer.AppendLine("VSIX signing completed successfully."); } return(true); } if (outputBuffer != null) { outputBuffer.AppendLine("The digital signature is invalid, there may have been a problem with the signing process."); } return(false); } }