private void SignOpenOfficeXML(Package package)
{
try
{
Licensing.ShowDemoMessage();
DigitalCertificate.LogOnEToken(this.DigitalSignatureCertificate);
if (package == null)
{
throw new ArgumentNullException();
}
List <Uri> uris = new List <Uri>();
List <PackageRelationshipSelector> packageRelationshipSelectors = new List <PackageRelationshipSelector>();
foreach (PackageRelationship relationshipsByType in package.GetRelationshipsByType("http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument"))
{
this.CreateListOfSignableItems(relationshipsByType, uris, packageRelationshipSelectors);
}
PackageDigitalSignatureManager packageDigitalSignatureManager = new PackageDigitalSignatureManager(package)
{
CertificateOption = CertificateEmbeddingOption.InSignaturePart
};
packageDigitalSignatureManager.Sign(uris, this.DigitalSignatureCertificate, packageRelationshipSelectors);
}
catch
{
throw;
}
}
private void SignAllParts(Package package, X509Certificate2 certificate)
{
var partsToSign = new List <Uri>();
var relationshipsToSign = new List <PackageRelationshipSelector>();
foreach (var relationship in package.GetRelationshipsByType(RtOfficeDocument))
{
AddSignableItems(relationship, partsToSign, relationshipsToSign);
}
var mgr = new PackageDigitalSignatureManager(package)
{
CertificateOption = CertificateEmbeddingOption.InSignaturePart
};
var officeObject = CreateOfficeObject(SignatureID, ManifestHashAlgorithm);
var officeObjectReference = new Reference("#" + OfficeObjectID);
mgr.Sign(partsToSign,
certificate,
relationshipsToSign,
SignatureID,
new[] { officeObject },
new[] { officeObjectReference });
package.Close();
}
public static OpenXmlPowerToolsDocument Insert(OpenXmlPowerToolsDocument doc, IEnumerable <string> certificateList)
{
using (OpenXmlMemoryStreamDocument streamDoc = new OpenXmlMemoryStreamDocument(doc))
{
using (Package package = streamDoc.GetPackage())
{
foreach (string digitalCertificate in certificateList)
{
X509Certificate x509Certificate = X509Certificate2.CreateFromCertFile(digitalCertificate);
PackageDigitalSignatureManager digitalSigntaureManager = new PackageDigitalSignatureManager(package);
digitalSigntaureManager.CertificateOption = CertificateEmbeddingOption.InSignaturePart;
System.Collections.Generic.List <Uri> partsToSign = new System.Collections.Generic.List <Uri>();
//Adds each part to the list, except relationships parts.
foreach (PackagePart openPackagePart in package.GetParts())
{
if (!PackUriHelper.IsRelationshipPartUri(openPackagePart.Uri))
{
partsToSign.Add(openPackagePart.Uri);
}
}
List <PackageRelationshipSelector> relationshipSelectors = new List <PackageRelationshipSelector>();
//Creates one selector for each package-level relationship, based on id
foreach (PackageRelationship relationship in package.GetRelationships())
{
PackageRelationshipSelector relationshipSelector =
new PackageRelationshipSelector(relationship.SourceUri, PackageRelationshipSelectorType.Id, relationship.Id);
relationshipSelectors.Add(relationshipSelector);
}
digitalSigntaureManager.Sign(partsToSign, x509Certificate, relationshipSelectors);
}
}
return(streamDoc.GetModifiedDocument());
}
}
public static PackageDigitalSignature Sign(
OpenXmlPackage openXmlPackage,
X509Certificate2 certificate,
string signatureId = "idPackageSignature")
{
if (openXmlPackage == null)
{
throw new ArgumentNullException(nameof(openXmlPackage));
}
if (certificate == null)
{
throw new ArgumentNullException(nameof(certificate));
}
if (signatureId == null)
{
throw new ArgumentNullException(nameof(signatureId));
}
Package package = openXmlPackage.Package;
var dsm = new PackageDigitalSignatureManager(package)
{
CertificateOption = CertificateEmbeddingOption.InSignaturePart
};
return(dsm.Sign(GetParts(package), certificate, GetRelationshipSelectors(package), signatureId));
}
private static bool SignVsix(string vsixPackagePath, X509Certificate2 certificate)
{
// many thanks to Jeff Wilcox for the idea and code
// check for details: http://www.jeff.wilcox.name/2010/03/vsixcodesigning/
using (var package = Package.Open(vsixPackagePath))
{
var signatureManager = new PackageDigitalSignatureManager(package);
signatureManager.CertificateOption = CertificateEmbeddingOption.InSignaturePart;
var partsToSign = new List <Uri>();
foreach (var packagePart in package.GetParts())
{
partsToSign.Add(packagePart.Uri);
}
partsToSign.Add(PackUriHelper.GetRelationshipPartUri(signatureManager.SignatureOrigin));
partsToSign.Add(signatureManager.SignatureOrigin);
partsToSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));
try
{
signatureManager.Sign(partsToSign, certificate);
}
catch (CryptographicException)
{
return(false);
}
return(true);
}
}
private static void SignAllParts(Package package, X509Certificate certificate)
{
List <Uri> PartstobeSigned = new List <Uri>();
List <PackageRelationshipSelector> SignableReleationships = new List <PackageRelationshipSelector>();
foreach (PackageRelationship relationship in package.GetRelationshipsByType(RT_OfficeDocument))
{
// Pass the releationship of the root. This is decided based on the RT_OfficeDocument
// http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument
CreateListOfSignableItems(relationship, PartstobeSigned, SignableReleationships);
}
// Create the DigitalSignature Manager
PackageDigitalSignatureManager dsm = new PackageDigitalSignatureManager(package);
dsm.CertificateOption = CertificateEmbeddingOption.InSignaturePart;
dsm.HashAlgorithm = ManifestHashAlgorithm;
try
{
System.Security.Cryptography.Xml.DataObject officeObject = CreateOfficeObject(SignatureID, dsm.HashAlgorithm);
Reference officeObjectReference = new Reference("#" + OfficeObjectID);
var sgn = dsm.Sign(PartstobeSigned, certificate, SignableReleationships, SignatureID, new System.Security.Cryptography.Xml.DataObject[] { officeObject }, new Reference[] { officeObjectReference });
}
catch (CryptographicException ex)
{
Console.WriteLine(ex.InnerException.ToString());
}
}
/// <summary>
/// Method that Sign the document, he call the others methods and uses the lists and OfficeObject to Sign
/// </summary>
/// <param name="certificate">the digital certificate that will sign</param>
public void SignDocument(X509Certificate2 certificate)
{
if (certificate != null)
{
if (DocumentType.Equals(Types.XpsDocument))
{
xpsDocument.SignDigitally(
certificate, true, XpsDigSigPartAlteringRestrictions.None);
}
else
{
List <Uri> partsToSign = new List <Uri>();
List <PackageRelationshipSelector> relationshipsToSign =
new List <PackageRelationshipSelector>();
List <Uri> finishedItems = new List <Uri>();
foreach (PackageRelationship relationship in
package.GetRelationshipsByType(RT_OfficeDocument))
{
AddSignableItems(relationship,
partsToSign, relationshipsToSign);
}
PackageDigitalSignatureManager mgr = new PackageDigitalSignatureManager(package);
mgr.CertificateOption = CertificateEmbeddingOption.InSignaturePart;
string signatureID = SignatureID;
string manifestHashAlgorithm = ManifestHashAlgorithm;
System.Security.Cryptography.Xml.DataObject officeObject = CreateOfficeObject(signatureID, manifestHashAlgorithm);
Reference officeObjectReference = new Reference("#" + OfficeObjectID);
mgr.Sign(partsToSign, certificate,
relationshipsToSign, signatureID,
new System.Security.Cryptography.Xml.DataObject[] { officeObject },
new Reference[] { officeObjectReference });
}
}
}
public override bool Execute()
{
using (Package package = Package.Open(PackageFile, FileMode.Open))
{
try
{
PackageDigitalSignatureManager signatureManager = new PackageDigitalSignatureManager(package);
signatureManager.CertificateOption = CertificateEmbeddingOption.InSignaturePart;
List <Uri> toSign = package.GetParts().Select(part => part.Uri).ToList();
toSign.Add(PackUriHelper.GetRelationshipPartUri(signatureManager.SignatureOrigin));
toSign.Add(signatureManager.SignatureOrigin);
toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));
signatureManager.Sign(toSign, new X509Certificate2(Certificate, CertificatePassword));
return(true);
}
catch (Exception ex)
{
Log.LogError("Error signing package: ", ex);
return(false);
}
}
}
static void SignPackage(Package package, X509Certificate2 certificate)
{
List <Uri> partsToSign = new List <Uri>();
List <PackageRelationshipSelector> relationshipsToSign =
new List <PackageRelationshipSelector>();
List <Uri> finishedItems = new List <Uri>();
foreach (PackageRelationship relationship in
package.GetRelationshipsByType(RT_OfficeDocument))
{
AddSignableItems(relationship,
partsToSign, relationshipsToSign);
}
PackageDigitalSignatureManager mgr =
new PackageDigitalSignatureManager(package);
mgr.CertificateOption = CertificateEmbeddingOption.InSignaturePart;
string signatureID = SignatureID;
string manifestHashAlgorithm = ManifestHashAlgorithm;
DataObject officeObject = CreateOfficeObject(signatureID, manifestHashAlgorithm);
Reference officeObjectReference = new Reference("#" + OfficeObjectID);
mgr.Sign(partsToSign, certificate,
relationshipsToSign, signatureID,
new DataObject[] { officeObject },
new Reference[] { officeObjectReference });
}
/// <summary>
/// Main signing process
/// </summary>
/// <param name="package"></param>
/// <returns></returns>
private bool SignAllParts(Package package)
{
if (package == null)
{
throw new ArgumentNullException("SignAllParts(package)");
}
// Create the DigitalSignature Manager
PackageDigitalSignatureManager dsm =
new PackageDigitalSignatureManager(package);
dsm.CertificateOption =
CertificateEmbeddingOption.InSignaturePart;
// Create a list of all the part URIs in the package to sign
// (GetParts() also includes PackageRelationship parts).
System.Collections.Generic.List <Uri> toSign =
new System.Collections.Generic.List <Uri>();
foreach (PackagePart packagePart in package.GetParts())
{
// Add all package parts to the list for signing.
toSign.Add(packagePart.Uri);
}
// Add the URI for SignatureOrigin PackageRelationship part.
// The SignatureOrigin relationship is created when Sign() is called.
// Signing the SignatureOrigin relationship disables counter-signatures.
toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin));
// Also sign the SignatureOrigin part.
toSign.Add(dsm.SignatureOrigin);
// Add the package relationship to the signature origin to be signed.
toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));
// Sign() will prompt the user to select a Certificate to sign with.
try
{
var cert = new X509Certificate2(this.CertificatePath, (String.IsNullOrEmpty(this.CertificatePassword) ? null : this.CertificatePassword));
dsm.Sign(toSign, cert);
}
// If there are no certificates or the SmartCard manager is
// not running, catch the exception and show an error message.
catch (CryptographicException ex)
{
Console.WriteLine(
"Cannot Sign: {0}", ex.Message);
}
return(dsm.IsSigned && dsm.VerifySignatures(true) == VerifyResult.Success);
}// end:SignAllParts()
}// end:ValidateSignatures()
//</SnippetPackageDigSigValidate>
//<SnippetPackageDigSigSign>
private static void SignAllParts(Package package)
{
if (package == null)
{
throw new ArgumentNullException("SignAllParts(package)");
}
// Create the DigitalSignature Manager
PackageDigitalSignatureManager dsm =
new PackageDigitalSignatureManager(package);
dsm.CertificateOption =
CertificateEmbeddingOption.InSignaturePart;
// Create a list of all the part URIs in the package to sign
// (GetParts() also includes PackageRelationship parts).
System.Collections.Generic.List <Uri> toSign =
new System.Collections.Generic.List <Uri>();
foreach (PackagePart packagePart in package.GetParts())
{
// Add all package parts to the list for signing.
toSign.Add(packagePart.Uri);
}
// Add the URI for SignatureOrigin PackageRelationship part.
// The SignatureOrigin relationship is created when Sign() is called.
// Signing the SignatureOrigin relationship disables counter-signatures.
toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin));
// Also sign the SignatureOrigin part.
toSign.Add(dsm.SignatureOrigin);
// Add the package relationship to the signature origin to be signed.
toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));
// Sign() will prompt the user to select a Certificate to sign with.
try
{
dsm.Sign(toSign);
}
// If there are no certificates or the SmartCard manager is
// not running, catch the exception and show an error message.
catch (CryptographicException ex)
{
MessageBox.Show(
"Cannot Sign\n" + ex.Message,
"No Digital Certificates Available",
MessageBoxButton.OK,
MessageBoxImage.Exclamation);
}
}// end:SignAllParts()
internal static bool Sign(string inputPath, string outputPath, X509Certificate2 certificate)
{
if (string.IsNullOrEmpty(inputPath) || !File.Exists(inputPath))
{
throw new ArgumentException("inputPath");
}
if (string.IsNullOrEmpty(outputPath))
{
throw new Exception("outputPath");
}
if (certificate == null)
{
throw new Exception("certificate");
}
using (Package signedPackage = Package.Open(outputPath, FileMode.Create))
{
var uriString = "/" + InnerPackageName + ".pgx";
var uri = new Uri(uriString, UriKind.Relative);
var innerPackagePart = signedPackage.CreatePart(uri, "application/zip");
using (var fileStream = File.Open(inputPath, FileMode.Open, FileAccess.Read))
{
using (var stream = innerPackagePart.GetStream())
{
var array = new byte[81920];
int count;
while ((count = fileStream.Read(array, 0, array.Length)) != 0)
{
stream.Write(array, 0, count);
}
}
}
//Make a list of parts to sign (in this case, only one package)
var partsToSign = new List <Uri> {
innerPackagePart.Uri
};
var dsm = new PackageDigitalSignatureManager(signedPackage)
{
CertificateOption = CertificateEmbeddingOption.InSignaturePart,
HashAlgorithm = "http://www.w3.org/2001/04/xmlenc#sha256"
};
if (dsm.Sign(partsToSign, certificate) != null)
{
Console.WriteLine("Signed package {0} created.", outputPath);
return(true);
}
}
return(false);
}
public static void Sign(Package package, X509Certificate2 certificate)
{
var dsm = new PackageDigitalSignatureManager(package)
{
CertificateOption = CertificateEmbeddingOption.InSignaturePart
};
List <Uri> parts = package.GetParts()
.Select(part => part.Uri)
.Where(uri => !PackUriHelper.IsRelationshipPartUri(uri))
.ToList();
dsm.Sign(parts, certificate);
}
private static void SignPackage(MemoryStream outputStream, string certPath, string certPassword)
{
// this from Richard diZerega
// https://github.com/richdizz/microsoft-graph-app-only/blob/master/RichdizzReady/Program.cs
var certfile = System.IO.File.OpenRead(certPath);
var certificateBytes = new byte[certfile.Length];
certfile.Read(certificateBytes, 0, (int)certfile.Length);
var certificate = new X509Certificate2(
certificateBytes,
certPassword,
X509KeyStorageFlags.Exportable |
X509KeyStorageFlags.MachineKeySet |
X509KeyStorageFlags.PersistKeySet); //switches are important to work in webjob
var package = WordprocessingDocument.Open(outputStream, true).Package;
// This from Wouter's sample code from 10 years ago
List <Uri> partsToSign = new List <Uri>();
List <PackageRelationshipSelector> relationshipsToSign =
new List <PackageRelationshipSelector>();
List <Uri> finishedItems = new List <Uri>();
foreach (PackageRelationship relationship in
package.GetRelationshipsByType(RT_OfficeDocument))
{
AddSignableItems(relationship,
partsToSign, relationshipsToSign);
}
PackageDigitalSignatureManager mgr =
new PackageDigitalSignatureManager(package);
mgr.CertificateOption = CertificateEmbeddingOption.InSignaturePart;
string signatureID = SignatureID;
string manifestHashAlgorithm = ManifestHashAlgorithm;
DataObject officeObject = CreateOfficeObject(signatureID, manifestHashAlgorithm);
Reference officeObjectReference = new Reference("#" + OfficeObjectID);
mgr.Sign(partsToSign, certificate,
relationshipsToSign, signatureID,
new DataObject[] { officeObject },
new Reference[] { officeObjectReference });
}
/// <summary>
///
/// </summary>
/// <param name="path"></param>
/// <param name="overrideCurrentSignature"></param>
/// <from>http://msdn.microsoft.com/en-us/library/system.io.packaging.packagedigitalsignaturemanager.sign(v=vs.100).aspx</from>
public void Sign(string path, bool overrideCurrentSignature)
{
{
_log.Debug("We're going to try signing {0}, override current signature {1}".format(path,
overrideCurrentSignature));
var package = Package.Open(path);
_log.Debug("Opened {0}".format(path));
var signatureManager = new PackageDigitalSignatureManager(package)
{
CertificateOption = CertificateEmbeddingOption.InSignaturePart
};
if (signatureManager.IsSigned)
{
if (overrideCurrentSignature)
{
_log.Debug("{0} is signed we'll try to remove signatures".format(path));
//TODO: make smarter so we only remove signatures for the relevant parts
signatureManager.RemoveAllSignatures();
package.Flush();
}
else
{
_log.Debug("{0} is signed, we're going to throw".format(path));
throw new AlreadySignedException();
}
}
var toSign = package.GetParts().Select(packagePart => packagePart.Uri).ToList();
toSign.Add(PackUriHelper.GetRelationshipPartUri(signatureManager.SignatureOrigin));
toSign.Add(signatureManager.SignatureOrigin);
toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));
_log.Debug("About to start signing {0}".format(path));
signatureManager.Sign(toSign, Certificate);
_log.Debug("signed {0}, going to close".format(path));
package.Close();
_log.Debug("closed {0}".format(path));
}
GC.Collect();
}
/// <summary>
/// Signs all parts of the VSIX file
/// </summary>
/// <param name="vsixFileName">The file path of the VSIX file</param>
/// <param name="pfxFileName">The file path of the certificate</param>
/// <param name="password">The password for the certificate</param>
/// <returns>True if the file has been signed, false otherwise</returns>
private bool SignVSIXFile(string vsixFileName, string pfxFileName, string password)
{
if (File.Exists(vsixFileName) == false)
{
this.LogBuildError("VSIX file doesn't exist");
return(false);
}
if (File.Exists(pfxFileName) == false)
{
this.LogBuildError("Certificate file doesn't exist");
return(false);
}
LogBuildMessage(string.Format("Signing {0} ", Path.GetFileName(vsixFileName)), BuildMessageImportance.High);
using (var package = Package.Open(vsixFileName, FileMode.Open))
{
var packageSignatureManager = new PackageDigitalSignatureManager(package)
{
CertificateOption = CertificateEmbeddingOption.InSignaturePart
};
var partsToSign = package.GetParts().Select(packagePart => packagePart.Uri).ToList();
partsToSign.Add(PackUriHelper.GetRelationshipPartUri(packageSignatureManager.SignatureOrigin));
partsToSign.Add(packageSignatureManager.SignatureOrigin);
partsToSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));
try
{
packageSignatureManager.Sign(partsToSign, new System.Security.Cryptography.X509Certificates.X509Certificate2(pfxFileName, password));
}
catch (System.Security.Cryptography.CryptographicException ex)
{
this.LogBuildError("Error Signing File " + ex.Message);
return(false);
}
return(packageSignatureManager.IsSigned && packageSignatureManager.VerifySignatures(true) == VerifyResult.Success);
}
}
public void SignPackage(Package package, X509Certificate cert)
{
var dsm = new PackageDigitalSignatureManager(package)
{
CertificateOption = CertificateEmbeddingOption.InSignaturePart,
HashAlgorithm = SignedXml.XmlDsigSHA512Url,
};
var toSign = new List <Uri>();
foreach (PackagePart packagePart in package.GetParts())
{
toSign.Add(packagePart.Uri);
}
toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin));
toSign.Add(dsm.SignatureOrigin);
toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));
dsm.Sign(toSign, cert);
}
private static void SignAllParts(Package package, X509Certificate cert)
{
if (package == null)
{
throw new ArgumentNullException("SignAllParts(package)");
}
if (cert == null)
{
throw new ArgumentNullException("SignAllParts(cert)");
}
PackageDigitalSignatureManager dsm = new PackageDigitalSignatureManager(package)
{
CertificateOption = CertificateEmbeddingOption.InSignaturePart,
HashAlgorithm = SignedXml.XmlDsigSHA512Url
};
List <Uri> toSign = new List <Uri>();
foreach (PackagePart packagePart in package.GetParts())
{
toSign.Add(packagePart.Uri);
}
toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin));
toSign.Add(dsm.SignatureOrigin);
toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));
try
{
dsm.Sign(toSign, cert);
}
catch (CryptographicException ex)
{
AppHealth.Current.Error.TrackAsync("Error sigingn package.", ex).FireAndForget();
throw;
}
}
/// <summary>
///
/// </summary>
/// <param name="path"></param>
/// <from>http://msdn.microsoft.com/en-us/library/system.io.packaging.packagedigitalsignaturemanager.sign(v=vs.100).aspx</from>
public void Sign(string path)
{
var package = Package.Open(path);
var signatureManager = new PackageDigitalSignatureManager(package);
signatureManager.CertificateOption = CertificateEmbeddingOption.InSignaturePart;
var toSign = new List <Uri>();
foreach (PackagePart packagePart in package.GetParts())
{
toSign.Add(packagePart.Uri);
}
toSign.Add(PackUriHelper.GetRelationshipPartUri(signatureManager.SignatureOrigin));
toSign.Add(signatureManager.SignatureOrigin);
toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));
signatureManager.Sign(toSign, Certificate);
package.Close();
}
private static bool SignVsix(string vsixPackagePath,
SignData arguments,
StringBuilder outputBuffer,
StringBuilder errorBuffer,
bool signContentInVsix = false)
{
if (arguments == null)
{
throw new ArgumentNullException("arguments");
}
// try to load the certificate:
try
{
arguments.VerifyCertificate();
}
catch (Exception ex)
{
if (errorBuffer != null)
{
errorBuffer.AppendLine("Certificate error.");
errorBuffer.AppendLine(ex.Message);
}
return(false);
}
// many thanks to Jeff Wilcox for the idea and code
// check for details: http://www.jeff.wilcox.name/2010/03/vsixcodesigning/
using (var package = Package.Open(vsixPackagePath))
{
var signatureManager = new PackageDigitalSignatureManager(package);
signatureManager.CertificateOption = CertificateEmbeddingOption.InSignaturePart;
// select respective hashing algorithm (http://www.w3.org/TR/2001/WD-xmlenc-core-20010626/):
if (arguments.HashAlgorithm == null || string.IsNullOrEmpty(arguments.HashAlgorithm.Uri))
{
// fail gracefully:
if (errorBuffer != null)
{
errorBuffer.AppendLine("Unable to sign VSIX with requested '" + (arguments.HashAlgorithm != null ? arguments.HashAlgorithm.Name : "<unknown>") + "' algorithm.");
}
return(false);
}
signatureManager.HashAlgorithm = arguments.HashAlgorithm.Uri;
var partsToSign = new List <Uri>();
foreach (var packagePart in package.GetParts())
{
if (signContentInVsix)
{
var fileName = Path.GetFileName(packagePart.Uri.OriginalString);
var name = Path.Combine(Path.GetTempPath(), fileName);
var extension = Path.GetExtension(name);
using (var stream = packagePart.GetStream(FileMode.Open, FileAccess.Read))
{
using (var fileStream = new FileStream(name, FileMode.Create))
{
stream.CopyTo(fileStream);
}
}
if ((extension.Equals(".dll") || extension.Equals(".exe")) && !VerifyBinaryDigitalSignature(name))
{
if (!SignBinary(name, arguments, outputBuffer, errorBuffer))
{
return(false);
}
using (var stream = packagePart.GetStream(FileMode.Open, FileAccess.Write))
{
using (var fileStream = new FileStream(name, FileMode.Open))
{
fileStream.CopyTo(stream);
}
}
}
}
partsToSign.Add(packagePart.Uri);
}
partsToSign.Add(PackUriHelper.GetRelationshipPartUri(signatureManager.SignatureOrigin));
partsToSign.Add(signatureManager.SignatureOrigin);
partsToSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));
try
{
signatureManager.Sign(partsToSign, arguments.Certificate);
}
catch (CryptographicException ex)
{
if (errorBuffer != null)
{
errorBuffer.AppendLine("Signing could not be completed: " + ex.Message);
}
return(false);
}
finally
{
signatureManager.HashAlgorithm = PackageDigitalSignatureManager.DefaultHashAlgorithm;
}
if (ValidateSignatures(package))
{
if (outputBuffer != null)
{
outputBuffer.AppendLine("VSIX signing completed successfully.");
}
return(true);
}
if (outputBuffer != null)
{
outputBuffer.AppendLine("The digital signature is invalid, there may have been a problem with the signing process.");
}
return(false);
}
}
public PackageDigitalSignature Sign(IEnumerable<Uri> partList, X509Certificate certificate, bool embedCertificate, IEnumerable<PackageRelationshipSelector> relationshipSelectors, string id)
{
if (this._metroPackage == null)
{
throw new ObjectDisposedException("XpsManager");
}
PackageDigitalSignatureManager manager = new PackageDigitalSignatureManager(this._metroPackage);
if (embedCertificate)
{
manager.CertificateOption = CertificateEmbeddingOption.InCertificatePart;
}
else
{
manager.CertificateOption = CertificateEmbeddingOption.NotEmbedded;
}
if (id != null)
{
return manager.Sign(partList, certificate, relationshipSelectors, id);
}
return manager.Sign(partList, certificate, relationshipSelectors);
}
// TODO (Andreas Orzelski, 2020-08-01): The signature file and [Content_Types].xml can be tampered?
// Is this an issue?
/// <summary>
/// Will sign all parts and relationships in the package (any modification will invalidate the signature)
/// Will prompt the user to select a certificate to sign with.
/// New files can be added to the package, but they will not be signed,
/// therefore easy to detect during verification.
/// </summary>
/// <param name="packagePath"></param>
/// <param name="storeName"></param>
public static void SignAll(string packagePath, string storeName = "My")
{
using (Package package = Package.Open(packagePath, FileMode.Open))
{
// Create the DigitalSignature Manager
PackageDigitalSignatureManager dsm = new PackageDigitalSignatureManager(package);
dsm.CertificateOption = CertificateEmbeddingOption.InSignaturePart;
// Create a list of all the part URIs in the package to sign
// (GetParts() also includes PackageRelationship parts).
System.Collections.Generic.List <Uri> toSign = new System.Collections.Generic.List <Uri>();
foreach (PackagePart packagePart in package.GetParts())
{
// Add all package parts to the list for signing.
toSign.Add(packagePart.Uri);
}
// Create list of selectors for the list of relationships
List <PackageRelationshipSelector> relationshipSelectors = new List <PackageRelationshipSelector>();
// Create one selector for each package-level relationship, based on id
foreach (PackageRelationship relationship in package.GetRelationships())
{
relationshipSelectors.Add(
new PackageRelationshipSelector(
relationship.SourceUri, PackageRelationshipSelectorType.Id, relationship.Id));
}
// For parts-level relationships ...
foreach (PackagePart packagePart in package.GetParts())
{
try
{
foreach (PackageRelationship relationship in packagePart.GetRelationships())
{
relationshipSelectors.Add(
new PackageRelationshipSelector(
relationship.SourceUri, PackageRelationshipSelectorType.Id, relationship.Id));
}
}
catch (Exception ex)
{
AdminShellNS.LogInternally.That.SilentlyIgnoredError(ex);
}
}
// Also sign the SignatureOrigin part.
toSign.Add(dsm.SignatureOrigin);
// Add the URI for SignatureOrigin PackageRelationship part.
// The SignatureOrigin relationship is created when Sign() is called.
// Signing the SignatureOrigin relationship disables counter-signatures.
toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin));
// Sign all relationships entry of signature-origin inside the root .rels file
relationshipSelectors.Add(
new PackageRelationshipSelector(
new Uri("/", UriKind.Relative), PackageRelationshipSelectorType.Type,
"http://schemas.openxmlformats.org/package/2006/relationships/digital-signature/origin"));
// Sign() will prompt the user to select a Certificate to sign with.
try
{
var dlg = new OpenFileDialog();
try
{
dlg.InitialDirectory = System.IO.Path.GetDirectoryName("\\");
}
catch (Exception ex)
{
AdminShellNS.LogInternally.That.SilentlyIgnoredError(ex);
}
dlg.Filter = ".pfx files (*.pfx)|*.pfx";
dlg.ShowDialog();
X509Certificate2 x509 = new X509Certificate2(dlg.FileName, "i40");
X509Certificate2Collection scollection = new X509Certificate2Collection(x509);
dsm.Sign(toSign, scollection[0], relationshipSelectors);
}
// If there are no certificates or the SmartCard manager is
// not running, catch the exception and show an error message.
catch (CryptographicException ex)
{
MessageBox.Show(
"Cannot Sign\n" + ex.Message, "Error signing", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
