public IEnumerable <PackageVerifierIssue> Validate(IPackageRepository packageRepo, IPackage package, IPackageVerifierLogger logger)
{
foreach (IPackageFile currentFile in package.GetFiles())
{
string extension = Path.GetExtension(currentFile.Path);
if (extension.Equals(".dll", StringComparison.OrdinalIgnoreCase) ||
extension.Equals(".exe", StringComparison.OrdinalIgnoreCase))
{
string assemblyPath = Path.ChangeExtension(Path.Combine(Path.GetTempPath(), Path.GetTempFileName()), extension);
var isManagedCode = false;
var isStrongNameSigned = false;
int hresult = 0;
try
{
using (Stream packageFileStream = currentFile.GetStream())
{
var _assemblyBytes = new byte[packageFileStream.Length];
packageFileStream.Read(_assemblyBytes, 0, _assemblyBytes.Length);
using (var fileStream = new FileStream(assemblyPath, FileMode.Create))
{
packageFileStream.Seek(0, SeekOrigin.Begin);
packageFileStream.CopyTo(fileStream);
fileStream.Flush(true);
}
if (AssemblyHelpers.IsAssemblyManaged(assemblyPath))
{
isManagedCode = true;
var clrStrongName = (IClrStrongName)RuntimeEnvironment.GetRuntimeInterfaceAsObject(new Guid("B79B0ACD-F5CD-409b-B5A5-A16244610B92"), new Guid("9FD93CCF-3280-4391-B3A9-96E1CDE77C8D"));
bool verificationForced;
hresult = clrStrongName.StrongNameSignatureVerificationEx(assemblyPath, true, out verificationForced);
if (hresult == 0)
{
isStrongNameSigned = true;
}
}
}
}
catch (Exception ex)
{
logger.LogError("Error while verifying strong name signature for {0}: {1}", currentFile.Path, ex.Message);
}
finally
{
if (File.Exists(assemblyPath))
{
File.Delete(assemblyPath);
}
}
if (isManagedCode && !isStrongNameSigned)
{
yield return(PackageIssueFactory.AssemblyNotStrongNameSigned(currentFile.Path, hresult));
}
}
}
yield break;
}
public IEnumerable <PackageVerifierIssue> Validate(PackageAnalysisContext context)
{
if (context.Metadata.IsDotNetToolPackage())
{
yield break;
}
foreach (var currentFile in context.PackageReader.GetFiles())
{
var extension = Path.GetExtension(currentFile);
if (extension.Equals(".dll", StringComparison.OrdinalIgnoreCase) ||
extension.Equals(".exe", StringComparison.OrdinalIgnoreCase))
{
string assemblyPath;
do
{
assemblyPath = Path.ChangeExtension(
Path.Combine(Path.GetTempPath(), Path.GetRandomFileName()), extension);
} while (File.Exists(assemblyPath));
var isManagedCode = false;
var isStrongNameSigned = false;
var hasCorrectPublicKeyToken = false;
var hresult = 0;
try
{
using (var packageFileStream = context.PackageReader.GetStream(currentFile))
using (var fileStream = new FileStream(assemblyPath, FileMode.Create))
{
packageFileStream.CopyTo(fileStream);
}
if (AssemblyHelpers.IsAssemblyManaged(assemblyPath))
{
isManagedCode = true;
using (var assembly = AssemblyDefinition.ReadAssembly(assemblyPath))
{
if (assembly.Modules.Any())
{
isStrongNameSigned = assembly.Modules.All(
module => module.Attributes.HasFlag(ModuleAttributes.StrongNameSigned));
}
else
{
throw new InvalidOperationException("The managed assembly does not contain any modules.");
}
var tokenHexString = BitConverter.ToString(assembly.Name.PublicKeyToken).Replace("-", "");
if (_publicKeyToken.Equals(tokenHexString, StringComparison.OrdinalIgnoreCase))
{
hasCorrectPublicKeyToken = true;
}
}
}
}
catch (Exception ex)
{
context.Logger.LogError(
"Error while verifying strong name signature for {0}: {1}", currentFile, ex.Message);
}
finally
{
if (File.Exists(assemblyPath))
{
File.Delete(assemblyPath);
}
}
if (isManagedCode && !isStrongNameSigned)
{
yield return(PackageIssueFactory.AssemblyNotStrongNameSigned(currentFile, hresult));
}
if (isManagedCode && !hasCorrectPublicKeyToken)
{
yield return(PackageIssueFactory.AssemblyHasWrongPublicKeyToken(currentFile, _publicKeyToken));
}
}
}
}
