private void VerifyAfterSign(TaskLoggingHelper log) { foreach (var file in _batchData.FilesToSign) { if (file.IsPEFile()) { using (var stream = File.OpenRead(file.FullPath)) { if (!_signTool.VerifySignedPEFile(stream)) { log.LogError($"Assembly {file} is not signed properly"); } } } else if (file.IsZipContainer()) { var zipData = _batchData.ZipDataMap[file.ContentHash]; using (var archive = new ZipArchive(File.OpenRead(file.FullPath), ZipArchiveMode.Read)) { foreach (ZipArchiveEntry entry in archive.Entries) { string relativeName = entry.FullName; var zipPart = zipData.FindNestedPart(relativeName); if (!zipPart.HasValue || !zipPart.Value.FileSignInfo.IsPEFile()) { continue; } // PEReader requires a seekable stream var peStream = new MemoryStream((int)entry.Length); using (var stream = entry.Open()) { stream.CopyTo(peStream); peStream.Position = 0; } if (!_signTool.VerifySignedPEFile(peStream)) { log.LogError($"Zip container {file} has part {relativeName} which is not signed."); } } } } } }
private void VerifyAfterSign(FileSignInfo file) { if (file.IsPEFile()) { using (var stream = File.OpenRead(file.FullPath)) { if (!_signTool.VerifySignedPEFile(stream)) { _log.LogError($"Assembly {file.FullPath} is not signed properly"); } } } else if (file.IsPowerShellScript()) { if (!_signTool.VerifySignedPowerShellFile(file.FullPath)) { _log.LogError($"Powershell file {file.FullPath} does not have a signature mark."); } } else if (file.IsZipContainer()) { var zipData = _batchData.ZipDataMap[file.ContentHash]; bool signedContainer = false; using (var archive = new ZipArchive(File.OpenRead(file.FullPath), ZipArchiveMode.Read)) { foreach (ZipArchiveEntry entry in archive.Entries) { string relativeName = entry.FullName; if (!SkipZipContainerSignatureMarkerCheck) { if (file.IsNupkg() && _signTool.VerifySignedNugetFileMarker(relativeName)) { signedContainer = true; } else if (file.IsVsix() && _signTool.VerifySignedVSIXFileMarker(relativeName)) { signedContainer = true; } } var zipPart = zipData.FindNestedPart(relativeName); if (!zipPart.HasValue) { continue; } VerifyAfterSign(zipPart.Value.FileSignInfo); } } if (!SkipZipContainerSignatureMarkerCheck && (file.IsNupkg() || file.IsVsix()) && !signedContainer) { _log.LogError($"Container {file.FullPath} does not have signature marker."); } } }