/// <summary>
/// Verify the signatures of a set of files.
/// </summary>
/// <param name="files">A set of files to verify.</param>
/// <returns>An IEnumerable containing the verification results of each file.</returns>
public IEnumerable <SignatureVerificationResult> VerifyFiles(IEnumerable <string> files)
{
foreach (string file in files)
{
// If the file is excluded add a default result
if (Exclusions.IsExcluded(file, parent: null, containerPath: null))
{
var result = SignatureVerificationResult.ExcludedFileResult(file, parent: null);
Results.Add(result);
}
else
{
FileVerifier fileVerifier = GetFileVerifier(file);
SignatureVerificationResult result = fileVerifier.VerifySignature(file, parent: null);
if ((Options & SignatureVerificationOptions.GenerateExclusion) == SignatureVerificationOptions.GenerateExclusion)
{
result.ExclusionEntry = String.Join(";", String.Join("|", file, String.Empty), String.Empty, String.Empty);
Log.WriteMessage(LogVerbosity.Diagnostic, SignCheckResources.DiagGenerateExclusion, result.Filename, result.ExclusionEntry);
}
Results.Add(result);
}
}
return(Results);
}
/// <summary>
/// Verify the signature of a single file.
/// </summary>
/// <param name="path">The path of the file on disk to verify.</param>
/// <param name="parent">The name of parent container, e.g. an MSI or VSIX. Can be null when there is no parent container.</param>
/// <param name="containerPath">The path of the file in the container. This may differ from the path on disk as containers are flattened. It's
/// primarily intended to help with exclusions and report more readable names.</param>
/// <returns>The verification result.</returns>
public SignatureVerificationResult VerifyFile(string path, string parent, string containerPath)
{
Log.WriteMessage(LogVerbosity.Detailed, String.Format(SignCheckResources.ProcessingFile, Path.GetFileName(path), String.IsNullOrEmpty(parent) ? SignCheckResources.NA : parent));
SignatureVerificationResult svr;
if (Exclusions.IsExcluded(path, parent, containerPath))
{
svr = SignatureVerificationResult.ExcludedFileResult(path, parent);
}
else
{
FileVerifier fileVerifier = GetFileVerifier(path);
svr = fileVerifier.VerifySignature(path, parent);
}
if (GenerateExclusion)
{
svr.ExclusionEntry = String.Join(";", String.Join("|", path, containerPath), parent, String.Empty);
Log.WriteMessage(LogVerbosity.Diagnostic, SignCheckResources.DiagGenerateExclusion, svr.Filename, svr.ExclusionEntry);
}
// Include the full path for top-level files
if (String.IsNullOrEmpty(parent))
{
svr.AddDetail(DetailKeys.File, SignCheckResources.DetailFullName, svr.FullPath);
}
return(svr);
}
/// <summary>
/// Verify the signatures of a set of files.
/// </summary>
/// <param name="files">A set of files to verify.</param>
/// <returns>An IEnumerable containing the verification results of each file.</returns>
public IEnumerable <SignatureVerificationResult> VerifyFiles(IEnumerable <string> files)
{
foreach (string file in files)
{
FileVerifier fileVerifier = GetFileVerifier(file);
Results.Add(fileVerifier.VerifySignature(file, parent: null));
}
return(Results);
}
/// <summary>
/// Verify the signature of a single file.
/// </summary>
/// <param name="path">The path of the file on disk to verify.</param>
/// <param name="parent">The name of parent container, e.g. an MSI or VSIX. Can be null when there is no parent container.</param>
/// <param name="containerPath">The path of the file in the container. This may differ from the path on disk as containers are flattened. It's
/// primarily intended to help with exclusions and report more readable names.</param>
/// <returns>The verification result.</returns>
public SignatureVerificationResult VerifyFile(string path, string parent, string virtualPath, string containerPath)
{
Log.WriteMessage(LogVerbosity.Detailed, String.Format(SignCheckResources.ProcessingFile, Path.GetFileName(path), String.IsNullOrEmpty(parent) ? SignCheckResources.NA : parent));
FileVerifier fileVerifier = GetFileVerifier(path);
SignatureVerificationResult svr = fileVerifier.VerifySignature(path, parent, virtualPath);
svr.IsDoNotSign = Exclusions.IsDoNotSign(path, parent, virtualPath, containerPath);
if ((svr.IsDoNotSign) && (svr.IsSigned))
{
// Report errors if a DO-NOT-SIGN file is signed.
svr.AddDetail(DetailKeys.Error, SignCheckResources.DetailDoNotSignFileSigned, svr.Filename);
}
if ((!svr.IsDoNotSign) && (!svr.IsSigned))
{
svr.IsExcluded = Exclusions.IsExcluded(path, parent, svr.VirtualPath, containerPath);
if ((svr.IsExcluded))
{
svr.AddDetail(DetailKeys.File, SignCheckResources.DetailExcluded);
}
}
if (GenerateExclusion)
{
svr.ExclusionEntry = String.Join(";", String.Join("|", path, containerPath), parent, String.Empty);
Log.WriteMessage(LogVerbosity.Diagnostic, SignCheckResources.DiagGenerateExclusion, svr.Filename, svr.ExclusionEntry);
}
// Include the full path for top-level files
if (String.IsNullOrEmpty(parent))
{
svr.AddDetail(DetailKeys.File, SignCheckResources.DetailFullName, svr.FullPath);
}
if (!String.IsNullOrEmpty(virtualPath))
{
svr.AddDetail(DetailKeys.File, SignCheckResources.DetailVirtualPath, svr.VirtualPath);
}
return(svr);
}
/// <summary>
/// Verify the signature of a single file.
/// </summary>
/// <param name="path">The path of the file on disk to verify.</param>
/// <param name="parent">The name of parent container, e.g. an MSI or VSIX. Can be null when there is no parent container.</param>
/// <param name="containerPath">The path of the file in the container. This may differ from the path on disk as containers are flattened. It's
/// primarily intended to help with exclusions and report more readable names.</param>
/// <returns>The verification result.</returns>
public SignatureVerificationResult VerifyFile(string path, string parent, string containerPath)
{
Log.WriteMessage(LogVerbosity.Detailed, String.Format(SignCheckResources.ProcessingFile, Path.GetFileName(path), String.IsNullOrEmpty(parent) ? SignCheckResources.NA : parent));
string extension = Path.GetExtension(path);
FileVerifier fileVerifier = GetFileVerifier(path);
SignatureVerificationResult svr;
svr = fileVerifier.VerifySignature(path, parent);
CheckAndUpdateExclusions(ref svr, path, parent, containerPath);
// Include the full path for top-level files
if (String.IsNullOrEmpty(parent))
{
svr.AddDetail(DetailKeys.File, SignCheckResources.DetailFullName, svr.FullPath);
}
return(svr);
}
/// <summary>
/// Verify the signatures of a set of files.
/// </summary>
/// <param name="files">A set of files to verify.</param>
/// <returns>An IEnumerable containing the verification results of each file.</returns>
public IEnumerable <SignatureVerificationResult> VerifyFiles(IEnumerable <string> files)
{
foreach (string file in files)
{
FileVerifier fileVerifier = GetFileVerifier(file);
SignatureVerificationResult result;
result = fileVerifier.VerifySignature(file, parent: null);
if ((Options & SignatureVerificationOptions.GenerateExclusion) == SignatureVerificationOptions.GenerateExclusion)
{
result.ExclusionEntry = String.Join(";", String.Join("|", file, String.Empty), String.Empty, String.Empty);
Log.WriteMessage(LogVerbosity.Diagnostic, SignCheckResources.DiagGenerateExclusion, result.Filename, result.ExclusionEntry);
}
result.IsDoNotSign = Exclusions.IsDoNotSign(file, parent: null, containerPath: null);
if ((result.IsDoNotSign) && (result.IsSigned))
{
// Report errors if a DO-NOT-SIGN file is signed.
result.AddDetail(DetailKeys.Error, SignCheckResources.DetailDoNotSignFileSigned, result.Filename);
}
if ((!result.IsDoNotSign) && (!result.IsSigned))
{
result.IsExcluded = Exclusions.IsExcluded(file, parent: null, containerPath: null);
if ((result.IsExcluded))
{
result.AddDetail(DetailKeys.File, SignCheckResources.DetailExcluded);
}
}
Results.Add(result);
}
return(Results);
}
