예제 #1
0
        private static void AuthenticodeSignLicenseDom(XmlDocument licenseDom, CmiManifestSigner signer, string timeStampUrl)
        {
            if (signer.Certificate.PublicKey.Key.GetType() != typeof(RSACryptoServiceProvider))
            {
                throw new NotSupportedException();
            }
            ManifestSignedXml manifestSignedXml = new ManifestSignedXml(licenseDom);

            manifestSignedXml.SigningKey = signer.Certificate.PrivateKey;
            manifestSignedXml.SignedInfo.CanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";
            manifestSignedXml.KeyInfo.AddClause((KeyInfoClause) new RSAKeyValue(signer.Certificate.PublicKey.Key as RSA));
            manifestSignedXml.KeyInfo.AddClause((KeyInfoClause) new KeyInfoX509Data((X509Certificate)signer.Certificate, signer.IncludeOption));
            Reference reference = new Reference();

            reference.Uri = "";
            reference.AddTransform((Transform) new XmlDsigEnvelopedSignatureTransform());
            reference.AddTransform((Transform) new XmlDsigExcC14NTransform());
            manifestSignedXml.AddReference(reference);
            manifestSignedXml.ComputeSignature();
            XmlElement xml = manifestSignedXml.GetXml();

            xml.SetAttribute("Id", "AuthenticodeSignature");
            XmlNamespaceManager nsmgr = new XmlNamespaceManager(licenseDom.NameTable);

            nsmgr.AddNamespace("r", "urn:mpeg:mpeg21:2003:01-REL-R-NS");
            (licenseDom.SelectSingleNode("r:license/r:issuer", nsmgr) as XmlElement).AppendChild(licenseDom.ImportNode((XmlNode)xml, true));
            if (timeStampUrl != null && timeStampUrl.Length != 0)
            {
                SignedCmiManifest.TimestampSignedLicenseDom(licenseDom, timeStampUrl);
            }
            licenseDom.DocumentElement.ParentNode.InnerXml = "<msrel:RelData xmlns:msrel=\"http://schemas.microsoft.com/windows/rel/2005/reldata\">" + licenseDom.OuterXml + "</msrel:RelData>";
        }
예제 #2
0
        private static XmlDocument CreateLicenseDom(CmiManifestSigner signer, XmlElement principal, byte[] hash)
        {
            XmlDocument xmlDocument = new XmlDocument();

            xmlDocument.PreserveWhitespace = true;
            xmlDocument.LoadXml("<r:license xmlns:r=\"urn:mpeg:mpeg21:2003:01-REL-R-NS\" xmlns:as=\"http://schemas.microsoft.com/windows/pki/2005/Authenticode\"><r:grant><as:ManifestInformation><as:assemblyIdentity /></as:ManifestInformation><as:SignedBy/><as:AuthenticodePublisher><as:X509SubjectName>CN=dummy</as:X509SubjectName></as:AuthenticodePublisher></r:grant><r:issuer></r:issuer></r:license>");
            XmlNamespaceManager nsmgr = new XmlNamespaceManager(xmlDocument.NameTable);

            nsmgr.AddNamespace("r", "urn:mpeg:mpeg21:2003:01-REL-R-NS");
            nsmgr.AddNamespace("as", "http://schemas.microsoft.com/windows/pki/2005/Authenticode");
            XmlElement xmlElement1 = xmlDocument.SelectSingleNode("r:license/r:grant/as:ManifestInformation/as:assemblyIdentity", nsmgr) as XmlElement;

            xmlElement1.RemoveAllAttributes();
            foreach (XmlAttribute attribute in (XmlNamedNodeMap)principal.Attributes)
            {
                xmlElement1.SetAttribute(attribute.Name, attribute.Value);
            }
            XmlElement xmlElement2 = xmlDocument.SelectSingleNode("r:license/r:grant/as:ManifestInformation", nsmgr) as XmlElement;

            xmlElement2.SetAttribute("Hash", hash.Length == 0 ? "" : SignedCmiManifest.BytesToHexString(hash, 0, hash.Length));
            xmlElement2.SetAttribute("Description", signer.Description == null ? "" : signer.Description);
            xmlElement2.SetAttribute("Url", signer.DescriptionUrl == null ? "" : signer.DescriptionUrl);
            (xmlDocument.SelectSingleNode("r:license/r:grant/as:AuthenticodePublisher/as:X509SubjectName", nsmgr) as XmlElement).InnerText = signer.Certificate.SubjectName.Name;
            return(xmlDocument);
        }
예제 #3
0
        public static void SignFile(X509Certificate2 cert, Uri timestampUrl, string path)
        {
            ResourceManager resources = new ResourceManager("Microsoft.Build.Tasks.Deployment.ManifestUtilities.Strings", typeof(SecurityUtilities).Module.Assembly);

            if (cert == null)
            {
                throw new ArgumentNullException("cert");
            }
            if (string.IsNullOrEmpty(path))
            {
                throw new ArgumentNullException("path");
            }
            if (!File.Exists(path))
            {
                throw new FileNotFoundException(string.Format(CultureInfo.InvariantCulture, resources.GetString("SecurityUtil.SignTargetNotFound"), new object[] { path }), path);
            }
            if (PathUtil.IsPEFile(path))
            {
                if (!IsCertInStore(cert))
                {
                    throw new InvalidOperationException(resources.GetString("SignFile.CertNotInStore"));
                }
                SignPEFile(cert, timestampUrl, path, resources);
            }
            else
            {
                if (cert.PrivateKey.GetType() != typeof(RSACryptoServiceProvider))
                {
                    throw new ApplicationException(resources.GetString("SecurityUtil.OnlyRSACertsAreAllowed"));
                }
                try
                {
                    XmlDocument manifestDom = new XmlDocument {
                        PreserveWhitespace = true
                    };
                    manifestDom.Load(path);
                    System.Deployment.Internal.CodeSigning.SignedCmiManifest manifest = new System.Deployment.Internal.CodeSigning.SignedCmiManifest(manifestDom);
                    System.Deployment.Internal.CodeSigning.CmiManifestSigner signer   = new System.Deployment.Internal.CodeSigning.CmiManifestSigner(cert.PrivateKey, cert);
                    if (timestampUrl == null)
                    {
                        manifest.Sign(signer);
                    }
                    else
                    {
                        manifest.Sign(signer, timestampUrl.ToString());
                    }
                    manifestDom.Save(path);
                }
                catch (Exception exception)
                {
                    int hRForException = Marshal.GetHRForException(exception);
                    if ((hRForException != -2147012889) && (hRForException != -2147012867))
                    {
                        throw new ApplicationException(exception.Message, exception);
                    }
                    throw new ApplicationException(resources.GetString("SecurityUtil.TimestampUrlNotFound"), exception);
                }
            }
        }
예제 #4
0
        internal void Sign(CmiManifestSigner signer, string timeStampUrl)
        {
            this.m_strongNameSignerInfo   = (CmiStrongNameSignerInfo)null;
            this.m_authenticodeSignerInfo = (CmiAuthenticodeSignerInfo)null;
            if (signer == null || signer.StrongNameKey == null)
            {
                throw new ArgumentNullException("signer");
            }
            SignedCmiManifest.RemoveExistingSignature(this.m_manifestDom);
            if ((signer.Flag & CmiManifestSignerFlag.DontReplacePublicKeyToken) == CmiManifestSignerFlag.None)
            {
                SignedCmiManifest.ReplacePublicKeyToken(this.m_manifestDom, signer.StrongNameKey);
            }
            XmlDocument licenseDom = (XmlDocument)null;

            if (signer.Certificate != null)
            {
                SignedCmiManifest.InsertPublisherIdentity(this.m_manifestDom, signer.Certificate);
                licenseDom = SignedCmiManifest.CreateLicenseDom(signer, this.ExtractPrincipalFromManifest(), SignedCmiManifest.ComputeHashFromManifest(this.m_manifestDom));
                SignedCmiManifest.AuthenticodeSignLicenseDom(licenseDom, signer, timeStampUrl);
            }
            SignedCmiManifest.StrongNameSignManifestDom(this.m_manifestDom, licenseDom, signer);
        }
예제 #5
0
        private static void AuthenticodeSignLicenseDom(XmlDocument licenseDom, CmiManifestSigner signer, string timeStampUrl)
        {
            // Make sure it is RSA, as this is the only one Fusion will support.
            if (signer.Certificate.PublicKey.Key.GetType() != typeof(RSACryptoServiceProvider))
            {
                throw new NotSupportedException();
            }

            // Setup up XMLDSIG engine.
            ManifestSignedXml signedXml = new ManifestSignedXml(licenseDom);
            signedXml.SigningKey = signer.Certificate.PrivateKey;
            signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;

            // Add the key information.
            signedXml.KeyInfo.AddClause(new RSAKeyValue(signer.Certificate.PublicKey.Key as RSA));
            signedXml.KeyInfo.AddClause(new KeyInfoX509Data(signer.Certificate, signer.IncludeOption));

            // Add the enveloped reference.
            Reference reference = new Reference();
            reference.Uri = "";

            // Add an enveloped and an Exc-C14N transform.
            reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
            reference.AddTransform(new XmlDsigExcC14NTransform());

            // Add the reference.
            signedXml.AddReference(reference);

            // Compute the signature.
            signedXml.ComputeSignature();

            // Get the XML representation
            XmlElement xmlDigitalSignature = signedXml.GetXml();
            xmlDigitalSignature.SetAttribute("Id", "AuthenticodeSignature");

            // Insert the signature node under the issuer element.
            XmlNamespaceManager nsm = new XmlNamespaceManager(licenseDom.NameTable);
            nsm.AddNamespace("r", LicenseNamespaceUri);
            XmlElement issuerNode = licenseDom.SelectSingleNode("r:license/r:issuer", nsm) as XmlElement;
            issuerNode.AppendChild(licenseDom.ImportNode(xmlDigitalSignature, true));

            // Time stamp it if requested.
            if (timeStampUrl != null && timeStampUrl.Length != 0)
            {
                TimestampSignedLicenseDom(licenseDom, timeStampUrl);
            }

            // Wrap it inside a RelData element.
            licenseDom.DocumentElement.ParentNode.InnerXml = "<msrel:RelData xmlns:msrel=\"" +
                                                             MSRelNamespaceUri + "\">" +
                                                             licenseDom.OuterXml + "</msrel:RelData>";
        }
예제 #6
0
        private static XmlDocument CreateLicenseDom(CmiManifestSigner signer, XmlElement principal, byte[] hash)
        {
            XmlDocument licenseDom = new XmlDocument();
            licenseDom.PreserveWhitespace = true;
            licenseDom.LoadXml(licenseTemplate);
            XmlNamespaceManager nsm = new XmlNamespaceManager(licenseDom.NameTable);
            nsm.AddNamespace("r", LicenseNamespaceUri);
            nsm.AddNamespace("as", AuthenticodeNamespaceUri);
            XmlElement assemblyIdentityNode = licenseDom.SelectSingleNode("r:license/r:grant/as:ManifestInformation/as:assemblyIdentity", nsm) as XmlElement;
            assemblyIdentityNode.RemoveAllAttributes();
            foreach (XmlAttribute attribute in principal.Attributes)
            {
                assemblyIdentityNode.SetAttribute(attribute.Name, attribute.Value);
            }

            XmlElement manifestInformationNode = licenseDom.SelectSingleNode("r:license/r:grant/as:ManifestInformation", nsm) as XmlElement;

            manifestInformationNode.SetAttribute("Hash", hash.Length == 0 ? "" : BytesToHexString(hash, 0, hash.Length));
            manifestInformationNode.SetAttribute("Description", signer.Description == null ? "" : signer.Description);
            manifestInformationNode.SetAttribute("Url", signer.DescriptionUrl == null ? "" : signer.DescriptionUrl);

            XmlElement authenticodePublisherNode = licenseDom.SelectSingleNode("r:license/r:grant/as:AuthenticodePublisher/as:X509SubjectName", nsm) as XmlElement;
            authenticodePublisherNode.InnerText = signer.Certificate.SubjectName.Name;

            return licenseDom;
        }
예제 #7
0
        internal void Sign(CmiManifestSigner signer, string timeStampUrl)
        {
            // Reset signer infos.
            _strongNameSignerInfo = null;
            _authenticodeSignerInfo = null;

            // Signer cannot be null.
            if (signer == null || signer.StrongNameKey == null)
            {
                throw new ArgumentNullException("signer");
            }

            // Remove existing SN signature.
            RemoveExistingSignature(_manifestDom);

            // Replace public key token in assemblyIdentity if requested.
            if ((signer.Flag & CmiManifestSignerFlag.DontReplacePublicKeyToken) == 0)
            {
                ReplacePublicKeyToken(_manifestDom, signer.StrongNameKey);
            }

            // No cert means don't Authenticode sign and timestamp.
            XmlDocument licenseDom = null;
            if (signer.Certificate != null)
            {
                // Yes. We will Authenticode sign, so first insert <publisherIdentity />
                // element, if necessary.
                InsertPublisherIdentity(_manifestDom, signer.Certificate);

                // Now create the license DOM, and then sign it.
                licenseDom = CreateLicenseDom(signer, ExtractPrincipalFromManifest(), ComputeHashFromManifest(_manifestDom));
                AuthenticodeSignLicenseDom(licenseDom, signer, timeStampUrl);
            }
            StrongNameSignManifestDom(_manifestDom, licenseDom, signer);
        }
예제 #8
0
 internal void Sign(CmiManifestSigner signer)
 {
     Sign(signer, null);
 }
예제 #9
0
        private static void StrongNameSignManifestDom(XmlDocument manifestDom, XmlDocument licenseDom, CmiManifestSigner signer)
        {
            RSA snKey = signer.StrongNameKey as RSA;

            // Make sure it is RSA, as this is the only one Fusion will support.
            if (snKey == null)
            {
                throw new NotSupportedException();
            }

            // Setup namespace manager.
            XmlNamespaceManager nsm = new XmlNamespaceManager(manifestDom.NameTable);
            nsm.AddNamespace("asm", AssemblyNamespaceUri);

            // Get to root element.
            XmlElement signatureParent = manifestDom.SelectSingleNode("asm:assembly", nsm) as XmlElement;
            if (signatureParent == null)
            {
                throw new CryptographicException(Win32.TRUST_E_SUBJECT_FORM_UNKNOWN);
            }

            // Setup up XMLDSIG engine.
            ManifestSignedXml signedXml = new ManifestSignedXml(signatureParent);
            signedXml.SigningKey = signer.StrongNameKey;
            signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;

            // Add the key information.
            signedXml.KeyInfo.AddClause(new RSAKeyValue(snKey));
            if (licenseDom != null)
            {
                signedXml.KeyInfo.AddClause(new KeyInfoNode(licenseDom.DocumentElement));
            }
            signedXml.KeyInfo.Id = "StrongNameKeyInfo";

            // Add the enveloped reference.
            Reference enveloped = new Reference();
            enveloped.Uri = "";

            // Add an enveloped then Exc-C14N transform.
            enveloped.AddTransform(new XmlDsigEnvelopedSignatureTransform());
            enveloped.AddTransform(new XmlDsigExcC14NTransform());
            signedXml.AddReference(enveloped);

#if (false) // DSIE: New format does not sign KeyInfo.
            // Add the key info reference.
            Reference strongNameKeyInfo = new Reference();
            strongNameKeyInfo.Uri = "#StrongNameKeyInfo";
            strongNameKeyInfo.AddTransform(new XmlDsigExcC14NTransform());
            signedXml.AddReference(strongNameKeyInfo);
#endif
            // Compute the signature.
            signedXml.ComputeSignature();

            // Get the XML representation
            XmlElement xmlDigitalSignature = signedXml.GetXml();
            xmlDigitalSignature.SetAttribute("Id", "StrongNameSignature");

            // Insert the signature now.
            signatureParent.AppendChild(xmlDigitalSignature);
        }
예제 #10
0
 internal void Sign(CmiManifestSigner signer)
 {
     this.Sign(signer, (string)null);
 }
예제 #11
0
        private static void StrongNameSignManifestDom(XmlDocument manifestDom, XmlDocument licenseDom, CmiManifestSigner signer)
        {
            RSA strongNameKey = signer.StrongNameKey as RSA;

            if (strongNameKey == null)
            {
                throw new NotSupportedException();
            }
            XmlNamespaceManager nsmgr = new XmlNamespaceManager(manifestDom.NameTable);

            nsmgr.AddNamespace("asm", "urn:schemas-microsoft-com:asm.v1");
            XmlElement elem = manifestDom.SelectSingleNode("asm:assembly", nsmgr) as XmlElement;

            if (elem == null)
            {
                throw new CryptographicException(-2146762749);
            }
            ManifestSignedXml manifestSignedXml = new ManifestSignedXml(elem);

            manifestSignedXml.SigningKey = signer.StrongNameKey;
            manifestSignedXml.SignedInfo.CanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";
            manifestSignedXml.KeyInfo.AddClause((KeyInfoClause) new RSAKeyValue(strongNameKey));
            if (licenseDom != null)
            {
                manifestSignedXml.KeyInfo.AddClause((KeyInfoClause) new KeyInfoNode(licenseDom.DocumentElement));
            }
            manifestSignedXml.KeyInfo.Id = "StrongNameKeyInfo";
            Reference reference = new Reference();

            reference.Uri = "";
            reference.AddTransform((Transform) new XmlDsigEnvelopedSignatureTransform());
            reference.AddTransform((Transform) new XmlDsigExcC14NTransform());
            manifestSignedXml.AddReference(reference);
            manifestSignedXml.ComputeSignature();
            XmlElement xml = manifestSignedXml.GetXml();

            xml.SetAttribute("Id", "StrongNameSignature");
            elem.AppendChild((XmlNode)xml);
        }
 public static void SignFile(X509Certificate2 cert, Uri timestampUrl, string path)
 {
     ResourceManager resources = new ResourceManager("Microsoft.Build.Tasks.Deployment.ManifestUtilities.Strings", typeof(SecurityUtilities).Module.Assembly);
     if (cert == null)
     {
         throw new ArgumentNullException("cert");
     }
     if (string.IsNullOrEmpty(path))
     {
         throw new ArgumentNullException("path");
     }
     if (!File.Exists(path))
     {
         throw new FileNotFoundException(string.Format(CultureInfo.InvariantCulture, resources.GetString("SecurityUtil.SignTargetNotFound"), new object[] { path }), path);
     }
     if (PathUtil.IsPEFile(path))
     {
         if (!IsCertInStore(cert))
         {
             throw new InvalidOperationException(resources.GetString("SignFile.CertNotInStore"));
         }
         SignPEFile(cert, timestampUrl, path, resources);
     }
     else
     {
         if (cert.PrivateKey.GetType() != typeof(RSACryptoServiceProvider))
         {
             throw new ApplicationException(resources.GetString("SecurityUtil.OnlyRSACertsAreAllowed"));
         }
         try
         {
             XmlDocument manifestDom = new XmlDocument {
                 PreserveWhitespace = true
             };
             manifestDom.Load(path);
             System.Deployment.Internal.CodeSigning.SignedCmiManifest manifest = new System.Deployment.Internal.CodeSigning.SignedCmiManifest(manifestDom);
             System.Deployment.Internal.CodeSigning.CmiManifestSigner signer = new System.Deployment.Internal.CodeSigning.CmiManifestSigner(cert.PrivateKey, cert);
             if (timestampUrl == null)
             {
                 manifest.Sign(signer);
             }
             else
             {
                 manifest.Sign(signer, timestampUrl.ToString());
             }
             manifestDom.Save(path);
         }
         catch (Exception exception)
         {
             int hRForException = Marshal.GetHRForException(exception);
             if ((hRForException != -2147012889) && (hRForException != -2147012867))
             {
                 throw new ApplicationException(exception.Message, exception);
             }
             throw new ApplicationException(resources.GetString("SecurityUtil.TimestampUrlNotFound"), exception);
         }
     }
 }