Пример #1
0
        static void Main()
        {
            // Initialize & Check if the given signer cert is issued by root CA
            try
            {
                // Check launch settings and display it
                CheckInputAndDisplayLaunchSettings();
                // Verify certificate chaining
                if (!VerifyCertificate())
                {
                    throw new Exception("Please provide a signer cert issued by the given root CA");
                }
            }
            catch (Exception e)
            {
                Console.WriteLine(e.ToString());
                Environment.Exit(0);
            }

            // Read the deployment manifest file and get signature of each modules's desired properties
            try
            {
                var manifestFileHandle            = File.OpenText(DeploymentManifestFilePath);
                var deploymentManifestContentJson = JObject.Parse(manifestFileHandle.ReadToEnd());
                if (deploymentManifestContentJson["modulesContent"] != null)
                {
                    // Get the DSA and SHA algorithm
                    KeyValuePair <string, HashAlgorithmName> algoResult = SignatureValidator.ParseAlgorithm(DsaAlgorithm.ToString());

                    // Read the signer certificate and manifest version number and create integrity header object
                    var header = GetIntegrityHeader(SignerCertPath);

                    // Read each module's content and its desired properties
                    var     modulesContentJson    = deploymentManifestContentJson["modulesContent"];
                    JObject modulesContentJobject = JObject.Parse(modulesContentJson.ToString());

                    foreach (JProperty property in modulesContentJobject.Properties())
                    {
                        if (modulesContentJson[property.Name] != null)
                        {
                            if (modulesContentJson[property.Name]["properties.desired"] != null)
                            {
                                var modulesDesired = modulesContentJson[property.Name]["properties.desired"];
                                var moduleName     = property.Name.ToString();

                                if (moduleName != "$edgeAgent" && moduleName != "$edgeHub")
                                {
                                    Console.WriteLine($"Do you want to sign the desired properties of the module - {moduleName}? - Type Y or N to continue");
                                    Console.WriteLine("!!! Important Note !!! - If the module's desired properties are signed then the module's application code has to be rewritten to verify signatures");
                                    string userSigningChoice = Console.ReadLine();
                                    if (userSigningChoice != "Y" && userSigningChoice != "y")
                                    {
                                        Console.WriteLine($"{moduleName} will not be signed");
                                        continue;
                                    }
                                }

                                Console.WriteLine($"Signing Module: {property.Name}");
                                object signature = new
                                {
                                    bytes     = CertificateUtil.GetJsonSignature(algoResult.Key, algoResult.Value, modulesDesired.ToString(), header, SignerPrivateKeyPath),
                                    algorithm = DsaAlgorithm
                                };
                                deploymentManifestContentJson["modulesContent"][property.Name]["properties.desired"]["integrity"] = JObject.FromObject(new { header, signature });
                            }
                            else
                            {
                                throw new Exception($"Could not find {property.Name}'s desired properties in the manifest file");
                            }
                        }
                        else
                        {
                            throw new Exception($"Could not find {property.Name} in the manifest file");
                        }
                    }

                    using var signedDeploymentfile = File.CreateText(SignedDeploymentManifestFilePath);
                    signedDeploymentfile.Write(deploymentManifestContentJson);
                }
                else
                {
                    throw new Exception("Could not find modulesContent in the manifest file");
                }
            }
            catch (Exception e)
            {
                Console.WriteLine(e.ToString());
                Environment.Exit(0);
            }
        }