internal static SignOptions FromOptions(string fileName, IEnumerable <CommandOption> options)
{
var opts = new SignOptions()
{
FileName = fileName
};
foreach (var option in options)
{
Action <CommandOption, SignOptions> binder;
if (_bindings.TryGetValue(option.LongName ?? option.ShortName, out binder))
{
binder(option, opts);
}
}
if (string.IsNullOrEmpty(opts.Output))
{
var extension = Path.GetExtension(fileName);
// If the file is a signature request, change the extension
if (string.Equals(extension, ".req", StringComparison.OrdinalIgnoreCase))
{
opts.Output = Path.ChangeExtension(fileName, ".sig");
}
// Sometimes, we save signatures requests as ".sig" files, in those cases we replace the file in-place
else if (string.Equals(extension, ".sig", StringComparison.OrdinalIgnoreCase))
{
opts.Output = fileName;
}
// Otherwise, tack on ".sig" for the signature file
else
{
opts.Output = fileName + ".sig";
}
}
return(opts);
}
internal static SignOptions FromOptions(string fileName, IEnumerable<CommandOption> options)
{
var opts = new SignOptions()
{
FileName = fileName
};
foreach (var option in options)
{
Action<CommandOption, SignOptions> binder;
if (_bindings.TryGetValue(option.LongName ?? option.ShortName, out binder))
{
binder(option, opts);
}
}
if (string.IsNullOrEmpty(opts.Output))
{
var extension = Path.GetExtension(fileName);
// If the file is a signature request, change the extension
if (string.Equals(extension, ".req", StringComparison.OrdinalIgnoreCase))
{
opts.Output = Path.ChangeExtension(fileName, ".sig");
}
// Sometimes, we save signatures requests as ".sig" files, in those cases we replace the file in-place
else if (string.Equals(extension, ".sig", StringComparison.OrdinalIgnoreCase))
{
opts.Output = fileName;
}
// Otherwise, tack on ".sig" for the signature file
else
{
opts.Output = fileName + ".sig";
}
}
return opts;
}
public static async Task <int> Sign(string fileName, IEnumerable <CommandOption> options)
{
var signOptions = SignOptions.FromOptions(fileName, options);
X509Certificate2Collection includedCerts;
var signingCert = signOptions.FindCert(out includedCerts);
if (signingCert == null)
{
AnsiConsole.Error.WriteLine("Unable to find certificate that meets the specified criteria");
return(1);
}
AnsiConsole.Output.WriteLine("Signing file with: " + signingCert.SubjectName.CommonName());
// Load the private key if provided
if (!string.IsNullOrEmpty(signOptions.CspName) && !string.IsNullOrEmpty(signOptions.KeyContainer))
{
var parameters = new CspParameters()
{
ProviderType = 1, // PROV_RSA_FULL
KeyNumber = (int)KeyNumber.Signature,
ProviderName = signOptions.CspName,
KeyContainerName = signOptions.KeyContainer
};
signingCert.PrivateKey = new RSACryptoServiceProvider(parameters);
}
if (!signingCert.HasPrivateKey)
{
AnsiConsole.Error.WriteLine("Unable to find private key for certificate: " + signingCert.SubjectName.CommonName());
return(1);
}
// If the input file didn't provide any additional certs, set up a new collection
var additionalCerts = new X509Certificate2Collection();
// Load any additional certs requested by the user
if (!string.IsNullOrEmpty(signOptions.AddCertificatesFile))
{
additionalCerts.Import(signOptions.AddCertificatesFile);
}
// Determine if we are signing a request or a file
Signature sig = await Signature.TryDecodeAsync(fileName);
if (sig == null)
{
sig = new Signature(SignaturePayload.Compute(fileName, Signature.DefaultDigestAlgorithmName));
}
// Verify that the content is unsigned
if (sig.IsSigned)
{
AnsiConsole.Error.WriteLine("File already signed: " + fileName);
return(1);
}
// Sign the file
sig.Sign(signingCert, includedCerts, additionalCerts);
AnsiConsole.Output.WriteLine("Successfully signed.");
if (!string.IsNullOrEmpty(signOptions.Timestamper))
{
// Timestamp the signature
AnsiConsole.Output.WriteLine("Transmitting signature to timestamping authority...");
sig.Timestamp(new Uri(signOptions.Timestamper), signOptions.TimestamperAlgorithm ?? Signature.DefaultDigestAlgorithmName);
AnsiConsole.Output.WriteLine("Trusted timestamp applied to signature.");
}
// Write the signature
AnsiConsole.Output.WriteLine("Signature saved to " + signOptions.Output);
await sig.WriteAsync(signOptions.Output);
return(0);
}
