/// <summary>
/// To Validate the Integrity of Catalog
/// </summary>
///
/// <param name="catalogFolders"> Folder for which catalog is created </param>
/// <param name="catalogFilePath"> File Name of the Catalog </param>
/// <param name="excludedPatterns"></param>
/// <param name="cmdlet"> Instance of cmdlet calling this method </param>
/// <returns> Information about Catalog </returns>
internal static CatalogInformation ValidateCatalog(PSCmdlet cmdlet, Collection <string> catalogFolders, String catalogFilePath, WildcardPattern[] excludedPatterns)
{
_cmdlet = cmdlet;
int catalogVersion = 0;
Dictionary <String, String> catalogHashes = GetHashesFromCatalog(catalogFilePath, excludedPatterns, out catalogVersion);
string hashAlgorithm = GetCatalogHashAlgorithm(catalogVersion);
if (!String.IsNullOrEmpty(hashAlgorithm))
{
Dictionary <String, String> fileHashes = CalculateHashesFromPath(catalogFolders, catalogFilePath, hashAlgorithm, excludedPatterns);
CatalogInformation catalog = new CatalogInformation();
catalog.CatalogItems = catalogHashes;
catalog.PathItems = fileHashes;
bool status = CompareDictionaries(catalogHashes, fileHashes);
if (status == true)
{
catalog.Status = CatalogValidationStatus.Valid;
}
else
{
catalog.Status = CatalogValidationStatus.ValidationFailed;
}
catalog.HashAlgorithm = hashAlgorithm;
catalog.Signature = SignatureHelper.GetSignature(catalogFilePath, null);
return(catalog);
}
return(null);
}
internal static Signature SignFile(
SigningOption option,
string fileName,
X509Certificate2 certificate,
string timeStampServerUrl,
string hashAlgorithm)
{
using (SignatureHelper.tracer.TraceMethod("file: {0}, cert: {1}", (object)SignatureHelper.GetStringValue(fileName), (object)SignatureHelper.GetCertName(certificate)))
{
Signature signature = (Signature)null;
IntPtr num = IntPtr.Zero;
uint error = 0;
string hashAlgorithm1 = (string)null;
Utils.CheckArgForNullOrEmpty(SignatureHelper.tracer, fileName, nameof(fileName));
Utils.CheckArgForNull(SignatureHelper.tracer, (object)certificate, nameof(certificate));
if (!string.IsNullOrEmpty(timeStampServerUrl) && (timeStampServerUrl.Length <= 7 || timeStampServerUrl.IndexOf("http://", StringComparison.OrdinalIgnoreCase) != 0))
{
throw SignatureHelper.tracer.NewArgumentException(nameof(certificate), "Authenticode", "TimeStampUrlRequired");
}
if (!string.IsNullOrEmpty(hashAlgorithm))
{
IntPtr oidInfo = System.Management.Automation.Security.NativeMethods.CryptFindOIDInfo(2U, hashAlgorithm, 0U);
hashAlgorithm1 = !(oidInfo == IntPtr.Zero) ? ((System.Management.Automation.Security.NativeMethods.CRYPT_OID_INFO)Marshal.PtrToStructure(oidInfo, typeof(System.Management.Automation.Security.NativeMethods.CRYPT_OID_INFO))).pszOID : throw SignatureHelper.tracer.NewArgumentException(nameof(certificate), "Authenticode", "InvalidHashAlgorithm");
}
if (!SecuritySupport.CertIsGoodForSigning(certificate))
{
throw SignatureHelper.tracer.NewArgumentException(nameof(certificate), "Authenticode", "CertNotGoodForSigning");
}
SecuritySupport.CheckIfFileExists(fileName);
try
{
string timeStampServerUrl1 = "";
if (!string.IsNullOrEmpty(timeStampServerUrl))
{
timeStampServerUrl1 = timeStampServerUrl;
}
System.Management.Automation.Security.NativeMethods.CRYPTUI_WIZ_DIGITAL_SIGN_INFO wizDigitalSignInfo = System.Management.Automation.Security.NativeMethods.InitSignInfoStruct(fileName, certificate, timeStampServerUrl1, hashAlgorithm1, option);
num = Marshal.AllocCoTaskMem(Marshal.SizeOf((object)wizDigitalSignInfo));
Marshal.StructureToPtr((object)wizDigitalSignInfo, num, false);
bool flag = System.Management.Automation.Security.NativeMethods.CryptUIWizDigitalSign(1U, IntPtr.Zero, IntPtr.Zero, num, IntPtr.Zero);
Marshal.DestroyStructure(wizDigitalSignInfo.pSignExtInfo, typeof(System.Management.Automation.Security.NativeMethods.CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO));
Marshal.FreeCoTaskMem(wizDigitalSignInfo.pSignExtInfo);
if (!flag)
{
error = SignatureHelper.GetLastWin32Error();
switch (error)
{
case 2147500037:
case 2147942401:
flag = true;
break;
case 2148073480:
throw SignatureHelper.tracer.NewArgumentException(nameof(certificate), "Authenticode", "InvalidHashAlgorithm");
default:
SignatureHelper.tracer.TraceError("CryptUIWizDigitalSign: failed: {0:x}", (object)error);
break;
}
}
signature = !flag ? new Signature(fileName, error) : (string.IsNullOrEmpty(timeStampServerUrl) ? new Signature(fileName, certificate) : SignatureHelper.GetSignature(fileName, (string)null));
}
finally
{
Marshal.DestroyStructure(num, typeof(System.Management.Automation.Security.NativeMethods.CRYPTUI_WIZ_DIGITAL_SIGN_INFO));
Marshal.FreeCoTaskMem(num);
}
return(signature);
}
}