public static Task SignPackageWithDeviceGuardFromUi(
this ISigningManager signingManager,
string package,
DeviceGuardConfiguration configuration,
string timestampUrl = null,
IncreaseVersionMethod increaseVersion = IncreaseVersionMethod.None,
CancellationToken cancellationToken = default,
IProgress <ProgressData> progress = default)
{
var tokens = configuration.FromConfiguration();
return(signingManager.SignPackageWithDeviceGuard(package, true, tokens, timestampUrl, increaseVersion, cancellationToken, progress));
}
public async Task SignPackageWithDeviceGuard(string package,
bool updatePublisher,
DeviceGuardConfig config,
string timestampUrl = null,
IncreaseVersionMethod increaseVersion = IncreaseVersionMethod.None,
CancellationToken cancellationToken = default,
IProgress <ProgressData> progress = null)
{
var manager = await this.managerFactory.GetProxyFor(SelfElevationLevel.AsInvoker, cancellationToken).ConfigureAwait(false);
cancellationToken.ThrowIfCancellationRequested();
await manager.SignPackageWithDeviceGuard(package, updatePublisher, config, timestampUrl, increaseVersion, cancellationToken, progress).ConfigureAwait(false);
}
public async Task SignPackageWithPfx(
string package,
bool updatePublisher,
string pfxPath,
SecureString password,
string timestampUrl = null,
IncreaseVersionMethod increaseVersion = IncreaseVersionMethod.None,
CancellationToken cancellationToken = default,
IProgress <ProgressData> progress = null)
{
Logger.Info("Signing package {0} using PFX {1}.", package, pfxPath);
if (!File.Exists(pfxPath))
{
throw new FileNotFoundException($"File {pfxPath} does not exit.");
}
Logger.Debug("Analyzing given certificate...");
var x509 = new X509Certificate2(await File.ReadAllBytesAsync(pfxPath, cancellationToken).ConfigureAwait(false), password);
var localCopy = await this.PreparePackageForSigning(package, updatePublisher, increaseVersion, x509, cancellationToken).ConfigureAwait(false);
try
{
cancellationToken.ThrowIfCancellationRequested();
string type;
if (x509.SignatureAlgorithm.FriendlyName?.EndsWith("rsa", StringComparison.OrdinalIgnoreCase) == true)
{
type = x509.SignatureAlgorithm.FriendlyName.Substring(0, x509.SignatureAlgorithm.FriendlyName.Length - 3).ToUpperInvariant();
}
else
{
throw new NotSupportedException($"Signature algorithm {x509.SignatureAlgorithm.FriendlyName} is not supported.");
}
var openTextPassword = new System.Net.NetworkCredential(string.Empty, password).Password;
Logger.Debug("Signing package {0} with algorithm {1}.", localCopy, x509.SignatureAlgorithm.FriendlyName);
var sdk = new SignToolWrapper();
progress?.Report(new ProgressData(25, "Signing..."));
timestampUrl = await this.GetTimeStampUrl(timestampUrl).ConfigureAwait(false);
await sdk.SignPackageWithPfx(new[] { localCopy }, type, pfxPath, openTextPassword, timestampUrl, cancellationToken).ConfigureAwait(false);
progress?.Report(new ProgressData(75, "Signing..."));
await Task.Delay(500, cancellationToken).ConfigureAwait(false);
Logger.Debug("Moving {0} to {1}.", localCopy, package);
File.Copy(localCopy, package, true);
progress?.Report(new ProgressData(95, "Signing..."));
}
finally
{
try
{
if (File.Exists(localCopy))
{
File.Delete(localCopy);
}
}
catch (Exception e)
{
Logger.Warn(e, "Clean-up of a temporary file {0} failed.", localCopy);
}
}
}
public async Task SignPackageWithDeviceGuard(string package,
bool updatePublisher,
DeviceGuardConfig config,
string timestampUrl = null,
IncreaseVersionMethod increaseVersion = IncreaseVersionMethod.None,
CancellationToken cancellationToken = default,
IProgress <ProgressData> progress = null)
{
Logger.Info("Signing package {0} using Device Guard for {1}.", package, config.Subject);
var dgssTokenPath = await new DgssTokenCreator().CreateDeviceGuardJsonTokenFile(config, cancellationToken);
try
{
var publisherName = config.Subject;
if (publisherName == null)
{
var dgh = new DeviceGuardHelper();
publisherName = await dgh.GetSubjectFromDeviceGuardSigning(dgssTokenPath, cancellationToken).ConfigureAwait(false);
}
var localCopy = await this.PreparePackageForSigning(package, updatePublisher, increaseVersion, publisherName, cancellationToken).ConfigureAwait(false);
try
{
cancellationToken.ThrowIfCancellationRequested();
var sdk = new SignToolWrapper();
progress?.Report(new ProgressData(25, "Signing with Device Guard..."));
timestampUrl = await this.GetTimeStampUrl(timestampUrl).ConfigureAwait(false);
await sdk.SignPackageWithDeviceGuard(new[] { localCopy }, "SHA256", dgssTokenPath, timestampUrl, cancellationToken).ConfigureAwait(false);
progress?.Report(new ProgressData(75, "Signing with Device Guard..."));
await Task.Delay(500, cancellationToken).ConfigureAwait(false);
Logger.Debug("Moving {0} to {1}.", localCopy, package);
File.Copy(localCopy, package, true);
progress?.Report(new ProgressData(95, "Signing with Device Guard..."));
}
finally
{
try
{
if (File.Exists(localCopy))
{
File.Delete(localCopy);
}
}
catch (Exception e)
{
Logger.Warn(e, "Clean-up of a temporary file {0} failed.", localCopy);
}
}
}
finally
{
if (File.Exists(dgssTokenPath))
{
ExceptionGuard.Guard(() => File.Delete(dgssTokenPath));
}
}
}
public async Task SignPackageWithInstalled(
string package,
bool updatePublisher,
PersonalCertificate certificate,
string timestampUrl = null,
IncreaseVersionMethod increaseVersion = IncreaseVersionMethod.None,
CancellationToken cancellationToken = default,
IProgress <ProgressData> progress = null)
{
if (certificate == null)
{
throw new ArgumentNullException(nameof(certificate));
}
Logger.Info("Signing package {0} using personal certificate {1}.", package, certificate.Subject);
StoreLocation loc;
switch (certificate.StoreType)
{
case CertificateStoreType.User:
loc = StoreLocation.CurrentUser;
break;
case CertificateStoreType.Machine:
loc = StoreLocation.LocalMachine;
break;
default:
throw new ArgumentOutOfRangeException();
}
using var store = new X509Store(StoreName.My, loc);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
var x509 = store.Certificates.Find(X509FindType.FindByThumbprint, certificate.Thumbprint, false);
if (x509.Count < 1)
{
throw new ArgumentException("Certificate could not be located in the store.");
}
var isForCodeSigning = x509[0].Extensions.OfType <X509KeyUsageExtension>().Any(ke => ke.KeyUsages.HasFlag(X509KeyUsageFlags.DigitalSignature));
if (!isForCodeSigning)
{
throw new ArgumentException("Selected certificate is not for code-signing.");
}
if (!x509[0].HasPrivateKey)
{
throw new ArgumentException("Selected certificate does not contain a private key.");
}
var localCopy = await this.PreparePackageForSigning(
package,
updatePublisher,
increaseVersion,
x509[0],
cancellationToken).ConfigureAwait(false);
try
{
cancellationToken.ThrowIfCancellationRequested();
string type;
if (x509[0].SignatureAlgorithm.FriendlyName?.EndsWith("rsa", StringComparison.OrdinalIgnoreCase) == true)
{
type = x509[0].SignatureAlgorithm.FriendlyName.Substring(0, x509[0].SignatureAlgorithm.FriendlyName.Length - 3).ToUpperInvariant();
}
else
{
throw new NotSupportedException($"Signature algorithm {x509[0].SignatureAlgorithm.FriendlyName} is not supported.");
}
Logger.Debug("Signing package {0} with algorithm {1}.", localCopy, x509[0].SignatureAlgorithm.FriendlyName);
var sdk = new SignToolWrapper();
progress?.Report(new ProgressData(25, "Signing..."));
timestampUrl = await this.GetTimeStampUrl(timestampUrl).ConfigureAwait(false);
await sdk.SignPackageWithPersonal(new[] { localCopy }, type, certificate.Thumbprint, certificate.StoreType == CertificateStoreType.Machine, timestampUrl, cancellationToken).ConfigureAwait(false);
progress?.Report(new ProgressData(75, "Signing..."));
await Task.Delay(500, cancellationToken).ConfigureAwait(false);
Logger.Debug("Moving {0} to {1}.", localCopy, package);
File.Copy(localCopy, package, true);
progress?.Report(new ProgressData(95, "Signing..."));
}
finally
{
try
{
if (File.Exists(localCopy))
{
File.Delete(localCopy);
}
}
catch (Exception e)
{
Logger.Warn(e, "Clean-up of a temporary file {0} failed.", localCopy);
}
}
}
