public async Task SignPackageWithDeviceGuard(IEnumerable <string> filePaths, string algorithmType, string dgssTokenPath, string timestampUrl, CancellationToken cancellationToken = default) { var signToolArguments = new StringBuilder(); signToolArguments.Append("sign"); signToolArguments.AppendFormat(" /debug /fd {0}", algorithmType); if (!string.IsNullOrEmpty(timestampUrl)) { signToolArguments.AppendFormat(" /tr \"{0}\"", timestampUrl); // required in SDK builds 20236 and later // see https://docs.microsoft.com/en-us/dotnet/framework/tools/signtool-exe signToolArguments.Append(" /td SHA256"); } var libPath = SdkPathHelper.GetSdkPath("Microsoft.Acs.Dlib.dll"); signToolArguments.AppendFormat(" /dlib \"{0}\"", libPath); signToolArguments.AppendFormat(" /dmdf \"{0}\"", dgssTokenPath); foreach (var filePath in filePaths) { signToolArguments.AppendFormat(" \"{0}\"", filePath); } var args = signToolArguments.ToString(); var signTool = SdkPathHelper.GetSdkPath("signTool.exe", BundleHelper.SdkPath); Logger.Info("Executing {0} {1}", signTool, args); Action <string> callBack = _ => { }; try { await RunAsync(signTool, args, cancellationToken, callBack, 0).ConfigureAwait(false); } catch (ProcessWrapperException e) { foreach (var err in e.StandardOutput) { if (err.IndexOf("0x80192ee7", StringComparison.OrdinalIgnoreCase) >= 0 || err.IndexOf("System.Net.WebException", StringComparison.OrdinalIgnoreCase) >= 0 && err.IndexOf("microsoft.com", StringComparison.OrdinalIgnoreCase) >= 0) { throw new WebException("Unable to reach the Device Guard Signing Service", e); } if (err.IndexOf("0x80190191", StringComparison.OrdinalIgnoreCase) >= 0 || err.IndexOf("System.Net.Http.HttpRequestException", StringComparison.OrdinalIgnoreCase) >= 0 && err.Contains("401")) { throw new UnauthorizedAccessException("The provided account is not authorized to sign via the Device Guard Signing Service", e); } if (err.IndexOf("0x8007000d", StringComparison.OrdinalIgnoreCase) >= 0) { throw new ArgumentException("The provided JSON token file is invalid", e); } } var line = e.StandardError.FirstOrDefault(l => l.StartsWith("SignTool Error: ")); if (line != null) { if (TryGetErrorMessageFromSignToolOutput(e.StandardOutput, out var specialError)) { throw new SdkException($"The package could not be signed (error 0x{e.ExitCode:X2}). {specialError}", e.ExitCode); } throw new SdkException($"The package could not be signed (error 0x{e.ExitCode:X2}). {line.Substring("SignTool Error: ".Length)}", e.ExitCode); } if (e.ExitCode != 0) { throw new SdkException(e.Message, e.ExitCode, e); } throw; } }
public async Task SignPackageWithPfx(IEnumerable <string> filePaths, string algorithmType, string pfxPath, string password, string timestampUrl, CancellationToken cancellationToken = default) { var remove = -1; var removeLength = 0; var signToolArguments = new StringBuilder(); signToolArguments.Append("sign"); signToolArguments.AppendFormat(" /debug /fd {0}", algorithmType); signToolArguments.AppendFormat(" /a /f \"{0}\"", pfxPath); if (!string.IsNullOrEmpty(password)) { signToolArguments.Append(" /p \""); remove = signToolArguments.Length; signToolArguments.Append(password); removeLength = signToolArguments.Length - remove; signToolArguments.Append('"'); } if (!string.IsNullOrEmpty(timestampUrl)) { signToolArguments.AppendFormat(" /tr \"{0}\"", timestampUrl); // required in SDK builds 20236 and later // see https://docs.microsoft.com/en-us/dotnet/framework/tools/signtool-exe signToolArguments.Append(" /td SHA256"); } foreach (var filePath in filePaths) { signToolArguments.AppendFormat(" \"{0}\"", filePath); } var args = signToolArguments.ToString(); var maskedArgs = remove < 0 ? args : args.Remove(remove, removeLength).Insert(remove, "<removed-from-log>"); var signTool = SdkPathHelper.GetSdkPath("signTool.exe", BundleHelper.SdkPath); Logger.Info("Executing {0} {1}", signTool, maskedArgs); Action <string> callBack = _ => { }; try { await RunAsync(signTool, args, cancellationToken, callBack, 0).ConfigureAwait(false); } catch (ProcessWrapperException e) { var line = e.StandardError.FirstOrDefault(l => l.StartsWith("SignTool Error: ")); if (line != null) { if (TryGetErrorMessageFromSignToolOutput(e.StandardOutput, out var specialError)) { throw new SdkException($"The package could not be signed (error 0x{e.ExitCode:X2}). {specialError}", e.ExitCode); } throw new SdkException($"The package could not be signed (error = 0x{e.ExitCode:X2}). {line.Substring("SignTool Error: ".Length)}", e.ExitCode); } if (e.ExitCode != 0) { throw new SdkException(e.Message, e.ExitCode, e); } throw; } }
public async Task SignPackageWithPersonal(IEnumerable <string> filePaths, string algorithmType, string thumbprint, bool useMachineStore, string timestampUrl, CancellationToken cancellationToken = default) { var signToolArguments = new StringBuilder(); signToolArguments.Append("sign"); signToolArguments.AppendFormat(" /debug /fd {0}", algorithmType); if (useMachineStore) { signToolArguments.Append(" /sm"); } if (!string.IsNullOrEmpty(timestampUrl)) { signToolArguments.AppendFormat(" /tr \"{0}\"", timestampUrl); // required in SDK builds 20236 and later // see https://docs.microsoft.com/en-us/dotnet/framework/tools/signtool-exe signToolArguments.Append(" /td SHA256"); } signToolArguments.Append(" /a /s MY "); signToolArguments.AppendFormat(" /sha1 \"{0}\"", thumbprint); foreach (var filePath in filePaths) { signToolArguments.AppendFormat(" \"{0}\"", filePath); } var args = signToolArguments.ToString(); var signTool = SdkPathHelper.GetSdkPath("signTool.exe", BundleHelper.SdkPath); Logger.Info("Executing {0} {1}", signTool, args); Action <string> callBack = _ => { }; try { await RunAsync(signTool, args, cancellationToken, callBack, 0).ConfigureAwait(false); } catch (ProcessWrapperException e) { var line = e.StandardError.FirstOrDefault(l => l.StartsWith("SignTool Error: ")); if (line != null) { if (TryGetErrorMessageFromSignToolOutput(e.StandardOutput, out var specialError)) { throw new SdkException($"The package could not be signed (exit code {e.ExitCode}). {specialError}", e.ExitCode); } throw new SdkException($"The package could not be signed (exit code {e.ExitCode}). {line.Substring("SignTool Error: ".Length)}", e.ExitCode); } if (e.ExitCode != 0) { throw new SdkException(e.Message, e.ExitCode, e); } throw; } }
private async Task RunMakeAppx(string arguments, CancellationToken cancellationToken, Action <string> callBack = null) { var makeAppx = SdkPathHelper.GetSdkPath("makeappx.exe", BundleHelper.SdkPath); Logger.Info("Executing {0} {1}", makeAppx, arguments); try { await RunAsync(makeAppx, arguments, cancellationToken, callBack, 0).ConfigureAwait(false); } catch (ProcessWrapperException e) { var findSimilar = e.StandardError.FirstOrDefault(item => item.StartsWith("MakeAppx : error: Error info: error ", StringComparison.OrdinalIgnoreCase)); if (findSimilar != null) { findSimilar = findSimilar.Substring("MakeAppx : error: Error info: error ".Length); var error = Regex.Match(findSimilar, "([0-9a-zA-Z]+): "); if (error.Success) { findSimilar = findSimilar.Substring(error.Length).Trim(); throw new SdkException($"MakeAppx.exe returned exit code {e.ExitCode} due to error {error.Groups[1].Value}. {findSimilar}", e.ExitCode); } throw new SdkException($"MakeAppx.exe returned exit code {e.ExitCode}. {findSimilar}", e.ExitCode); } findSimilar = e.StandardError.FirstOrDefault(item => item.StartsWith("MakeAppx : error: 0x", StringComparison.OrdinalIgnoreCase)); if (findSimilar != null) { var manifestError = e.StandardError.FirstOrDefault(item => item.StartsWith("MakeAppx : error: Manifest validation error: ")); manifestError = manifestError?.Substring("MakeAppx : error: Manifest validation error: ".Length); findSimilar = findSimilar.Substring("MakeAppx : error: ".Length); int exitCode; var error = Regex.Match(findSimilar, "([0-9a-zA-Z]+) \\- "); if (error.Success) { if (!string.IsNullOrEmpty(manifestError)) { findSimilar = manifestError; } else { findSimilar = findSimilar.Substring(error.Length).Trim(); } if (int.TryParse(error.Groups[1].Value, out exitCode) && exitCode > 0) { throw new SdkException($"MakeAppx.exe returned exit code {e.ExitCode} due to error {error.Groups[1].Value}. {findSimilar}", exitCode); } if (error.Groups[1].Value.StartsWith("0x", StringComparison.Ordinal)) { exitCode = Convert.ToInt32(error.Groups[1].Value, 16); if (exitCode != 0) { throw new SdkException($"MakeAppx.exe returned exit code {e.ExitCode} due to error {error.Groups[1].Value}. {findSimilar}", exitCode); } } throw new InvalidOperationException($"MakeAppx.exe returned exit code {e.ExitCode} due to error {error.Groups[1].Value}. {findSimilar}"); } if (!string.IsNullOrEmpty(manifestError)) { findSimilar = manifestError; } if (int.TryParse(error.Groups[1].Value, out exitCode) && exitCode > 0) { throw new SdkException($"MakeAppx.exe returned exit code {e.ExitCode}. {findSimilar}", exitCode); } if (error.Groups[1].Value.StartsWith("0x", StringComparison.Ordinal)) { exitCode = Convert.ToInt32(error.Groups[1].Value, 16); if (exitCode != 0) { throw new SdkException($"MakeAppx.exe returned exit code {e.ExitCode}. {findSimilar}", exitCode); } } throw new SdkException($"MakeAppx.exe returned exit code {e.ExitCode}. {findSimilar}", e.ExitCode); } throw; } }