public static void VerifyFileHash(string filePath, HashCollection hashCollection) { string fileName = Path.GetFileName(filePath); if (hashCollection.Count == 0) { if (!PolicyKeys.RequireHashInManifests()) { Logger.AddWarningInformation(string.Format((IFormatProvider)CultureInfo.CurrentUICulture, Resources.GetString("NoHashFile"), new object[1] { (object)fileName })); } else { throw new InvalidDeploymentException(ExceptionTypes.HashValidation, string.Format((IFormatProvider)CultureInfo.CurrentUICulture, Resources.GetString("Ex_HashNotSpecified"), new object[1] { (object)fileName })); } } foreach (Hash hash in hashCollection) { ComponentVerifier.VerifyFileHash(filePath, hash); } }
private void CheckApplicationPayload(CommitApplicationParams commitParams) { if (commitParams.AppGroup == null && commitParams.appType != AppType.CustomHostSpecified) { string path = Path.Combine(commitParams.AppPayloadPath, commitParams.AppManifest.EntryPoints[0].CommandFile); if (!PlatformDetector.IsWin8orLater()) { SystemUtils.CheckSupportedImageAndCLRVersions(path); } } string str = (string)null; Store.IPathLock pathLock = (Store.IPathLock)null; try { pathLock = this._compStore.LockAssemblyPath(commitParams.AppManifest.Identity); str = Path.GetDirectoryName(pathLock.Path); str = Path.Combine(str, "manifests"); str = Path.Combine(str, Path.GetFileName(pathLock.Path) + ".manifest"); } catch (DeploymentException ex) { } catch (COMException ex) { } finally { if (pathLock != null) { pathLock.Dispose(); } } if (string.IsNullOrEmpty(str) || !System.IO.File.Exists(str) || (string.IsNullOrEmpty(commitParams.AppManifestPath) || !System.IO.File.Exists(commitParams.AppManifestPath))) { return; } byte[] digestValue1 = ComponentVerifier.GenerateDigestValue(str, CMS_HASH_DIGESTMETHOD.CMS_HASH_DIGESTMETHOD_SHA1, CMS_HASH_TRANSFORM.CMS_HASH_TRANSFORM_IDENTITY); byte[] digestValue2 = ComponentVerifier.GenerateDigestValue(commitParams.AppManifestPath, CMS_HASH_DIGESTMETHOD.CMS_HASH_DIGESTMETHOD_SHA1, CMS_HASH_TRANSFORM.CMS_HASH_TRANSFORM_IDENTITY); bool flag = false; Logger.AddInternalState("In-place update check. Existing manifest path = " + str + ", Existing manifest hash=" + Encoding.UTF8.GetString(digestValue1) + ", New manifest path=" + commitParams.AppManifestPath + ", New manifest hash=" + Encoding.UTF8.GetString(digestValue2)); if (digestValue1.Length == digestValue2.Length) { int index = 0; while (index < digestValue1.Length && (int)digestValue1[index] == (int)digestValue2[index]) { ++index; } if (index >= digestValue1.Length) { flag = true; } } if (!flag) { throw new DeploymentException(ExceptionTypes.Subscription, Resources.GetString("Ex_ApplicationInplaceUpdate")); } }
private void CheckApplicationPayload(CommitApplicationParams commitParams) { if ((commitParams.AppGroup == null) && (commitParams.appType != AppType.CustomHostSpecified)) { SystemUtils.CheckSupportedImageAndCLRVersions(Path.Combine(commitParams.AppPayloadPath, commitParams.AppManifest.EntryPoints[0].CommandFile)); } string directoryName = null; System.Deployment.Internal.Isolation.Store.IPathLock @lock = null; try { @lock = this._compStore.LockAssemblyPath(commitParams.AppManifest.Identity); directoryName = Path.GetDirectoryName(@lock.Path); directoryName = Path.Combine(directoryName, "manifests"); directoryName = Path.Combine(directoryName, Path.GetFileName(@lock.Path) + ".manifest"); } catch (DeploymentException) { } catch (COMException) { } finally { if (@lock != null) { @lock.Dispose(); } } if ((!string.IsNullOrEmpty(directoryName) && System.IO.File.Exists(directoryName)) && (!string.IsNullOrEmpty(commitParams.AppManifestPath) && System.IO.File.Exists(commitParams.AppManifestPath))) { byte[] bytes = ComponentVerifier.GenerateDigestValue(directoryName, System.Deployment.Internal.Isolation.Manifest.CMS_HASH_DIGESTMETHOD.CMS_HASH_DIGESTMETHOD_SHA1, System.Deployment.Internal.Isolation.Manifest.CMS_HASH_TRANSFORM.CMS_HASH_TRANSFORM_IDENTITY); byte[] buffer2 = ComponentVerifier.GenerateDigestValue(commitParams.AppManifestPath, System.Deployment.Internal.Isolation.Manifest.CMS_HASH_DIGESTMETHOD.CMS_HASH_DIGESTMETHOD_SHA1, System.Deployment.Internal.Isolation.Manifest.CMS_HASH_TRANSFORM.CMS_HASH_TRANSFORM_IDENTITY); bool flag = false; Logger.AddInternalState("In-place update check. Existing manifest path = " + directoryName + ", Existing manifest hash=" + Encoding.UTF8.GetString(bytes) + ", New manifest path=" + commitParams.AppManifestPath + ", New manifest hash=" + Encoding.UTF8.GetString(buffer2)); if (bytes.Length == buffer2.Length) { int index = 0; while (index < bytes.Length) { if (bytes[index] != buffer2[index]) { break; } index++; } if (index >= bytes.Length) { flag = true; } } if (!flag) { throw new DeploymentException(ExceptionTypes.Subscription, Resources.GetString("Ex_ApplicationInplaceUpdate")); } } }
public static bool IsVerifiableHashCollection(HashCollection hashCollection) { foreach (Hash hash in hashCollection) { if (!ComponentVerifier.IsVerifiableHash(hash)) { return(false); } } return(true); }
protected static void VerifyManifestComponentFiles(AssemblyManifest manifest, string componentPath, bool ignoreSelfReferentialFileHash) { string directoryName = Path.GetDirectoryName(componentPath); foreach (System.Deployment.Application.Manifest.File file in manifest.Files) { string str = Path.Combine(directoryName, file.NameFS); if ((!ignoreSelfReferentialFileHash || string.Compare(componentPath, str, StringComparison.OrdinalIgnoreCase) != 0) && System.IO.File.Exists(str)) { ComponentVerifier.VerifyFileHash(str, file.HashCollection); } } }
private static bool FileHashVerified(HashCollection hashCollection, string location) { try { ComponentVerifier.VerifyFileHash(location, hashCollection); } catch (InvalidDeploymentException ex) { if (ex.SubType == ExceptionTypes.HashValidation) { return(false); } throw; } return(true); }
public static byte[] GenerateDigestValue(string filePath, CMS_HASH_DIGESTMETHOD digestMethod, CMS_HASH_TRANSFORM transform) { Stream inputStream = (Stream)null; try { HashAlgorithm hashAlgorithm = ComponentVerifier.GetHashAlgorithm(digestMethod); inputStream = ComponentVerifier.GetTransformedStream(filePath, transform); return(hashAlgorithm.ComputeHash(inputStream)); } finally { if (inputStream != null) { inputStream.Close(); } } }
public static void VerifyFileHash(string filePath, Hash hash) { string fileName = Path.GetFileName(filePath); byte[] digestValue1; try { digestValue1 = ComponentVerifier.GenerateDigestValue(filePath, hash.DigestMethod, hash.Transform); } catch (IOException ex) { throw new InvalidDeploymentException(ExceptionTypes.HashValidation, Resources.GetString("Ex_HashValidationException"), (Exception)ex); } byte[] digestValue2 = hash.DigestValue; bool flag = false; if (digestValue1.Length == digestValue2.Length) { int index = 0; while (index < digestValue2.Length && (int)digestValue2[index] == (int)digestValue1[index]) { ++index; } if (index >= digestValue2.Length) { flag = true; } } if (!flag) { Logger.AddInternalState("File," + fileName + ", has a different computed hash than specified in manifest. Computed hash is " + Encoding.UTF8.GetString(digestValue1) + ". Specified hash is " + Encoding.UTF8.GetString(digestValue2)); throw new InvalidDeploymentException(ExceptionTypes.HashValidation, string.Format((IFormatProvider)CultureInfo.CurrentUICulture, Resources.GetString("Ex_DifferentHashes"), new object[1] { (object)fileName })); } }
public override void Verify() { ComponentVerifier.VerifyStrongNameAssembly(this._filePath, this._assemblyManifest); }
public override void Verify() { ComponentVerifier.VerifyFileHash(this._filePath, this._hashCollection); }
public static void VerifyStrongNameAssembly(string filePath, AssemblyManifest assemblyManifest) { string fileName = Path.GetFileName(filePath); if (assemblyManifest.Identity.PublicKeyToken == null) { throw new InvalidDeploymentException(ExceptionTypes.Validation, string.Format((IFormatProvider)CultureInfo.CurrentUICulture, Resources.GetString("Ex_StrongNameAsmWithNoPKT"), new object[1] { (object)fileName })); } bool ignoreSelfReferentialFileHash = false; if (assemblyManifest.ManifestSourceFormat == ManifestSourceFormat.XmlFile) { assemblyManifest.ValidateSignature((Stream)null); } else if (assemblyManifest.ManifestSourceFormat == ManifestSourceFormat.ID_1) { if (assemblyManifest.ComplibIdentity == null) { PEStream peStream = (PEStream)null; MemoryStream memoryStream = (MemoryStream)null; try { peStream = new PEStream(filePath, true); byte[] manifestResource = peStream.GetDefaultId1ManifestResource(); if (manifestResource != null) { memoryStream = new MemoryStream(manifestResource); } if (memoryStream != null) { assemblyManifest.ValidateSignature((Stream)memoryStream); } else { throw new InvalidDeploymentException(ExceptionTypes.StronglyNamedAssemblyVerification, string.Format((IFormatProvider)CultureInfo.CurrentUICulture, Resources.GetString("Ex_StronglyNamedAssemblyNotVerifiable"), new object[1] { (object)fileName })); } } finally { if (peStream != null) { peStream.Close(); } if (memoryStream != null) { memoryStream.Close(); } } } else { if (!assemblyManifest.ComplibIdentity.Equals((object)assemblyManifest.Identity)) { throw new InvalidDeploymentException(ExceptionTypes.IdentityMatchValidationForMixedModeAssembly, string.Format((IFormatProvider)CultureInfo.CurrentUICulture, Resources.GetString("Ex_IdentitiesDoNotMatchForMixedModeAssembly"), new object[1] { (object)fileName })); } bool pfWasVerified; if (!StrongNameHelpers.StrongNameSignatureVerificationEx(filePath, false, out pfWasVerified)) { throw new InvalidDeploymentException(ExceptionTypes.SignatureValidation, string.Format((IFormatProvider)CultureInfo.CurrentUICulture, Resources.GetString("Ex_StrongNameSignatureInvalid"), new object[1] { (object)fileName })); } ignoreSelfReferentialFileHash = true; } } else if (assemblyManifest.ManifestSourceFormat == ManifestSourceFormat.CompLib) { bool pfWasVerified; if (!StrongNameHelpers.StrongNameSignatureVerificationEx(filePath, false, out pfWasVerified)) { throw new InvalidDeploymentException(ExceptionTypes.SignatureValidation, string.Format((IFormatProvider)CultureInfo.CurrentUICulture, Resources.GetString("Ex_StrongNameSignatureInvalid"), new object[1] { (object)fileName })); } ignoreSelfReferentialFileHash = true; } else { throw new InvalidDeploymentException(ExceptionTypes.StronglyNamedAssemblyVerification, string.Format((IFormatProvider)CultureInfo.CurrentUICulture, Resources.GetString("Ex_StronglyNamedAssemblyNotVerifiable"), new object[1] { (object)fileName })); } ComponentVerifier.VerifyManifestComponentFiles(assemblyManifest, filePath, ignoreSelfReferentialFileHash); }
public static AssemblyManifest DownloadApplicationManifest(AssemblyManifest deploymentManifest, string targetDir, Uri deploymentUri, IDownloadNotification notification, DownloadOptions options, out Uri appSourceUri, out string appManifestPath) { Logger.AddMethodCall("DownloadApplicationManifest called."); DependentAssembly dependentAssembly = deploymentManifest.MainDependentAssembly; if (dependentAssembly == null || dependentAssembly.Codebase == null) { throw new InvalidDeploymentException(ExceptionTypes.ManifestSemanticValidation, Resources.GetString("Ex_NoAppInDeploymentManifest")); } appSourceUri = new Uri(deploymentUri, dependentAssembly.Codebase); Zone fromUrl1 = Zone.CreateFromUrl(deploymentUri.AbsoluteUri); Zone fromUrl2 = Zone.CreateFromUrl(appSourceUri.AbsoluteUri); if (!fromUrl1.Equals((object)fromUrl2)) { Logger.AddInternalState("Deployment and application does not have matching security zones. deploymentZone=" + (object)fromUrl1 + ",applicationZone=" + (object)fromUrl2); throw new InvalidDeploymentException(ExceptionTypes.Zone, Resources.GetString("Ex_DeployAppZoneMismatch")); } appManifestPath = Path.Combine(targetDir, dependentAssembly.Identity.Name + ".manifest"); ServerInformation serverInformation; AssemblyManifest assemblyManifest = DownloadManager.DownloadManifest(ref appSourceUri, appManifestPath, notification, options, AssemblyManifest.ManifestType.Application, out serverInformation); Logger.SetApplicationUrl(appSourceUri); Logger.SetApplicationServerInformation(serverInformation); Zone fromUrl3 = Zone.CreateFromUrl(appSourceUri.AbsoluteUri); if (!fromUrl1.Equals((object)fromUrl3)) { Logger.AddInternalState("Deployment and application does not have matching security zones. deploymentZone=" + (object)fromUrl1 + ",applicationZone=" + (object)fromUrl3); throw new InvalidDeploymentException(ExceptionTypes.Zone, Resources.GetString("Ex_DeployAppZoneMismatch")); } if (assemblyManifest.Identity.Equals((object)deploymentManifest.Identity)) { throw new InvalidDeploymentException(ExceptionTypes.ManifestSemanticValidation, string.Format((IFormatProvider)CultureInfo.CurrentUICulture, Resources.GetString("Ex_DepSameDeploymentAndApplicationIdentity"), new object[1] { (object)assemblyManifest.Identity.ToString() })); } if (!assemblyManifest.Identity.Matches(dependentAssembly.Identity, assemblyManifest.Application)) { throw new InvalidDeploymentException(ExceptionTypes.SubscriptionSemanticValidation, Resources.GetString("Ex_RefDefMismatch")); } if (!PolicyKeys.SkipApplicationDependencyHashCheck()) { try { ComponentVerifier.VerifyFileHash(appManifestPath, dependentAssembly.HashCollection); } catch (InvalidDeploymentException ex) { if (ex.SubType == ExceptionTypes.HashValidation) { throw new InvalidDeploymentException(ExceptionTypes.HashValidation, Resources.GetString("Ex_AppManInvalidHash"), (Exception)ex); } throw; } } if (assemblyManifest.RequestedExecutionLevel != null) { Logger.AddInternalState("Application manifest has RequestedExecutionLevel specified. Check requested privileges."); DownloadManager.VerifyRequestedPrivilegesSupport(assemblyManifest.RequestedExecutionLevel); } return(assemblyManifest); }