Skip to content

Commit

Permalink
Merge pull request #4 from vcsjones/appx-support
Browse files Browse the repository at this point in the history 
Appx support
  • Loading branch information
@vcsjones
vcsjones authored Sep 7, 2017
2 parents a35cd0f + d7dc716 commit 7067676
Show file tree
Hide file tree
Showing 8 changed files with 314 additions and 94 deletions.
84 changes: 31 additions & 53 deletions AzureSignTool/AuthenticodeKeyVaultSigner.cs
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
using AzureSignTool.Interop;
using System;
using System.IO;
using System.Runtime.InteropServices;
using System.Security.Cryptography.X509Certificates;

Expand Down Expand Up @@ -32,41 +33,14 @@ public AuthenticodeKeyVaultSigner(AzureKeyVaultMaterializedConfiguration configu

public int SignFile(string path, string description, string descriptionUrl)
{
const SignerSignEx3Flags FLAGS = SignerSignEx3Flags.UNDOCUMENTED;
var flags = SignerSignEx3Flags.UNDOCUMENTED;

using (var contextReceiver = new PrimitiveStructureOutManager())
using (var sipState = new PrimitiveStructureOutManager())
using (var storeInfo = new AuthenticodeSignerCertStoreInfo(_certificateStore, _configuration.PublicCertificate))
using (var fileInfo = new AuthenticodeSignerFile(path))
using (var attributes = new AuthenticodeSignerAttributes(description, descriptionUrl))
{
var signerCert = new SIGNER_CERT
(
dwCertChoice: SignerCertChoice.SIGNER_CERT_STORE,
union: new SIGNER_CERT_UNION
{
pSpcChainInfo = storeInfo.Handle
}
);

var signatureInfo = new SIGNER_SIGNATURE_INFO(
algidHash: AlgorithmTranslator.HashAlgorithmToAlgId(_configuration.FileDigestAlgorithm),
psAuthenticated: IntPtr.Zero,
psUnauthenticated: IntPtr.Zero,
dwAttrChoice: SignerSignatureInfoAttrChoice.SIGNER_AUTHCODE_ATTR,
attrAuthUnion: new SIGNER_SIGNATURE_INFO_UNION
{
pAttrAuthcode = attributes.Handle
}
);

var subject = new SIGNER_SUBJECT_INFO
(
dwSubjectChoice: SignerSubjectInfoUnionChoice.SIGNER_SUBJECT_FILE,
pdwIndex: IntegerCache.Zero,
unionInfo: new SIGNER_SUBJECT_INFO_UNION(fileInfo.Handle)
);

var signInfo = new SIGN_INFO(callback: SignCallback);
SignerContextSafeHandle signerContext = null;
SignerSignTimeStampFlags timeStampFlags;
string timestampAlgorithmOid;
string timestampUrl;
Expand All @@ -87,32 +61,36 @@ public int SignFile(string path, string description, string descriptionUrl)
timestampAlgorithmOid = null;
timestampUrl = null;
break;

}
try
{
return mssign32.SignerSignEx3
(
FLAGS,
ref subject,
ref signerCert,
ref signatureInfo,
IntPtr.Zero,
timeStampFlags,
timestampAlgorithmOid,
timestampUrl,
IntPtr.Zero, IntPtr.Zero,
out signerContext,
IntPtr.Zero,
ref signInfo,
IntPtr.Zero
);
}
finally

using (var data = SipExtensionFactory.GetSipData(path, flags, contextReceiver, timeStampFlags, storeInfo, timestampUrl, timestampAlgorithmOid, SignCallback, _configuration.FileDigestAlgorithm, fileInfo, attributes))
{
if (signerContext?.IsInvalid == false)
try
{
return mssign32.SignerSignEx3
(
data.ModifyFlags(flags),
data.SubjectInfoHandle,
data.SignerCertHandle,
data.SignatureInfoHandle,
IntPtr.Zero,
timeStampFlags,
data.TimestampAlgorithmOidHandle,
data.TimestampUrlHandle,
IntPtr.Zero,
data.SipDataHandle,
contextReceiver.Handle,
IntPtr.Zero,
data.SignInfoHandle,
IntPtr.Zero
);
}
finally
{
signerContext.Close();
if (contextReceiver.Object.HasValue)
{
mssign32.SignerFreeSignerContext(contextReceiver.Object.Value);
}
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion AzureSignTool/AzureSignTool.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@
<OutputType>Exe</OutputType>
<TargetFramework>net462</TargetFramework>
<LangVersion>latest</LangVersion>
<PlatformTarget>x64</PlatformTarget>
</PropertyGroup>

<ItemGroup>
<PackageReference Include="Microsoft.Extensions.CommandLineUtils" Version="1.1.0" />
<PackageReference Include="System.ValueTuple" Version="4.3.0" />
Expand Down
17 changes: 0 additions & 17 deletions AzureSignTool/IntegerCache.cs
View file

This file was deleted.

57 changes: 35 additions & 22 deletions AzureSignTool/Interop/mssign32.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,18 +9,18 @@ internal static class mssign32
public static extern int SignerSignEx3
(
[param: In, MarshalAs(UnmanagedType.U4)] SignerSignEx3Flags dwFlags,
[param: In] ref SIGNER_SUBJECT_INFO pSubjectInfo,
[param: In] ref SIGNER_CERT pSignerCert,
[param: In] ref SIGNER_SIGNATURE_INFO pSignatureInfo,
[param: In] IntPtr pSubjectInfo,
[param: In] IntPtr pSignerCert,
[param: In] IntPtr pSignatureInfo,
[param: In] IntPtr pProviderInfo,
[param: In] SignerSignTimeStampFlags dwTimestampFlags,
[param: In, MarshalAs(UnmanagedType.LPStr)] string pszTimestampAlgorithmOid,
[param: In, MarshalAs(UnmanagedType.LPWStr)] string pwszHttpTimeStamp,
[param: In] IntPtr pszTimestampAlgorithmOid,
[param: In] IntPtr pwszHttpTimeStamp,
[param: In] IntPtr psRequest,
[param: In] IntPtr pSipData,
[param: Out] out SignerContextSafeHandle ppSignerContext,
[param: In] IntPtr ppSignerContext,
[param: In] IntPtr pCryptoPolicy,
[param: In, Out] ref SIGN_INFO pSignInfo,
[param: In] IntPtr pSignInfo,
[param: In] IntPtr pReserved
);

Expand Down Expand Up @@ -175,12 +175,11 @@ internal struct SIGN_INFO
{
public uint cbSize;

[MarshalAs(UnmanagedType.FunctionPtr)]
public SignCallback callback;
public IntPtr callback;

public IntPtr pvOpaque;

public SIGN_INFO(SignCallback callback)
public SIGN_INFO(IntPtr callback)
{
cbSize = (uint)Marshal.SizeOf<SIGN_INFO>();
this.callback = callback;
Expand Down Expand Up @@ -216,6 +215,32 @@ public SIGNER_ATTR_AUTHCODE(IntPtr pwszName, IntPtr pwszInfo)
}
}

[type: StructLayout(LayoutKind.Sequential)]
internal struct SIGNER_SIGN_EX3_PARAMS
{
public SignerSignEx3Flags dwFlags;
public IntPtr pSubjectInfo;
public IntPtr pSignerCert;
public IntPtr pSignatureInfo;
public IntPtr pProviderInfo;
public SignerSignTimeStampFlags dwTimestampFlags;
public IntPtr pszTimestampAlgorithmOid;
public IntPtr pwszHttpTimeStamp;
public IntPtr psRequest;
public IntPtr pSignCallBack;
public IntPtr ppSignerContext;
public IntPtr pCryptoPolicy;
public IntPtr pReserved;
}

[type: StructLayout(LayoutKind.Sequential)]
internal struct APPX_SIP_CLIENT_DATA
{
public IntPtr pSignerParams;
public IntPtr pAppxSipState;

}

[type: UnmanagedFunctionPointer(CallingConvention.Winapi)]
internal delegate int SignCallback(
[param: In, MarshalAs(UnmanagedType.SysInt)] IntPtr pCertContext,
Expand All @@ -225,16 +250,4 @@ internal delegate int SignCallback(
[param: In, MarshalAs(UnmanagedType.U4)] uint dwDigestToSign,
[param: Out] out CRYPTOAPI_BLOB blob
);

internal sealed class SignerContextSafeHandle : Microsoft.Win32.SafeHandles.SafeHandleZeroOrMinusOneIsInvalid
{
public SignerContextSafeHandle() : base(true)
{
}

protected override bool ReleaseHandle()
{
return mssign32.SignerFreeSignerContext(handle) == 0;
}
}
}
17 changes: 17 additions & 0 deletions AzureSignTool/NativeConstants.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
using System;
using System.Runtime.InteropServices;

namespace AzureSignTool
{
public static class NativeConstants
{
static NativeConstants()
{
//This memory is intended to live for the duration of the process. Don't free it.
ZeroDWORD = Marshal.AllocHGlobal(Marshal.SizeOf<uint>());
Marshal.WriteInt32(ZeroDWORD, 0);
}

public static IntPtr ZeroDWORD { get; }
}
}
2 changes: 1 addition & 1 deletion AzureSignTool/Program.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ static int Main(string[] args)
}
else
{
Console.WriteLine($"Signing failed with error {result}.");
Console.WriteLine($"Signing failed with error {result:X2}.");
}
return result;
}
Expand Down
Loading

0 comments on commit 7067676

Please sign in to comment.