-
Notifications
You must be signed in to change notification settings - Fork 4k
/
DesktopStrongNameProvider.cs
291 lines (251 loc) · 11.4 KB
/
DesktopStrongNameProvider.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
// See the LICENSE file in the project root for more information.
using System;
using System.Collections.Immutable;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Reflection.Metadata;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using Microsoft.Cci;
using Microsoft.CodeAnalysis.Interop;
using Roslyn.Utilities;
namespace Microsoft.CodeAnalysis
{
/// <summary>
/// Provides strong name and signs source assemblies.
/// </summary>
public class DesktopStrongNameProvider : StrongNameProvider
{
// This exception is only used to detect when the acquisition of IClrStrongName fails
// and the likely reason is that we're running on CoreCLR on a non-Windows platform.
// The place where the acquisition fails does not have access to localization,
// so we can't throw some generic exception with a localized message.
// So this is sort of a token for the eventual message to be generated.
// The path from where this is thrown to where it is caught is all internal,
// so there's no chance of an API consumer seeing it.
internal sealed class ClrStrongNameMissingException : Exception
{
}
private readonly ImmutableArray<string> _keyFileSearchPaths;
internal override StrongNameFileSystem FileSystem { get; }
public DesktopStrongNameProvider(ImmutableArray<string> keyFileSearchPaths) : this(keyFileSearchPaths, StrongNameFileSystem.Instance)
{
}
/// <summary>
/// Creates an instance of <see cref="DesktopStrongNameProvider"/>.
/// </summary>
/// <param name="tempPath">Path to use for any temporary file generation.</param>
/// <param name="keyFileSearchPaths">An ordered set of fully qualified paths which are searched when locating a cryptographic key file.</param>
public DesktopStrongNameProvider(ImmutableArray<string> keyFileSearchPaths = default, string? tempPath = null)
: this(keyFileSearchPaths, tempPath == null ? StrongNameFileSystem.Instance : new StrongNameFileSystem(tempPath))
{
}
internal DesktopStrongNameProvider(ImmutableArray<string> keyFileSearchPaths, StrongNameFileSystem strongNameFileSystem)
{
if (!keyFileSearchPaths.IsDefault && keyFileSearchPaths.Any(path => !PathUtilities.IsAbsolute(path)))
{
throw new ArgumentException(CodeAnalysisResources.AbsolutePathExpected, nameof(keyFileSearchPaths));
}
FileSystem = strongNameFileSystem ?? StrongNameFileSystem.Instance;
_keyFileSearchPaths = keyFileSearchPaths.NullToEmpty();
}
internal override StrongNameKeys CreateKeys(string? keyFilePath, string? keyContainerName, bool hasCounterSignature, CommonMessageProvider messageProvider)
{
var keyPair = default(ImmutableArray<byte>);
var publicKey = default(ImmutableArray<byte>);
string? container = null;
if (!string.IsNullOrEmpty(keyFilePath))
{
try
{
string? resolvedKeyFile = ResolveStrongNameKeyFile(keyFilePath, FileSystem, _keyFileSearchPaths);
if (resolvedKeyFile == null)
{
return new StrongNameKeys(StrongNameKeys.GetKeyFileError(messageProvider, keyFilePath, CodeAnalysisResources.FileNotFound));
}
Debug.Assert(PathUtilities.IsAbsolute(resolvedKeyFile));
var fileContent = ImmutableArray.Create(FileSystem.ReadAllBytes(resolvedKeyFile));
return StrongNameKeys.CreateHelper(fileContent, keyFilePath, hasCounterSignature);
}
catch (Exception ex)
{
return new StrongNameKeys(StrongNameKeys.GetKeyFileError(messageProvider, keyFilePath, ex.Message));
}
}
else if (!string.IsNullOrEmpty(keyContainerName))
{
try
{
ReadKeysFromContainer(keyContainerName, out publicKey);
container = keyContainerName;
}
catch (ClrStrongNameMissingException)
{
return new StrongNameKeys(StrongNameKeys.GetContainerError(messageProvider, keyContainerName,
new CodeAnalysisResourcesLocalizableErrorArgument(nameof(CodeAnalysisResources.AssemblySigningNotSupported))));
}
catch (Exception ex)
{
return new StrongNameKeys(StrongNameKeys.GetContainerError(messageProvider, keyContainerName, ex.Message));
}
}
return new StrongNameKeys(keyPair, publicKey, privateKey: null, container, keyFilePath, hasCounterSignature);
}
/// <summary>
/// Resolves assembly strong name key file path.
/// </summary>
/// <returns>Normalized key file path or null if not found.</returns>
internal static string? ResolveStrongNameKeyFile(string path, StrongNameFileSystem fileSystem, ImmutableArray<string> keyFileSearchPaths)
{
// Dev11: key path is simply appended to the search paths, even if it starts with the current (parent) directory ("." or "..").
// This is different from PathUtilities.ResolveRelativePath.
if (PathUtilities.IsAbsolute(path))
{
if (fileSystem.FileExists(path))
{
return FileUtilities.TryNormalizeAbsolutePath(path);
}
return path;
}
foreach (var searchPath in keyFileSearchPaths)
{
string? combinedPath = PathUtilities.CombineAbsoluteAndRelativePaths(searchPath, path);
Debug.Assert(combinedPath == null || PathUtilities.IsAbsolute(combinedPath));
if (fileSystem.FileExists(combinedPath))
{
return FileUtilities.TryNormalizeAbsolutePath(combinedPath!);
}
}
return null;
}
internal virtual void ReadKeysFromContainer(string keyContainer, out ImmutableArray<byte> publicKey)
{
try
{
publicKey = GetPublicKey(keyContainer);
}
catch (ClrStrongNameMissingException)
{
// pipe it through so it's catchable directly by type
throw;
}
catch (Exception ex)
{
throw new IOException(ex.Message);
}
}
internal override void SignFile(StrongNameKeys keys, string filePath)
{
Debug.Assert(string.IsNullOrEmpty(keys.KeyFilePath) != string.IsNullOrEmpty(keys.KeyContainer));
if (!string.IsNullOrEmpty(keys.KeyFilePath))
{
Sign(filePath, keys.KeyPair);
}
else
{
Sign(filePath, keys.KeyContainer!);
}
}
internal override void SignBuilder(ExtendedPEBuilder peBuilder, BlobBuilder peBlob, RSAParameters privateKey)
{
peBuilder.Sign(peBlob, content => SigningUtilities.CalculateRsaSignature(content, privateKey));
}
// EDMAURER in the event that the key is supplied as a file,
// this type could get an instance member that caches the file
// contents to avoid reading the file twice - once to get the
// public key to establish the assembly name and another to do
// the actual signing
internal virtual IClrStrongName GetStrongNameInterface()
{
try
{
return ClrStrongName.GetInstance();
}
catch (MarshalDirectiveException) when (PathUtilities.IsUnixLikePlatform)
{
// CoreCLR, when not on Windows, doesn't support IClrStrongName (or COM in general).
// This is really hard to detect/predict without false positives/negatives.
// It turns out that CoreCLR throws a MarshalDirectiveException when attempting
// to get the interface (Message "Cannot marshal 'return value': Unknown error."),
// so just catch that and state that it's not supported.
// We're deep in a try block that reports the exception's Message as part of a diagnostic.
// This exception will skip through the IOException wrapping by `Sign` (in this class),
// then caught by Compilation.SerializeToPeStream or DesktopStringNameProvider.CreateKeys
throw new ClrStrongNameMissingException();
}
}
internal ImmutableArray<byte> GetPublicKey(string keyContainer)
{
IClrStrongName strongName = GetStrongNameInterface();
IntPtr keyBlob;
int keyBlobByteCount;
strongName.StrongNameGetPublicKey(keyContainer, pbKeyBlob: default, 0, out keyBlob, out keyBlobByteCount);
byte[] pubKey = new byte[keyBlobByteCount];
Marshal.Copy(keyBlob, pubKey, 0, keyBlobByteCount);
strongName.StrongNameFreeBuffer(keyBlob);
return pubKey.AsImmutableOrNull();
}
/// <exception cref="IOException"/>
private void Sign(string filePath, string keyName)
{
try
{
IClrStrongName strongName = GetStrongNameInterface();
strongName.StrongNameSignatureGeneration(filePath, keyName, IntPtr.Zero, 0, null, pcbSignatureBlob: out _);
}
catch (ClrStrongNameMissingException)
{
// pipe it through so it's catchable directly by type
throw;
}
catch (Exception ex)
{
throw new IOException(ex.Message, ex);
}
}
private unsafe void Sign(string filePath, ImmutableArray<byte> keyPair)
{
try
{
IClrStrongName strongName = GetStrongNameInterface();
fixed (byte* pinned = keyPair.ToArray())
{
strongName.StrongNameSignatureGeneration(filePath, null, (IntPtr)pinned, keyPair.Length, null, pcbSignatureBlob: out _);
}
}
catch (ClrStrongNameMissingException)
{
// pipe it through so it's catchable directly by type
throw;
}
catch (Exception ex)
{
throw new IOException(ex.Message, ex);
}
}
public override int GetHashCode()
{
return Hash.CombineValues(_keyFileSearchPaths, StringComparer.Ordinal);
}
public override bool Equals(object? obj)
{
if (obj is null || GetType() != obj.GetType())
{
return false;
}
var other = (DesktopStrongNameProvider)obj;
if (FileSystem != other.FileSystem)
{
return false;
}
if (!_keyFileSearchPaths.SequenceEqual(other._keyFileSearchPaths, StringComparer.Ordinal))
{
return false;
}
return true;
}
}
}