Merge pull request #7323 from sujitnayak/main

sujitnayak · web-flow · commit de1d7a295d70 · 2022-02-01T10:20:10.000-08:00
Provide option to fail ClickOnce publish if RFC3161 timestamping fails.
diff --git a/src/MSBuild/MSBuild/Microsoft.Build.CommonTypes.xsd b/src/MSBuild/MSBuild/Microsoft.Build.CommonTypes.xsd
@@ -3386,6 +3386,9 @@ elementFormDefault="qualified">
                     <xs:attribute name="CertificateThumbprint" use="required" />
                     <xs:attribute name="SigningTarget" use="required" />
                     <xs:attribute name="TimestampUrl" />
+                    <xs:attribute name="TargetFrameworkIdentifier" />
+                    <xs:attribute name="TargetFrameworkVersion" />
+                    <xs:attribute name="DisallowMansignTimestampFallback" />
                 </xs:extension>
             </xs:complexContent>
         </xs:complexType>
diff --git a/src/Tasks/ManifestUtil/SecurityUtil.cs b/src/Tasks/ManifestUtil/SecurityUtil.cs
@@ -528,6 +528,25 @@ public static void SignFile(string certThumbprint,
                                     string path,
                                     string targetFrameworkVersion,
                                     string targetFrameworkIdentifier)
+        {
+            SignFile(certThumbprint, timestampUrl, path, targetFrameworkVersion, targetFrameworkIdentifier, false);
+        }
+
+        /// <summary>
+        /// Signs a ClickOnce manifest or PE file.
+        /// </summary>
+        /// <param name="certThumbprint">Hexadecimal string that contains the SHA-1 hash of the certificate.</param>
+        /// <param name="timestampUrl">URL that specifies an address of a time stamping server.</param>
+        /// <param name="path">Path of the file to sign with the certificate.</param>
+        /// <param name="targetFrameworkVersion">Version of the .NET Framework for the target.</param>
+        /// <param name="targetFrameworkIdentifier">.NET Framework identifier for the target.</param>
+        /// <param name="disallowMansignTimestampFallback">Disallow fallback to legacy timestamping when RFC3161 timestamping fails during manifest signing</param>
+        public static void SignFile(string certThumbprint,
+                                    Uri timestampUrl,
+                                    string path,
+                                    string targetFrameworkVersion,
+                                    string targetFrameworkIdentifier,
+                                    bool disallowMansignTimestampFallback)
         {
             System.Resources.ResourceManager resources = new System.Resources.ResourceManager("Microsoft.Build.Tasks.Core.Strings.ManifestUtilities", typeof(SecurityUtilities).Module.Assembly);
 
@@ -563,7 +582,7 @@ public static void SignFile(string certThumbprint,
                     // Use SHA-256 digest for .NET Core apps
                     isTargetFrameworkSha256Supported = true;
                 }
-                SignFileInternal(cert, timestampUrl, path, isTargetFrameworkSha256Supported, resources);
+                SignFileInternal(cert, timestampUrl, path, isTargetFrameworkSha256Supported, resources, disallowMansignTimestampFallback);
             }
             else
             {
@@ -611,7 +630,12 @@ public static void SignFile(X509Certificate2 cert, Uri timestampUrl, string path
             SignFileInternal(cert, timestampUrl, path, true, resources);
         }
 
-        private static void SignFileInternal(X509Certificate2 cert, Uri timestampUrl, string path, bool targetFrameworkSupportsSha256, System.Resources.ResourceManager resources)
+        private static void SignFileInternal(X509Certificate2 cert,
+                                            Uri timestampUrl,
+                                            string path,
+                                            bool targetFrameworkSupportsSha256,
+                                            System.Resources.ResourceManager resources,
+                                            bool disallowMansignTimestampFallback = false)
         {
             if (cert == null)
             {
@@ -686,7 +710,7 @@ private static void SignFileInternal(X509Certificate2 cert, Uri timestampUrl, st
                         if (timestampUrl == null)
                             manifest.Sign(signer);
                         else
-                            manifest.Sign(signer, timestampUrl.ToString());
+                            manifest.Sign(signer, timestampUrl.ToString(), disallowMansignTimestampFallback);
                         doc.Save(path);
                     }
                     catch (Exception ex)
@@ -790,9 +814,9 @@ internal static string GetCommandLineParameters(string certThumbprint, Uri times
             if (timestampUrl != null)
             {
                 commandLine.AppendFormat(CultureInfo.InvariantCulture,
-                                                "{0} {1} ",
-                                                useRFC3161Timestamp ? "/tr" : "/t",
-                                                timestampUrl.ToString());
+                                            "{0} {1} ",
+                                            useRFC3161Timestamp ? "/tr" : "/t",
+                                            timestampUrl.ToString());
             }
             commandLine.AppendFormat(CultureInfo.InvariantCulture, "\"{0}\"", path);
             return commandLine.ToString();
diff --git a/src/Tasks/ManifestUtil/mansign2.cs b/src/Tasks/ManifestUtil/mansign2.cs
@@ -319,7 +319,7 @@ internal void Sign(CmiManifestSigner2 signer)
             Sign(signer, null);
         }
 
-        internal void Sign(CmiManifestSigner2 signer, string timeStampUrl)
+        internal void Sign(CmiManifestSigner2 signer, string timeStampUrl, bool disallowMansignTimestampFallback = false)
         {
             // Reset signer infos.
             _strongNameSignerInfo = null;
@@ -350,7 +350,7 @@ internal void Sign(CmiManifestSigner2 signer, string timeStampUrl)
 
                 // Now create the license DOM, and then sign it.
                 licenseDom = CreateLicenseDom(signer, ExtractPrincipalFromManifest(), ComputeHashFromManifest(_manifestDom, _useSha256));
-                AuthenticodeSignLicenseDom(licenseDom, signer, timeStampUrl, _useSha256);
+                AuthenticodeSignLicenseDom(licenseDom, signer, timeStampUrl, _useSha256, disallowMansignTimestampFallback);
             }
             StrongNameSignManifestDom(_manifestDom, licenseDom, signer, _useSha256);
         }
@@ -676,7 +676,7 @@ private static XmlDocument CreateLicenseDom(CmiManifestSigner2 signer, XmlElemen
             return licenseDom;
         }
 
-        private static void AuthenticodeSignLicenseDom(XmlDocument licenseDom, CmiManifestSigner2 signer, string timeStampUrl, bool useSha256)
+        private static void AuthenticodeSignLicenseDom(XmlDocument licenseDom, CmiManifestSigner2 signer, string timeStampUrl, bool useSha256, bool disallowMansignTimestampFallback)
         {
             // Make sure it is RSA, as this is the only one Fusion will support.
 #if RUNTIME_TYPE_NETCORE
@@ -747,7 +747,7 @@ private static void AuthenticodeSignLicenseDom(XmlDocument licenseDom, CmiManife
             // Time stamp it if requested.
             if (!string.IsNullOrEmpty(timeStampUrl))
             {
-                TimestampSignedLicenseDom(licenseDom, timeStampUrl, useSha256);
+                TimestampSignedLicenseDom(licenseDom, timeStampUrl, useSha256, disallowMansignTimestampFallback);
             }
 
             // Wrap it inside a RelData element.
@@ -831,7 +831,7 @@ private static string ObtainRFC3161Timestamp(string timeStampUrl, string signatu
             return timestamp;
         }
 
-        private static void TimestampSignedLicenseDom(XmlDocument licenseDom, string timeStampUrl, bool useSha256)
+        private static void TimestampSignedLicenseDom(XmlDocument licenseDom, string timeStampUrl, bool useSha256, bool disallowMansignTimestampFallback)
         {
             XmlNamespaceManager nsm = new XmlNamespaceManager(licenseDom.NameTable);
             nsm.AddNamespace("r", LicenseNamespaceUri);
@@ -850,31 +850,38 @@ private static void TimestampSignedLicenseDom(XmlDocument licenseDom, string tim
             // Catch CryptographicException to ensure fallback to old code (non-RFC3161)
             catch (CryptographicException)
             {
-                Win32.CRYPT_DATA_BLOB timestampBlob = new Win32.CRYPT_DATA_BLOB();
+                if (disallowMansignTimestampFallback)
+                {
+                    throw;
+                }
+                else
+                {
+                    Win32.CRYPT_DATA_BLOB timestampBlob = new Win32.CRYPT_DATA_BLOB();
 
-                byte[] licenseXml = Encoding.UTF8.GetBytes(licenseDom.OuterXml);
+                    byte[] licenseXml = Encoding.UTF8.GetBytes(licenseDom.OuterXml);
 
-                unsafe
-                {
-                    fixed (byte* pbLicense = licenseXml)
+                    unsafe
                     {
-                        Win32.CRYPT_DATA_BLOB licenseBlob = new Win32.CRYPT_DATA_BLOB();
-                        IntPtr pvLicense = new IntPtr(pbLicense);
-                        licenseBlob.cbData = (uint)licenseXml.Length;
-                        licenseBlob.pbData = pvLicense;
-
-                        int hr = Win32.CertTimestampAuthenticodeLicense(ref licenseBlob, timeStampUrl, ref timestampBlob);
-                        if (hr != Win32.S_OK)
+                        fixed (byte* pbLicense = licenseXml)
                         {
-                            throw new CryptographicException(hr);
+                            Win32.CRYPT_DATA_BLOB licenseBlob = new Win32.CRYPT_DATA_BLOB();
+                            IntPtr pvLicense = new IntPtr(pbLicense);
+                            licenseBlob.cbData = (uint)licenseXml.Length;
+                            licenseBlob.pbData = pvLicense;
+
+                            int hr = Win32.CertTimestampAuthenticodeLicense(ref licenseBlob, timeStampUrl, ref timestampBlob);
+                            if (hr != Win32.S_OK)
+                            {
+                                throw new CryptographicException(hr);
+                            }
                         }
                     }
-                }
 
-                byte[] timestampSignature = new byte[timestampBlob.cbData];
-                Marshal.Copy(timestampBlob.pbData, timestampSignature, 0, timestampSignature.Length);
-                Win32.HeapFree(Win32.GetProcessHeap(), 0, timestampBlob.pbData);
-                timestamp = Encoding.UTF8.GetString(timestampSignature);
+                    byte[] timestampSignature = new byte[timestampBlob.cbData];
+                    Marshal.Copy(timestampBlob.pbData, timestampSignature, 0, timestampSignature.Length);
+                    Win32.HeapFree(Win32.GetProcessHeap(), 0, timestampBlob.pbData);
+                    timestamp = Encoding.UTF8.GetString(timestampSignature);
+                }
             }
 
             XmlElement asTimestamp = licenseDom.CreateElement("as", "Timestamp", AuthenticodeNamespaceUri);
diff --git a/src/Tasks/Microsoft.Common.CurrentVersion.targets b/src/Tasks/Microsoft.Common.CurrentVersion.targets
@@ -5984,6 +5984,7 @@ Copyright (C) Microsoft Corporation. All rights reserved.
         SigningTarget="$(_DeploymentApplicationDir)$(_DeploymentTargetApplicationManifestFileName)"
         TargetFrameworkIdentifier="$(TargetFrameworkIdentifier)"
         TargetFrameworkVersion="$(TargetFrameworkVersion)"
+        DisallowMansignTimestampFallback="$(DisallowMansignTimestampFallback)"
         Condition="'$(_DeploymentSignClickOnceManifests)'=='true'" />
 
     <!-- Update entry point path in deploy manifest -->
@@ -6004,6 +6005,7 @@ Copyright (C) Microsoft Corporation. All rights reserved.
         SigningTarget="$(PublishDir)$(TargetDeployManifestFileName)"
         TargetFrameworkIdentifier="$(TargetFrameworkIdentifier)"
         TargetFrameworkVersion="$(TargetFrameworkVersion)"
+        DisallowMansignTimestampFallback="$(DisallowMansignTimestampFallback)"
         Condition="'$(_DeploymentSignClickOnceManifests)'=='true'" />
 
     <SignFile
diff --git a/src/Tasks/PublicAPI/net/PublicAPI.Unshipped.txt b/src/Tasks/PublicAPI/net/PublicAPI.Unshipped.txt
@@ -0,0 +1,3 @@
+Microsoft.Build.Tasks.SignFile.DisallowMansignTimestampFallback.get -> bool
+Microsoft.Build.Tasks.SignFile.DisallowMansignTimestampFallback.set -> void
+static Microsoft.Build.Tasks.Deployment.ManifestUtilities.SecurityUtilities.SignFile(string certThumbprint, System.Uri timestampUrl, string path, string targetFrameworkVersion, string targetFrameworkIdentifier, bool disallowMansignTimestampFallback) -> void
diff --git a/src/Tasks/PublicAPI/netstandard/PublicAPI.Unshipped.txt b/src/Tasks/PublicAPI/netstandard/PublicAPI.Unshipped.txt
@@ -0,0 +1,3 @@
+Microsoft.Build.Tasks.SignFile.DisallowMansignTimestampFallback.get -> bool
+Microsoft.Build.Tasks.SignFile.DisallowMansignTimestampFallback.set -> void
+static Microsoft.Build.Tasks.Deployment.ManifestUtilities.SecurityUtilities.SignFile(string certThumbprint, System.Uri timestampUrl, string path, string targetFrameworkVersion, string targetFrameworkIdentifier, bool disallowMansignTimestampFallback) -> void
diff --git a/src/Tasks/SignFile.cs b/src/Tasks/SignFile.cs
@@ -38,13 +38,19 @@ public SignFile()
 
         public string TimestampUrl { get; set; }
 
+        public bool DisallowMansignTimestampFallback { get; set; } = false;
+
         public override bool Execute()
         {
             try
             {
-                SecurityUtilities.SignFile(CertificateThumbprint,
-                TimestampUrl == null ? null : new Uri(TimestampUrl),
-                SigningTarget.ItemSpec, TargetFrameworkVersion, TargetFrameworkIdentifier);
+                SecurityUtilities.SignFile(
+                    CertificateThumbprint,
+                    TimestampUrl == null ? null : new Uri(TimestampUrl),
+                    SigningTarget.ItemSpec, 
+                    TargetFrameworkVersion, 
+                    TargetFrameworkIdentifier,
+                    DisallowMansignTimestampFallback);
                 return true;
             }
             catch (ArgumentException ex) when (ex.ParamName.Equals("certThumbprint"))

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+Microsoft.Build.Tasks.SignFile.DisallowMansignTimestampFallback.get -> bool`
	`2`	`+Microsoft.Build.Tasks.SignFile.DisallowMansignTimestampFallback.set -> void`
	`3`	`+static Microsoft.Build.Tasks.Deployment.ManifestUtilities.SecurityUtilities.SignFile(string certThumbprint, System.Uri timestampUrl, string path, string targetFrameworkVersion, string targetFrameworkIdentifier, bool disallowMansignTimestampFallback) -> void`