//
// SN.cs: sn clone tool
//
// Author:
// Sebastien Pouliot <sebastien@ximian.com>
//
// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
// Copyright (C) 2004-2006,2008 Novell, Inc (http://www.novell.com)
//
using System;
using System.IO;
using System.Reflection;
using System.Security.Cryptography;
using System.Text;
using Mono.Security;
using Mono.Security.Cryptography;
using Mono.Security.X509;
[assembly: AssemblyTitle("Mono StrongName")]
[assembly: AssemblyDescription("StrongName utility for signing assemblies")]
namespace Mono.Tools {
class SN {
static private void Header ()
{
Console.WriteLine (new AssemblyInfo ().ToString ());
}
static string defaultCSP;
static bool LoadConfig (bool quiet)
{
MethodInfo config = typeof (System.Environment).GetMethod ("GetMachineConfigPath",
BindingFlags.Static|BindingFlags.NonPublic);
if (config != null) {
string path = (string) config.Invoke (null, null);
bool exist = File.Exists (path);
if (!quiet && !exist)
Console.WriteLine ("Couldn't find machine.config");
StrongNameManager.LoadConfig (path);
return exist;
}
else if (!quiet)
Console.WriteLine ("Couldn't resolve machine.config location (corlib issue)");
// default CSP
return false;
}
// TODO
static int SaveConfig ()
{
// default CSP
return 1;
}
static byte[] ReadFromFile (string fileName)
{
byte[] data = null;
FileStream fs = File.Open (fileName, FileMode.Open, FileAccess.Read, FileShare.Read);
try {
data = new byte [fs.Length];
fs.Read (data, 0, data.Length);
}
finally {
fs.Close ();
}
return data;
}
static void WriteToFile (string fileName, byte[] data)
{
FileStream fs = File.Open (fileName, FileMode.Create, FileAccess.Write);
try {
fs.Write (data, 0, data.Length);
}
finally {
fs.Close ();
}
}
static void WriteCSVToFile (string fileName, byte[] data, string mask)
{
StreamWriter sw = File.CreateText (fileName);
try {
for (int i=0; i < data.Length; i++) {
if (mask [0] == 'X')
sw.Write ("0x");
sw.Write (data [i].ToString (mask));
sw.Write (", ");
}
}
finally {
sw.Close ();
}
}
static string ToString (byte[] data)
{
StringBuilder sb = new StringBuilder ();
for (int i=0; i < data.Length; i++) {
if ((i % 39 == 0) && (data.Length > 39))
sb.Append (Environment.NewLine);
sb.Append (data [i].ToString ("x2"));
if (i > 2080) {
// ensure we can display up to 16384 bits keypair
sb.Append (" !!! TOO LONG !!!");
break;
}
}
return sb.ToString ();
}
static RSA GetKeyFromFile (string filename)
{
byte[] data = ReadFromFile (filename);
try {
// for SNK files (including the ECMA pseudo-key)
return new StrongName (data).RSA;
}
catch {
if (data.Length == 0 || data [0] != 0x30)
throw;
// this could be a PFX file
Console.Write ("Enter password for private key (will be visible when typed): ");
PKCS12 pfx = new PKCS12 (data, Console.ReadLine ());
// works only if a single key is present
if (pfx.Keys.Count != 1)
throw;
RSA rsa = (pfx.Keys [0] as RSA);
if (rsa == null)
throw;
return rsa;
}
}
#if false
// is assembly signed (or delayed signed) ?
static bool IsStrongNamed (Assembly assembly)
{
if (assembly == null)
return false;
object[] attrs = assembly.GetCustomAttributes (true);
foreach (object o in attrs) {
if (o is AssemblyKeyFileAttribute)
return true;
else if (o is AssemblyKeyNameAttribute)
return true;
}
return false;
}
#endif
static bool ReSign (string assemblyName, RSA key, bool quiet)
{
// this doesn't load the assembly (well it unloads it ;)
// http://weblogs.asp.net/nunitaddin/posts/9991.aspx
AssemblyName an = null;
try {
an = AssemblyName.GetAssemblyName (assemblyName);
}
catch {
}
if (an == null) {
Console.WriteLine ("Unable to load assembly: {0}", assemblyName);
return false;
}
StrongName sign = new StrongName (key);
byte[] token = an.GetPublicKeyToken ();
// first, try to compare using a mapped public key (e.g. ECMA)
bool same = Compare (sign.PublicKey, StrongNameManager.GetMappedPublicKey (token));
if (!same) {
// second, try to compare using the assembly public key
same = Compare (sign.PublicKey, an.GetPublicKey ());
if (!same) {
// third (and last) chance, try to compare public key token
same = Compare (sign.PublicKeyToken, token);
}
}
if (same) {
bool signed = sign.Sign (assemblyName);
if (!quiet || !signed) {
Console.WriteLine (signed ? "Assembly {0} signed." : "Couldn't sign the assembly {0}.",
assemblyName);
}
return signed;
}
Console.WriteLine ("Couldn't sign the assembly {0} with this key pair.", assemblyName);
return false;
}
static int Verify (string assemblyName, bool forceVerification, bool quiet)
{
// this doesn't load the assembly (well it unloads it ;)
// http://weblogs.asp.net/nunitaddin/posts/9991.aspx
AssemblyName an = null;
try {
an = AssemblyName.GetAssemblyName (assemblyName);
}
catch {
}
if (an == null) {
Console.WriteLine ("Unable to load assembly: {0}", assemblyName);
return 2;
}
byte[] publicKey = StrongNameManager.GetMappedPublicKey (an.GetPublicKeyToken ());
if ((publicKey == null) || (publicKey.Length < 12)) {
// no mapping
publicKey = an.GetPublicKey ();
if ((publicKey == null) || (publicKey.Length < 12)) {
Console.WriteLine ("{0} is not a strongly named assembly.", assemblyName);
return 2;
}
}
// Note: MustVerify is based on the original token (by design). Public key
// remapping won't affect if the assembly is verified or not.
if (forceVerification || StrongNameManager.MustVerify (an)) {
RSA rsa = CryptoConvert.FromCapiPublicKeyBlob (publicKey, 12);
StrongName sn = new StrongName (rsa);
if (sn.Verify (assemblyName)) {
if (!quiet)
Console.WriteLine ("Assembly {0} is strongnamed.", assemblyName);
return 0;
}
else {
Console.WriteLine ("Assembly {0} is delay-signed but not strongnamed", assemblyName);
return 1;
}
}
else {
Console.WriteLine ("Assembly {0} is strongnamed (verification skipped).", assemblyName);
return 0;
}
}
static bool Compare (byte[] value1, byte[] value2)
{
if ((value1 == null) || (value2 == null))
return false;
bool result = (value1.Length == value2.Length);
if (result) {
for (int i=0; i < value1.Length; i++) {
if (value1 [i] != value2 [i])
return false;
}
}
return result;
}
static void Help (string details)
{
Console.WriteLine ("Usage: sn [-q | -quiet] options [parameters]{0}", Environment.NewLine);
Console.WriteLine (" -q | -quiet \tQuiet mode (minimal display){0}", Environment.NewLine);
switch (details) {
case "config":
Console.WriteLine ("Configuration options <1>");
Console.WriteLine (" -c provider{0}\tChange the default CSP provider", Environment.NewLine);
Console.WriteLine (" -m [y|n]{0}\tUse a machine [y] key container or user key container [n]", Environment.NewLine);
Console.WriteLine (" -Vl{0}\tList the verification options", Environment.NewLine);
Console.WriteLine (" -Vr assembly [userlist]{0}\tExempt the specified assembly from verification for the user list", Environment.NewLine);
Console.WriteLine (" -Vu assembly{0}\tRemove exemption entry for the specified assembly", Environment.NewLine);
Console.WriteLine (" -Vx{0}\tRemove all exemptions entries", Environment.NewLine);
Console.WriteLine ("{0}<1> Currently not implemented in the tool", Environment.NewLine);
break;
case "csp":
Console.WriteLine ("CSP related options");
Console.WriteLine (" -d container{0}\tDelete the specified key container", Environment.NewLine);
Console.WriteLine (" -i keypair.snk container{0}\tImport the keypair from a SNK file into a CSP container", Environment.NewLine);
Console.WriteLine (" -pc container public.key{0}\tExport the public key from a CSP container to the specified file", Environment.NewLine);
break;
case "convert":
Console.WriteLine ("Convertion options");
Console.WriteLine (" -e assembly output.pub{0}\tExport the assembly public key to the specified file", Environment.NewLine);
Console.WriteLine (" -p keypair.snk output.pub{0}\tExport the public key from a SNK file to the specified file", Environment.NewLine);
Console.WriteLine (" -o input output.txt{0}\tConvert the input file to a CSV file (using decimal).", Environment.NewLine);
Console.WriteLine (" -oh input output.txt{0}\tConvert the input file to a CSV file (using hexadecimal).", Environment.NewLine);
break;
case "sn":
Console.WriteLine ("StrongName signing options");
Console.WriteLine (" -D assembly1 assembly2{0}\tCompare assembly1 and assembly2 (without signatures)", Environment.NewLine);
Console.WriteLine (" -k keypair.snk{0}\tCreate a new keypair in the specified file", Environment.NewLine);
Console.WriteLine (" -R assembly keypair.snk{0}\tResign the assembly with the specified StrongName key file", Environment.NewLine);
Console.WriteLine (" -Rc assembly container{0}\tResign the assembly with the specified CSP container", Environment.NewLine);
Console.WriteLine (" -t file{0}\tShow the public key token from the specified file", Environment.NewLine);
Console.WriteLine (" -tp file{0}\tShow the public key and pk token from the specified file", Environment.NewLine);
Console.WriteLine (" -T assembly{0}\tShow the public key token from the specified assembly", Environment.NewLine);
Console.WriteLine (" -Tp assembly{0}\tShow the public key and pk token from the specified assembly", Environment.NewLine);
Console.WriteLine (" -v assembly{0}\tVerify the specified assembly signature", Environment.NewLine);
Console.WriteLine (" -vf assembly{0}\tVerify the specified assembly signature (even if disabled).", Environment.NewLine);
break;
default:
Console.WriteLine ("Help options");
Console.WriteLine (" -? | -h \tShow this help screen about the tool");
Console.WriteLine (" -? | -h config \tConfiguration options");
Console.WriteLine (" -? | -h csp \tCrypto Service Provider (CSP) related options");
Console.WriteLine (" -? | -h convert\tFormat convertion options");
Console.WriteLine (" -? | -h sn \tStrongName signing options");
break;
}
}
static int Process (string[] args)
{
int i = 0;
string param = args [i];
bool quiet = ((param == "-quiet") || (param == "-q"));
if (quiet)
i++;
else
Header();
LoadConfig (quiet);
StrongName sn = null;
AssemblyName an = null;
RSACryptoServiceProvider rsa = null;
CspParameters csp = new CspParameters ();
csp.ProviderName = defaultCSP;
switch (args [i++]) {
case "-c":
// Change global CSP provider options
defaultCSP = args [i];
return SaveConfig ();
case "-d":
// Delete specified key container
csp.KeyContainerName = args [i];
rsa = new RSACryptoServiceProvider (csp);
rsa.PersistKeyInCsp = false;
if (!quiet)
Console.WriteLine ("Keypair in container {0} has been deleted", args [i]);
break;
case "-D":
StrongName a1 = new StrongName ();
byte[] h1 = a1.Hash (args [i++]);
StrongName a2 = new StrongName ();
byte[] h2 = a2.Hash (args [i++]);
if (Compare (h1, h2)) {
Console.WriteLine ("Both assembly are identical (same digest for metadata)");
// TODO: if equals then compare signatures
}
else
Console.WriteLine ("Assemblies are not identical (different digest for metadata)");
break;
case "-e":
// Export public key from assembly
an = AssemblyName.GetAssemblyName (args [i++]);
WriteToFile (args[i], an.GetPublicKey ());
if (!quiet)
Console.WriteLine ("Public Key extracted to file {0}", args [i]);
break;
case "-i":
// import keypair from SNK to container
sn = new StrongName (ReadFromFile (args [i++]));
csp.KeyContainerName = args [i];
rsa = new RSACryptoServiceProvider (csp);
rsa.ImportParameters (sn.RSA.ExportParameters (true));
break;
case "-k":
// Create a new strong name key pair
// (a new RSA keypair automagically if none is present)
int size = 1024;
if (i < args.Length + 2) {
try {
size = Int32.Parse (args[i++]);
}
catch {
// oops, that wasn't a valid key size (assume 1024 bits)
i--;
}
}
sn = new StrongName (size);
WriteToFile (args[i], CryptoConvert.ToCapiKeyBlob (sn.RSA, true));
if (!quiet)
Console.WriteLine ("A new {0} bits strong name keypair has been generated in file '{1}'.", size, args [i]);
break;
case "-m":
Console.WriteLine ("Unimplemented option");
break;
case "-o":
byte[] infileD = ReadFromFile (args [i++]);
WriteCSVToFile (args [i], infileD, "D");
if (!quiet)
Console.WriteLine ("Output CSV file is {0} (decimal format)", args [i]);
break;
case "-oh":
byte[] infileX2 = ReadFromFile (args [i++]);
WriteCSVToFile (args [i], infileX2, "X2");
if (!quiet)
Console.WriteLine ("Output CVS file is {0} (hexadecimal format)", args [i]);
break;
case "-p":
// Extract public key from SNK or PKCS#12/PFX file
sn = new StrongName (GetKeyFromFile (args [i++]));
WriteToFile (args[i], sn.PublicKey);
if (!quiet)
Console.WriteLine ("Public Key extracted to file {0}", args [i]);
break;
case "-pc":
// Extract public key from container
csp.KeyContainerName = args [i++];
rsa = new RSACryptoServiceProvider (csp);
sn = new StrongName (rsa);
WriteToFile (args[i], sn.PublicKey);
if (!quiet)
Console.WriteLine ("Public Key extracted to file {0}", args [i]);
break;
case "-R":
string filename = args [i++];
if (! ReSign (filename, GetKeyFromFile (args [i]), quiet))
return 1;
break;
case "-Rc":
filename = args [i++];
csp.KeyContainerName = args [i];
rsa = new RSACryptoServiceProvider (csp);
if (! ReSign (filename, rsa, quiet))
return 1;
break;
case "-t":
// Show public key token from file
sn = new StrongName (ReadFromFile (args [i]));
// note: ignore quiet
Console.WriteLine ("Public Key Token: " + ToString (sn.PublicKeyToken), Environment.NewLine);
break;
case "-tp":
// Show public key and public key token from assembly
sn = new StrongName (ReadFromFile (args [i]));
// note: ignore quiet
Console.WriteLine ("Public Key:" + ToString (sn.PublicKey));
Console.WriteLine ("{0}Public Key Token: " + ToString (sn.PublicKeyToken), Environment.NewLine);
break;
case "-T":
// Show public key token from assembly
an = AssemblyName.GetAssemblyName (args [i++]);
// note: ignore quiet
byte [] pkt = an.GetPublicKeyToken ();
if (pkt == null) {
Console.WriteLine ("{0} does not represent a strongly named assembly.", args [i - 1]);
} else {
Console.WriteLine ("Public Key Token: " + ToString (pkt));
}
break;
case "-Tp":
// Show public key and public key token from assembly
an = AssemblyName.GetAssemblyName (args [i++]);
byte [] token = an.GetPublicKeyToken ();
if (token == null) {
Console.WriteLine ("{0} does not represent a strongly named assembly.", args [i - 1]);
} else {
Console.WriteLine ("Public Key:" + ToString (an.GetPublicKey ()));
Console.WriteLine ("{0}Public Key Token: " + ToString (token), Environment.NewLine);
}
break;
case "-v":
filename = args [i++];
return Verify (filename, false, quiet);
case "-vf":
filename = args [i++];
return Verify (filename, true, quiet); // force verification
case "-Vl":
Console.WriteLine (new StrongNameManager ().ToString ());
break;
case "-Vr":
Console.WriteLine ("Unimplemented option");
break;
case "-Vu":
Console.WriteLine ("Unimplemented option");
break;
case "-Vx":
// we must remove <verificationSettings> from each config files
Console.WriteLine ("Unimplemented option");
break;
case "-?":
case "-h":
Help ((i < args.Length) ? args [i] : null);
break;
default:
if (!quiet)
Console.WriteLine ("Unknown option {0}", args [i-1]);
return 1;
}
return 0;
}
[STAThread]
static int Main (string[] args)
{
try {
if (args.Length < 1) {
Header ();
Help (null);
} else {
return Process (args);
}
}
catch (IndexOutOfRangeException) {
Console.WriteLine ("ERROR: Invalid number of parameters.{0}", Environment.NewLine);
Help (null);
}
catch (CryptographicException ce) {
Console.WriteLine ("ERROR: {0}", ce.Message);
}
catch (Exception e) {
Console.WriteLine ("ERROR: Unknown error during processing: {0}", e);
}
return 1;
}
}
}