Add first version of strong name signature signer

SigningService.Tests/.config/test/KeyVaultSettings.json

@@ -1,4 +1,5 @@
 {
-  "KeyId": "https://puszkipkeyvault.vault.azure.net/keys/FirstKey/fa220215edd84347bc9af7bafdaf1b5a",
-  "Algorithm" :  "RS256"
+    "Vault" : "https://puszkipkeyvault.vault.azure.net",
+    "KeyId": "https://puszkipkeyvault.vault.azure.net:443/keys/KrzyszekKey",
+    "Algorithm": "RS256"
 }

SigningService.Tests/Agents/KeyVaultAgentSpecs.cs

@@ -0,0 +1,56 @@
+using Its.Configuration;
+using SigningService.Agents;
+using SigningService.Models;
+using SigningService.Signers.StrongName;
+using SigningService.Tests.Utils;
+using System.IO;
+using System.Threading.Tasks;
+using Xunit;
+using Xunit.Abstractions;
+using FluentAssertions;
+using SigningService.Services.Configuration;
+
+namespace SigningService.Tests
+{
+    public class KeyVaultAgentSpecs
+    {
+        private readonly ITestOutputHelper output;
+
+        public KeyVaultAgentSpecs(ITestOutputHelper output)
+        {
+            this.output = output;
+        }
+
+        public async Task<string> GetKeyVaultKeyId(Stream peImage)
+        {
+            string keyId = null;
+            using (peImage)
+            {
+                StrongNameSignerHelper sns = new StrongNameSignerHelper(peImage);
+
+                var keyVaultAgent = new KeyVaultAgent();
+                PublicKey publicKey = sns.SignaturePublicKeyBlob.PublicKey;
+                keyId = await keyVaultAgent.GetRsaKeyIdAsync(publicKey.Exponent, publicKey.Modulus);
+                output.WriteLine("KeyVault KeyId = {0}", keyId ?? "<None>");
+                output.WriteLine(sns.ToString());
+            }
+            return keyId;
+        }
+
+        [Fact]
+        public async void Test()
+        {
+            TestAssembly sha256 = new TestAssembly("TestLib.sha256.dll", null);
+            TestAssembly sha384 = new TestAssembly("TestLib.sha384.dll", null);
+            TestAssembly ppsha256delay = new TestAssembly("TestLib.delay.dll", null);
+            TestAssembly jscript = new TestAssembly("Microsoft.JScript.dll", null);
+
+            Settings.Precedence = new string [] { "test" };
+
+            (await GetKeyVaultKeyId(sha256.GetWritablePEImage())).Should().BeNull();
+            (await GetKeyVaultKeyId(sha384.GetWritablePEImage())).Should().BeNull();
+            (await GetKeyVaultKeyId(ppsha256delay.GetWritablePEImage())).Should().NotBeNull();
+            (await GetKeyVaultKeyId(jscript.GetWritablePEImage())).Should().BeNull();
+        }
+    }
+}

SigningService.Tests/SigningService.Tests.csproj

@@ -44,13 +44,28 @@
       <HintPath>..\packages\FluentAssertions.3.3.0\lib\net45\FluentAssertions.Core.dll</HintPath>
       <Private>True</Private>
     </Reference>
+    <Reference Include="Hyak.Common, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\packages\Hyak.Common.1.0.2\lib\net45\Hyak.Common.dll</HintPath>
+    </Reference>
     <Reference Include="Its.Configuration">
       <HintPath>..\packages\Its.Configuration.1.0.0-beta\lib\net40\Its.Configuration.dll</HintPath>
     </Reference>
     <Reference Include="Its.Log, Version=2.7.0.0, Culture=neutral, processorArchitecture=MSIL">
       <HintPath>..\packages\Its.Log.2.8.3\lib\net40\Its.Log.dll</HintPath>
       <Private>True</Private>
     </Reference>
+    <Reference Include="Microsoft.Azure.Common, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\packages\Microsoft.Azure.Common.2.0.4\lib\net45\Microsoft.Azure.Common.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.Azure.Common.NetFramework">
+      <HintPath>..\packages\Microsoft.Azure.Common.2.0.4\lib\net45\Microsoft.Azure.Common.NetFramework.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.Azure.KeyVault, Version=0.9.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\packages\Microsoft.Azure.KeyVault.0.9.1-preview\lib\net45\Microsoft.Azure.KeyVault.dll</HintPath>
+    </Reference>
     <Reference Include="Microsoft.CSharp" />
     <Reference Include="Microsoft.Owin, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.Owin.3.0.1\lib\net45\Microsoft.Owin.dll</HintPath>
@@ -72,7 +87,20 @@
       <HintPath>..\packages\Microsoft.Owin.MockSrevice.0.1.0.0\lib\net45\Microsoft.Owin.MockService.dll</HintPath>
       <Private>True</Private>
     </Reference>
+    <Reference Include="Microsoft.Threading.Tasks, Version=1.0.12.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\packages\Microsoft.Bcl.Async.1.0.168\lib\net40\Microsoft.Threading.Tasks.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.Threading.Tasks.Extensions">
+      <HintPath>..\packages\Microsoft.Bcl.Async.1.0.168\lib\net40\Microsoft.Threading.Tasks.Extensions.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.Threading.Tasks.Extensions.Desktop">
+      <HintPath>..\packages\Microsoft.Bcl.Async.1.0.168\lib\net40\Microsoft.Threading.Tasks.Extensions.Desktop.dll</HintPath>
+    </Reference>
     <Reference Include="Microsoft.VisualStudio.QualityTools.UnitTestFramework" />
+    <Reference Include="Moq">
+      <HintPath>..\packages\Moq.4.2.1502.0911\lib\net40\Moq.dll</HintPath>
+    </Reference>
     <Reference Include="Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
       <HintPath>..\packages\Newtonsoft.Json.6.0.8\lib\net45\Newtonsoft.Json.dll</HintPath>
       <Private>True</Private>
@@ -86,7 +114,15 @@
     <Reference Include="System.Configuration" />
     <Reference Include="System.Core" />
     <Reference Include="System.Data" />
+    <Reference Include="System.Net" />
     <Reference Include="System.Net.Http" />
+    <Reference Include="System.Net.Http.Extensions">
+      <HintPath>..\packages\Microsoft.Net.Http.2.2.22\lib\net45\System.Net.Http.Extensions.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Net.Http.Primitives">
+      <HintPath>..\packages\Microsoft.Net.Http.2.2.22\lib\net45\System.Net.Http.Primitives.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Net.Http.WebRequest" />
     <Reference Include="System.Web" />
     <Reference Include="System.Web.ApplicationServices" />
     <Reference Include="System.Web.Extensions" />
@@ -110,14 +146,19 @@
   </ItemGroup>
   <ItemGroup>
     <Compile Include="%28Its.Recipes%29\TestInputGenerator.cs" />
-    <Compile Include="KeyVaultAgentSpecs.cs" />
+    <Compile Include="Agents\KeyVaultAgentSpecs.cs" />
     <Compile Include="PackageAgentSpecs.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
     <Compile Include="Properties\Resources.Designer.cs">
       <AutoGen>True</AutoGen>
       <DesignTime>True</DesignTime>
       <DependentUpon>Resources.resx</DependentUpon>
     </Compile>
+    <Compile Include="StrongName\CounterSignatureVerificationTests.cs" />
+    <Compile Include="StrongName\StrongNameSignerHelperSpecs.cs" />
+    <Compile Include="StrongName\StrongNameSignerSpecs.cs" />
+    <Compile Include="Utils\TestAssembly.cs" />
+    <Compile Include="Utils\TestData.cs" />
   </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\SigningService\SigningService.csproj">
@@ -129,6 +170,18 @@
     <Content Include=".config\test\KeyVaultSettings.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </Content>
+    <EmbeddedResource Include="Resources\Microsoft.JScript.dll">
+      <LogicalName>Microsoft.JScript.dll</LogicalName>
+    </EmbeddedResource>
+    <EmbeddedResource Include="Resources\TestLib.sha256.dll">
+      <LogicalName>TestLib.sha256.dll</LogicalName>
+    </EmbeddedResource>
+    <EmbeddedResource Include="Resources\TestLib.sha384.dll">
+      <LogicalName>TestLib.sha384.dll</LogicalName>
+    </EmbeddedResource>
+    <EmbeddedResource Include="Resources\TestLib.delay.dll">
+      <LogicalName>TestLib.delay.dll</LogicalName>
+    </EmbeddedResource>
     <None Include=".config\test\ServiceIdentitySettings.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
@@ -152,6 +205,11 @@
     <Error Condition="!Exists('..\packages\xunit.core.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\xunit.core.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.props'))" />
     <Error Condition="!Exists('..\packages\xunit.runner.visualstudio.2.0.0\build\net20\xunit.runner.visualstudio.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\xunit.runner.visualstudio.2.0.0\build\net20\xunit.runner.visualstudio.props'))" />
   </Target>
+  <Import Project="..\packages\Microsoft.Bcl.Build.1.0.14\tools\Microsoft.Bcl.Build.targets" Condition="Exists('..\packages\Microsoft.Bcl.Build.1.0.14\tools\Microsoft.Bcl.Build.targets')" />
+  <Target Name="EnsureBclBuildImported" BeforeTargets="BeforeBuild" Condition="'$(BclBuildImported)' == ''">
+    <Error Condition="!Exists('..\packages\Microsoft.Bcl.Build.1.0.14\tools\Microsoft.Bcl.Build.targets')" Text="This project references NuGet package(s) that are missing on this computer. Enable NuGet Package Restore to download them.  For more information, see http://go.microsoft.com/fwlink/?LinkID=317567." HelpKeyword="BCLBUILD2001" />
+    <Error Condition="Exists('..\packages\Microsoft.Bcl.Build.1.0.14\tools\Microsoft.Bcl.Build.targets')" Text="The build restored NuGet packages. Build the project again to include these packages in the build. For more information, see http://go.microsoft.com/fwlink/?LinkID=317568." HelpKeyword="BCLBUILD2002" />
+  </Target>
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.
   <Target Name="BeforeBuild">

SigningService.Tests/StrongName/CounterSignatureVerificationTests.cs

@@ -0,0 +1,59 @@
+using FluentAssertions;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using Xunit;
+using SigningService.Extensions;
+using SigningService.Signers.StrongName;
+using Xunit.Abstractions;
+using System.Security.Cryptography;
+using SigningService.Tests.Utils;
+using System.IO;
+
+namespace SigningService.Tests.StrongName
+{
+    public class CounterSignatureVerificationTests : TestData
+    {
+        private readonly ITestOutputHelper output;
+
+        public CounterSignatureVerificationTests(ITestOutputHelper output)
+        {
+            this.output = output;
+        }
+
+        [Fact]
+        public void JScriptRawCounterSignatureVerification()
+        {
+            PublicKeyBlob identityKey = new PublicKeyBlob("002400000480000094000000060200000024000052534131000400000100010007d1fa57c4aed9f0a32e84aa0faefd0de9e8fd6aec8f87fb03766c834c99921eb23be79ad9d5dcc1dd9ad236132102900b723cf980957fc4e177108fc607774f29e8320e92ea05ece4e821c0a5efe8f1645c4c0c93c1ab99285d622caa652c1dfad63d745d6f2de5f17e5eaf0fc4963d261c8a12436518206dc093344d5ad293");
+            PublicKeyBlob signatureKey = new PublicKeyBlob("002400000c800000140100000602000000240000525341310008000001000100613399aff18ef1a2c2514a273a42d9042b72321f1757102df9ebada69923e2738406c21e5b801552ab8d200a65a235e001ac9adc25f2d811eb09496a4c6a59d4619589c69f5baf0c4179a47311d92555cd006acc8b5959f2bd6e10e360c34537a1d266da8085856583c85d81da7f3ec01ed9564c58d93d713cd0172c8e23a10f0239b80c96b07736f5d8b022542a4e74251a5f432824318b3539a5a087f8e53d2f135f9ca47f3bb2e10aff0af0849504fb7cea3ff192dc8de0edad64c68efde34c56d302ad55fd6e80f302d5efcdeae953658d3452561b5f36c542efdbdd9f888538d374cef106acf7d93a4445c3c73cd911f0571aaf3d54da12b11ddec375b3");
+            byte[] counterSignature = "6d4e780c84d2a4a29a743c058b19877a469ea2eb06a567c4ba7f7d071dc6e2b036008946af58f4003c48d92365d8ff0e5349dc9022a8cb435cadf8fe903543db6bdb6a10a2004313ce86c4494ab40d402136750d42d51434eef2aa38696b872f7d5d03dd26b1ab43313a8017f1215ece6a23113b9f206876806f18eee166a8a5".FromHexToByteArray();
+
+            identityKey.VerifyData(signatureKey.Blob, counterSignature).Should().BeTrue();
+        }
+
+        [Fact]
+        public void JScriptCounterSignatureVerification()
+        {
+            TestAssembly jscript = TestData.GetJScript();
+            using (Stream peImage = jscript.GetWritablePEImage())
+            {
+                StrongNameSignerHelper sns = new StrongNameSignerHelper(peImage);
+                sns.HasUniqueSignatureAndIdentityPublicKeyBlobs.Should().BeTrue();
+                sns.VerifyCounterSignature().Should().BeTrue();
+                sns.IdentityPublicKeyBlob.VerifyData(sns.SignaturePublicKeyBlob.Blob, sns.CounterSignature);
+            }
+        }
+
+        [Theory, MemberData("AllTestAssemblies")]
+        public void VerifyCounterSignatureOfAllAssemblies(TestAssembly assembly)
+        {
+            using (Stream peImage = assembly.GetWritablePEImage())
+            {
+                StrongNameSignerHelper sns = new StrongNameSignerHelper(peImage);
+                sns.VerifyCounterSignature().Should().BeTrue();
+            }
+        }
+    }
+}

SigningService.Tests/StrongName/StrongNameSignerHelperSpecs.cs

@@ -0,0 +1,60 @@
+using FluentAssertions;
+using Microsoft.Its.Recipes;
+using Moq;
+using SigningService.Agents;
+using SigningService.Extensions;
+using SigningService.Signers.StrongName;
+using SigningService.Tests.Utils;
+using System.IO;
+using System.Linq;
+using System.Threading.Tasks;
+using Xunit;
+using Xunit.Abstractions;
+
+namespace SigningService.Tests
+{
+    public class StrongNameSignerHelperSpecs : TestData
+    {
+        private readonly ITestOutputHelper output;
+
+        public StrongNameSignerHelperSpecs(ITestOutputHelper output)
+        {
+            this.output = output;
+        }
+
+        [Theory, MemberData("TestAssembliesWithKnownHash")]
+        public void Hash_test(TestAssembly testAssembly)
+        {
+            output.WriteLine("Assembly: {0}", testAssembly.ResourceName);
+
+            using (Stream outputPeImage = testAssembly.GetWritablePEImage())
+            {
+                StrongNameSignerHelper strongNameSigner = new StrongNameSignerHelper(outputPeImage);
+                output.WriteLine("Expected hash size: {0}", testAssembly.StrongNameSignatureHash.Length);
+                output.WriteLine("Expected hash: {0}", testAssembly.StrongNameSignatureHash.ToHex());
+                output.WriteLine(strongNameSigner.ToString());
+                strongNameSigner.ComputeHash().Should().BeEquivalentTo(testAssembly.StrongNameSignatureHash);
+            }
+        }
+
+        // Use this test method if sn.exe doesn't let you get the digest file from signed dll file
+        // After this test is finished you should see .nonsigned.dll files for each signed assembly in your output directory
+        [Theory(Skip = "Helper test method"), MemberData("AllTestAssemblies")]
+        public void Remove_signature_from_signed_assemblies_and_save_to_file(TestAssembly testAssembly)
+        {
+            using (Stream outputPeImage = testAssembly.GetWritablePEImage())
+            {
+                StrongNameSignerHelper strongNameSigner = new StrongNameSignerHelper(outputPeImage);
+                if (strongNameSigner.HasStrongNameSignature)
+                {
+                    strongNameSigner.RemoveStrongNameSignature();
+                    using (FileStream fs = new FileStream(testAssembly.ResourceName + ".nonsigned.dll", FileMode.Create, FileAccess.Write))
+                    {
+                        outputPeImage.Seek(0, SeekOrigin.Begin);
+                        outputPeImage.CopyTo(fs);
+                    }
+                }
+            }
+        }
+    }
+}