Update to .NET 8

vcsjones · Dec 13, 2023 · 38936f6 · 38936f6
1 parent c0c8b77
commit 38936f6
Show file tree

Hide file tree

Showing 13 changed files with 70 additions and 100 deletions.
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -7,9 +7,9 @@ jobs:
   build:
     runs-on: windows-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
       name: Checkout
-    - uses: actions/setup-dotnet@v1
+    - uses: actions/setup-dotnet@v4
       with:
-        dotnet-version: '6.0'
+        dotnet-version: '8.0'
     - run: dotnet test
diff --git a/Directory.Build.props b/Directory.Build.props
@@ -11,12 +11,8 @@
         <AllowedOutputExtensionsInPackageBuildOutputFolder>$(AllowedOutputExtensionsInPackageBuildOutputFolder);.pdb</AllowedOutputExtensionsInPackageBuildOutputFolder>
         <Deterministic>true</Deterministic>
     </PropertyGroup>
-    
+
     <PropertyGroup Condition="'$(GITHUB_ACTIONS)' == 'true'">
       <ContinuousIntegrationBuild>true</ContinuousIntegrationBuild>
     </PropertyGroup>
-
-   <ItemGroup>
-        <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.0.0" PrivateAssets="All"/>
-  </ItemGroup>
 </Project>
diff --git a/src/AzureSign.Core/AlgorithmTranslator.cs b/src/AzureSign.Core/AlgorithmTranslator.cs
@@ -7,32 +7,26 @@ internal static class AlgorithmTranslator
     {
         public static uint HashAlgorithmToAlgId(HashAlgorithmName hashAlgorithmName)
         {
-            if (hashAlgorithmName.Name == HashAlgorithmName.SHA1.Name)
-                return 0x00008004;
-            if (hashAlgorithmName.Name == HashAlgorithmName.SHA256.Name)
-                return 0x0000800c;
-            if (hashAlgorithmName.Name == HashAlgorithmName.SHA384.Name)
-                return 0x0000800d;
-            if (hashAlgorithmName.Name == HashAlgorithmName.SHA512.Name)
-                return 0x0000800e;
-            throw new NotSupportedException("The algorithm specified is not supported.");
+            return hashAlgorithmName.Name switch
+            {
+                nameof(HashAlgorithmName.SHA1) => 0x00008004,
+                nameof(HashAlgorithmName.SHA256) => 0x0000800c,
+                nameof(HashAlgorithmName.SHA384) => 0x0000800d,
+                nameof(HashAlgorithmName.SHA512) => 0x0000800e,
+                _ => throw new NotSupportedException("The algorithm specified is not supported."),
+            };
         }
 
         public static ReadOnlySpan<byte> HashAlgorithmToOidAsciiTerminated(HashAlgorithmName hashAlgorithmName)
         {
-            if (hashAlgorithmName.Name == HashAlgorithmName.SHA1.Name)
-                //1.3.14.3.2.26
-                return new byte[] { 0x31, 0x2e, 0x33, 0x2e, 0x31, 0x34, 0x2e, 0x33, 0x2e, 0x32, 0x2e, 0x32, 0x36, 0x00 };
-            if (hashAlgorithmName.Name == HashAlgorithmName.SHA256.Name)
-                //2.16.840.1.101.3.4.2.1
-                return new byte[] { 0x32, 0x2e, 0x31, 0x36, 0x2e, 0x38, 0x34, 0x30, 0x2e, 0x31, 0x2e, 0x31, 0x30, 0x31, 0x2e, 0x33, 0x2e, 0x34, 0x2e, 0x32, 0x2e, 0x31, 0x00 };
-            if (hashAlgorithmName.Name == HashAlgorithmName.SHA384.Name)
-                //2.16.840.1.101.3.4.2.2
-                return new byte[] { 0x32, 0x2e, 0x31, 0x36, 0x2e, 0x38, 0x34, 0x30, 0x2e, 0x31, 0x2e, 0x31, 0x30, 0x31, 0x2e, 0x33, 0x2e, 0x34, 0x2e, 0x32, 0x2e, 0x32, 0x00 };
-            if (hashAlgorithmName.Name == HashAlgorithmName.SHA512.Name)
-                //2.16.840.1.101.3.4.2.3
-                return new byte[] { 0x32, 0x2e, 0x31, 0x36, 0x2e, 0x38, 0x34, 0x30, 0x2e, 0x31, 0x2e, 0x31, 0x30, 0x31, 0x2e, 0x33, 0x2e, 0x34, 0x2e, 0x32, 0x2e, 0x33, 0x00 };
-            throw new NotSupportedException("The algorithm specified is not supported.");
+            return hashAlgorithmName.Name switch
+            {
+                nameof(HashAlgorithmName.SHA1) => "1.3.14.3.2.26\0"u8,
+                nameof(HashAlgorithmName.SHA256) => "2.16.840.1.101.3.4.2.1\0"u8,
+                nameof(HashAlgorithmName.SHA384) => "2.16.840.1.101.3.4.2.2\0"u8,
+                nameof(HashAlgorithmName.SHA512) => "2.16.840.1.101.3.4.2.3\0"u8,
+                _ => throw new NotSupportedException("The algorithm specified is not supported."),
+            };
         }
     }
 }
diff --git a/src/AzureSign.Core/AuthenticodeKeyVaultSigner.cs b/src/AzureSign.Core/AuthenticodeKeyVaultSigner.cs
@@ -20,7 +20,7 @@ public class AuthenticodeKeyVaultSigner : IDisposable
         private readonly MemoryCertificateStore _certificateStore;
         private readonly X509Chain _chain;
         private readonly SignCallback _signCallback;
-        private static readonly Version _win11Version = new Version(10, 0, 22000);
+        private static readonly Version _win11Version = new(10, 0, 22000);
 
 
         /// <summary>
@@ -103,7 +103,7 @@ static char[] NullTerminate(ReadOnlySpan<char> str)
             {
                 if (Environment.OSVersion.Version < _win11Version)
                 {
-                    // must throw, if continued SignerSignEx3 might return no error, but fail with the task, we must prevent this silent corruption.
+                    // SignerSignEx3 silently succeeds with append on Windows 10 but does not actually append, so throw an error if we are not on Windows 11 or later.
                     throw new PlatformNotSupportedException("Appending signatures requires Windows 11 or later.");
                 }
                 if (_timeStampConfiguration.Type == TimeStampType.Authenticode)

diff --git a/src/AzureSign.Core/AzureSign.Core.csproj b/src/AzureSign.Core/AzureSign.Core.csproj
@@ -4,15 +4,15 @@
     <TargetFramework>netstandard2.0</TargetFramework>
     <Description>Authenticode signing library.</Description>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
-    <RuntimeIdentifiers>win10-x64;win10-x86</RuntimeIdentifiers>
+    <RuntimeIdentifiers>win-x64;win-x86;win-arm64</RuntimeIdentifiers>
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
     <MinVerTagPrefix>v</MinVerTagPrefix>
     <Nullable>enable</Nullable>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Logging" Version="6.0.0" />
-    <PackageReference Include="MinVer" Version="4.2.0">
+    <PackageReference Include="Microsoft.Extensions.Logging" Version="8.0.0" />
+    <PackageReference Include="MinVer" Version="4.3.0">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>

diff --git a/src/AzureSign.Core/Interop/crypt32.cs b/src/AzureSign.Core/Interop/crypt32.cs
@@ -26,20 +26,12 @@ public static extern IntPtr CertOpenStore
     }
 
     [type: StructLayout(LayoutKind.Sequential)]
-    internal struct SIGNER_CERT_STORE_INFO
+    internal struct SIGNER_CERT_STORE_INFO(IntPtr pSigningCert, SignerCertStoreInfoFlags dwCertPolicy, IntPtr hCertStore)
     {
-        public uint cbSize;
-        public IntPtr pSigningCert;
-        public SignerCertStoreInfoFlags dwCertPolicy;
-        public IntPtr hCertStore;
-
-        public SIGNER_CERT_STORE_INFO(IntPtr pSigningCert, SignerCertStoreInfoFlags dwCertPolicy, IntPtr hCertStore)
-        {
-            this.cbSize = (uint)Marshal.SizeOf<SIGNER_CERT_STORE_INFO>();
-            this.pSigningCert = pSigningCert;
-            this.dwCertPolicy = dwCertPolicy;
-            this.hCertStore = hCertStore;
-        }
+        public uint cbSize = (uint)Marshal.SizeOf<SIGNER_CERT_STORE_INFO>();
+        public IntPtr pSigningCert = pSigningCert;
+        public SignerCertStoreInfoFlags dwCertPolicy = dwCertPolicy;
+        public IntPtr hCertStore = hCertStore;
     }
 
     [type: Flags]

diff --git a/src/AzureSignTool/AccessTokenCredential.cs b/src/AzureSignTool/AccessTokenCredential.cs
@@ -1,8 +1,6 @@
 using Azure.Core;
 
 using System;
-using System.Collections.Generic;
-using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
 

diff --git a/src/AzureSignTool/AzureKeyVaultMaterializedConfiguration.cs b/src/AzureSignTool/AzureKeyVaultMaterializedConfiguration.cs
@@ -6,17 +6,5 @@
 
 namespace AzureSignTool
 {
-    public class AzureKeyVaultMaterializedConfiguration
-    {
-        public AzureKeyVaultMaterializedConfiguration(TokenCredential credential, X509Certificate2 publicCertificate, Uri keyId)
-        {
-            TokenCredential = credential;
-            KeyId = keyId;
-            PublicCertificate = publicCertificate;
-        }
-
-        public X509Certificate2 PublicCertificate { get; }
-        public TokenCredential TokenCredential { get; }
-        public Uri KeyId { get; }
-    }
+    public sealed record AzureKeyVaultMaterializedConfiguration(TokenCredential TokenCredential, X509Certificate2 PublicCertificate, Uri KeyId);
 }
diff --git a/src/AzureSignTool/AzureKeyVaultSignConfigurationSet.cs b/src/AzureSignTool/AzureKeyVaultSignConfigurationSet.cs
@@ -1,16 +1,15 @@
-
-using System;
+using System;
 
 namespace AzureSignTool
 {
     public sealed class AzureKeyVaultSignConfigurationSet
     {
-        public bool ManagedIdentity { get; set; }
-        public string AzureClientId { get; set; }
-        public string AzureClientSecret { get; set; }
-        public string AzureTenantId { get; set; }
-        public Uri AzureKeyVaultUrl { get; set; }
-        public string AzureKeyVaultCertificateName { get; set; }
-        public string AzureAccessToken { get; set; }       
+        public bool ManagedIdentity { get; init; }
+        public string AzureClientId { get; init; }
+        public string AzureClientSecret { get; init; }
+        public string AzureTenantId { get; init; }
+        public Uri AzureKeyVaultUrl { get; init; }
+        public string AzureKeyVaultCertificateName { get; init; }
+        public string AzureAccessToken { get; init; }
     }
 }
diff --git a/src/AzureSignTool/AzureSignTool.csproj b/src/AzureSignTool/AzureSignTool.csproj
@@ -1,22 +1,23 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
     <PackAsTool>true</PackAsTool>
     <ToolCommandName>azuresigntool</ToolCommandName>
     <Description>Azure Sign Tool is similar to signtool in the Windows SDK, with the major difference being that it uses Azure Key Vault for performing the signing process. The usage is like signtool, except with a limited set of options for signing and options for authenticating to Azure Key Vault.</Description>
-    <RuntimeIdentifiers>win10-x64;win10-x86;win10-arm;win10-arm64</RuntimeIdentifiers>
+    <RuntimeIdentifiers>win-x64;win-x86;win-arm64</RuntimeIdentifiers>
     <MinVerTagPrefix>v</MinVerTagPrefix>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Azure.Identity" Version="1.10.2" />
-    <PackageReference Include="Azure.Security.KeyVault.Certificates" Version="4.4.0" />
-    <PackageReference Include="McMaster.Extensions.CommandLineUtils" Version="3.0.0" />
-    <PackageReference Include="Microsoft.Extensions.Logging" Version="6.0.0" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="6.0.0" />
-    <PackageReference Include="MinVer" Version="4.2.0">
+    <PackageReference Include="Azure.Identity" Version="1.10.4" />
+    <PackageReference Include="Azure.Security.KeyVault.Certificates" Version="4.5.1" />
+    <PackageReference Include="McMaster.Extensions.CommandLineUtils" Version="4.1.0" />
+    <PackageReference Include="Microsoft.Extensions.Logging" Version="8.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="8.0.0" />
+    <PackageReference Include="MinVer" Version="4.3.0">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>

diff --git a/src/AzureSignTool/SignCommand.cs b/src/AzureSignTool/SignCommand.cs
@@ -16,6 +16,7 @@
 using System.Threading.Tasks;
 
 using static AzureSignTool.HRESULT;
+using AllowedValuesAttribute = McMaster.Extensions.CommandLineUtils.AllowedValuesAttribute;
 
 namespace AzureSignTool
 {
@@ -63,7 +64,7 @@ internal sealed class SignCommand
         public (bool Present, string Uri) AuthenticodeTimestamp { get; set; }
 
         [Option("-ac | --additional-certificates", "Specify one or more certificates to include in the public certificate chain.", CommandOptionType.MultipleValue), FileExists]
-        public string[] AdditionalCertificates { get; set; } = Array.Empty<string>();
+        public string[] AdditionalCertificates { get; set; } = [];
 
         [Option("-v | --verbose", "Include additional output.", CommandOptionType.NoValue)]
         public bool Verbose { get; set; }
@@ -97,7 +98,7 @@ internal sealed class SignCommand
 
         // We manually validate the file's existance with the --input-file-list. Don't validate here.
         [Argument(0, "file", "The path to the file.")]
-        public string[] Files { get; set; } = Array.Empty<string>();
+        public string[] Files { get; set; } = [];
 
         private HashSet<string> _allFiles;
         public HashSet<string> AllFiles
@@ -135,7 +136,7 @@ public LogLevel LogLevel
             }
         }
 
-        private ValidationResult OnValidate(ValidationContext context, CommandLineContext appContext)
+        private ValidationResult OnValidate()
         {
             if (PageHashing && NoPageHashing)
             {
@@ -191,7 +192,7 @@ private ValidationResult OnValidate(ValidationContext context, CommandLineContex
             return ValidationResult.Success;
         }
 
-        public int OnValidationError(ValidationResult result, CommandLineApplication<SignCommand> command, IConsole console)
+        public static int OnValidationError(ValidationResult result, CommandLineApplication<SignCommand> command, IConsole console)
         {
             console.ForegroundColor = ConsoleColor.Red;
             console.Error.WriteLine(result.ErrorMessage);
@@ -210,7 +211,7 @@ private void ConfigureLogging(ILoggingBuilder builder)
             builder.SetMinimumLevel(LogLevel);
         }
 
-        public async Task<int> OnExecuteAsync(CommandLineApplication app, IConsole console)
+        public async Task<int> OnExecuteAsync(IConsole console)
         {
             using (var loggerFactory = LoggerFactory.Create(ConfigureLogging))
             {
@@ -335,7 +336,7 @@ public async Task<int> OnExecuteAsync(CommandLineApplication app, IConsole conso
                             }
                             else
                             {
-                                logger.LogError($"Signing failed with error {result:X2}.");
+                                logger.LogError("Signing failed with error {result}.", $"{result:X2}");
                                 if (!ContinueOnError || AllFiles.Count == 1)
                                 {
                                     logger.LogInformation("Stopping file signing.");
@@ -351,8 +352,9 @@ public async Task<int> OnExecuteAsync(CommandLineApplication app, IConsole conso
                         Interlocked.Add(ref succeeded, result.succeeded);
                     });
                 }
-                logger.LogInformation($"Successful operations: {succeeded}");
-                logger.LogInformation($"Failed operations: {failed}");
+                logger.LogInformation("Successful operations: {succeeded}", succeeded);
+                logger.LogInformation("Failed operations: {failed}", failed);
+
                 if (failed > 0 && succeeded == 0)
                 {
                     return E_ALL_FAILED;
@@ -369,14 +371,14 @@ public async Task<int> OnExecuteAsync(CommandLineApplication app, IConsole conso
         }
 
         private static readonly string CodeSigningOid = "1.3.6.1.5.5.7.3.3";
-         
+
         public static bool IsSigned(string filePath)
         {
             try
             {
                 var certificate =  new X509Certificate2(X509Certificate.CreateFromSignedFile(filePath));
 
-                // check if file contains a code signing cert. 
+                // check if file contains a code signing cert.
                 // Note that this does not check validity of the signature
                 return certificate.Extensions
                     .Select(extension => extension as X509EnhancedKeyUsageExtension)
@@ -404,7 +406,7 @@ private static ErrorOr<X509Certificate2Collection> GetAdditionalCertificates(IEn
                         case X509ContentType.Authenticode:
                         case X509ContentType.SerializedCert:
                             var certificate = new X509Certificate2(path);
-                            logger.LogTrace($"Including additional certificate {certificate.Thumbprint}.");
+                            logger.LogTrace("Including additional certificate {thumbprint}.", certificate.Thumbprint);
                             collection.Add(certificate);
                             break;
                         default:

diff --git a/test/AzureSign.Core.Tests/AzureSign.Core.Tests.csproj b/test/AzureSign.Core.Tests/AzureSign.Core.Tests.csproj
@@ -1,15 +1,15 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
 
     <IsPackable>false</IsPackable>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.6.1" />
-    <PackageReference Include="xunit" Version="2.4.1" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.4.2">
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
+    <PackageReference Include="xunit" Version="2.6.2" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.5.4">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>

diff --git a/test/AzureSignTool.Tests/AzureSignTool.Tests.csproj b/test/AzureSignTool.Tests/AzureSignTool.Tests.csproj
@@ -1,15 +1,15 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>net6.0</TargetFrameworks>
+    <TargetFrameworks>net8.0</TargetFrameworks>
 
     <IsPackable>false</IsPackable>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.0.0" />
-    <PackageReference Include="xunit" Version="2.4.1" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.4.2">
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
+    <PackageReference Include="xunit" Version="2.6.2" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.5.4">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>