Minor refactorings and breaking out new rules.

Author: vcsjones

AuthenticodeLint/AuthenticodeLint.csproj

@@ -3,10 +3,19 @@
     <OutputType>WinExe</OutputType>
     <AssemblyName>authlint</AssemblyName>
     <TargetFramework>netcoreapp2.1</TargetFramework>
-    <VersionPrefix>0.11.0</VersionPrefix>
+    <VersionPrefix>0.12.0</VersionPrefix>
     <Authors>Kevin Jones</Authors>
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
-    <Copyright>Kevin Jones 2016-2017</Copyright>
+    <Copyright>Kevin Jones 2016-2018</Copyright>
+    <PackAsTool>true</PackAsTool>
+    <ToolCommandName>authlint</ToolCommandName>
+    <Description>Authenticode Lint is a Windows command-line tool for linting an examining an Authenticode signed file.</Description>
+    <Authors>Kevin Jones</Authors>
+    <PackageTags>authenticode</PackageTags>
+    <PackageProjectUrl>https://github.com/vcsjones/AuthenticodeLint</PackageProjectUrl>
+    <RepositoryUrl>https://github.com/vcsjones/AuthenticodeLint</RepositoryUrl>
+    <PublishRepositoryUrl>true</PublishRepositoryUrl>
+    <EmbedUntrackedSources>true</EmbedUntrackedSources>
   </PropertyGroup>
   <ItemGroup>
     <PackageReference Include="AuthenticodeExaminer" Version="0.3.0" />

AuthenticodeLint/KnownOids.cs

@@ -8,14 +8,6 @@ public static class X509Algorithms
             public const string Ecc = "1.2.840.10045.2.1";
         }
 
-        public static class EccCurves
-        {
-            public const string EcdsaP256 = "1.2.840.10045.3.1.7";
-            public const string EcdsaP384 = "1.3.132.0.34";
-            public const string EcdsaP521 = "1.3.132.0.35";
-        }
-
-
         public const string SHA1 = "1.3.14.3.2.26";
         public const string SHA256 = "2.16.840.1.101.3.4.2.1";
         public const string SHA384 = "2.16.840.1.101.3.4.2.2";

AuthenticodeLint/Program.cs

@@ -3,13 +3,19 @@
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
+using System.Runtime.InteropServices;
 
 namespace AuthenticodeLint
 {
     class Program
     {
         static int Main(string[] args)
         {
+            if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                Console.Error.WriteLine("AuthenticodeLint is only supported on Windows.");
+                return ExitCodes.PlatformNotSupported;
+            }
             var cli = Environment.CommandLine;
             List<CommandLineParameter> parsedCommandLine;
             try
@@ -206,9 +212,10 @@ Checks the Authenticode signature of your binaries.
 
     internal static class ExitCodes
     {
-        public static int Success { get; } = 0;
-        public static int InvalidInputOrConfig { get; } = 1;
-        public static int ChecksFailed { get; } = 2;
-        public static int UnknownResults { get; } = 0xFF;
+        public static int Success => 0;
+        public static int InvalidInputOrConfig => 1;
+        public static int ChecksFailed => 2;
+        public static int UnknownResults => 0xFF;
+        public static int PlatformNotSupported => unchecked((int)0x80131539);
     }
 }

AuthenticodeLint/Rules/10000-Sha1PrimarySignatureRule.cs

@@ -5,25 +5,20 @@ namespace AuthenticodeLint.Rules
 {
     public class Sha1PrimarySignatureRule : IAuthenticodeSignatureRule
     {
-        public int RuleId { get; } = 10000;
+        public int RuleId => 10000;
 
-        public string RuleName { get; } = "Primary SHA1";
+        public string RuleName => "Primary SHA1";
 
-        public string ShortDescription { get; } = "Primary signature should be SHA1.";
+        public string ShortDescription => "Primary signature should be SHA1.";
 
-        public RuleSet RuleSet { get; } = RuleSet.Compat;
+        public RuleSet RuleSet => RuleSet.Compat;
 
         public RuleResult Validate(IReadOnlyList<ICmsSignature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)
         {
             if (graph.Count == 0)
             {
                 return RuleResult.Fail;
             }
-            if (graph.Count > 1)
-            {
-                verboseWriter.LogMessage("Multiple primary signatures exist.");
-                return RuleResult.Fail;
-            }
             var primary = graph[0];
             if (primary.DigestAlgorithm.Value != KnownOids.SHA1)
             {

AuthenticodeLint/Rules/10001-Sha2SignatureExistsRule.cs

@@ -6,13 +6,13 @@ namespace AuthenticodeLint.Rules
 {
     public class Sha2SignatureExistsRule : IAuthenticodeSignatureRule
     {
-        public int RuleId { get; } = 10001;
+        public int RuleId => 10001;
 
-        public string RuleName { get; } = "SHA2 Signed";
+        public string RuleName => "SHA2 Signed";
 
-        public string ShortDescription { get; } = "A SHA2 signature should exist.";
+        public string ShortDescription => "A SHA2 signature should exist.";
 
-        public RuleSet RuleSet { get; } = RuleSet.All;
+        public RuleSet RuleSet => RuleSet.All;
 
         public RuleResult Validate(IReadOnlyList<ICmsSignature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)
         {

AuthenticodeLint/Rules/10002-NoWeakFileDigestAlgorithmsRule.cs

@@ -5,13 +5,13 @@ namespace AuthenticodeLint.Rules
 {
     public class NoWeakFileDigestAlgorithmsRule : IAuthenticodeSignatureRule
     {
-        public int RuleId { get; } = 10002;
+        public int RuleId => 10002;
 
-        public string RuleName { get; } = "No Weak File Digests";
+        public string RuleName => "No Weak File Digests";
 
-        public string ShortDescription { get; } = "Checks for weak file digest algorithms.";
+        public string ShortDescription => "Checks for weak file digest algorithms.";
 
-        public RuleSet RuleSet { get; } = RuleSet.All;
+        public RuleSet RuleSet => RuleSet.All;
 
         public RuleResult Validate(IReadOnlyList<ICmsSignature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)
         {

AuthenticodeLint/Rules/10003-TimestampedRule.cs

@@ -7,13 +7,13 @@ namespace AuthenticodeLint.Rules
 {
     public class TimestampedRule : IAuthenticodeSignatureRule
     {
-        public int RuleId { get; } = 10003;
+        public int RuleId => 10003;
 
-        public string RuleName { get; } = "Timestamped Rule";
+        public string RuleName => "Timestamped Rule";
 
-        public string ShortDescription { get; } = "Signatures should have a timestamp counter signer.";
+        public string ShortDescription => "Signatures should have a timestamp counter signer.";
 
-        public RuleSet RuleSet { get; } = RuleSet.All;
+        public RuleSet RuleSet => RuleSet.All;
 
         public RuleResult Validate(IReadOnlyList<ICmsSignature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)
         {

AuthenticodeLint/Rules/10004-PublisherInformationRule.cs

@@ -6,13 +6,13 @@ namespace AuthenticodeLint.Rules
 {
     public class PublisherInformationPresentRule : IAuthenticodeSignatureRule
     {
-        public int RuleId { get; } = 10004;
+        public int RuleId => 10004;
 
-        public string RuleName { get; } = "Publisher Information Present";
+        public string RuleName => "Publisher Information Present";
 
-        public string ShortDescription { get; } = "Checks that the signature provided publisher information.";
+        public string ShortDescription => "Checks that the signature provided publisher information.";
 
-        public RuleSet RuleSet { get; } = RuleSet.All;
+        public RuleSet RuleSet => RuleSet.All;
 
         public RuleResult Validate(IReadOnlyList<ICmsSignature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)
         {

AuthenticodeLint/Rules/10005-PublisherInformationUrlHttpsRule.cs

@@ -6,13 +6,13 @@ namespace AuthenticodeLint.Rules
 {
     public class PublisherInformationUrlHttpsRule : IAuthenticodeSignatureRule
     {
-        public int RuleId { get; } = 10005;
+        public int RuleId => 10005;
 
-        public string RuleName { get; } = "Publisher Information URL HTTPS Rule";
+        public string RuleName => "Publisher Information URL HTTPS Rule";
 
-        public string ShortDescription { get; } = "Checks that the signature uses HTTPS for the publisher's URL.";
+        public string ShortDescription => "Checks that the signature uses HTTPS for the publisher's URL.";
 
-        public RuleSet RuleSet { get; } = RuleSet.All;
+        public RuleSet RuleSet => RuleSet.All;
 
         public RuleResult Validate(IReadOnlyList<ICmsSignature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)
         {

AuthenticodeLint/Rules/10006-SigningCertificateDigestAlgorithmRule.cs

@@ -5,13 +5,13 @@ namespace AuthenticodeLint.Rules
 {
     public class SigningCertificateDigestAlgorithmRule : CertificateChainRuleBase
     {
-        public override int RuleId { get; } = 10006;
+        public override int RuleId => 10006;
 
-        public override string RuleName { get; } = "Strong Certificate Chain";
+        public override string RuleName => "Strong Certificate Chain";
 
-        public override string ShortDescription { get; } = "Checks the signing certificate's and chain's signature algorithm.";
+        public override string ShortDescription => "Checks the signing certificate's and chain's signature algorithm.";
 
-        public override RuleSet RuleSet { get; } = RuleSet.All;
+        public override RuleSet RuleSet => RuleSet.All;
 
         protected override bool ValidateChain(ICmsSignature signer, X509Chain chain, SignatureLogger verboseWriter)
         {