vcsjones
diff --git a/‎.editorconfig
Lines changed: 117 additions & 0 deletions b/‎.editorconfig
Lines changed: 117 additions & 0 deletions
diff --git a/‎AuthenticodeLint/CheckEngine.cs
Lines changed: 18 additions & 6 deletions b/‎AuthenticodeLint/CheckEngine.cs
Lines changed: 18 additions & 6 deletions
diff --git a/‎Directory.Build.props
Lines changed: 0 additions & 5 deletions b/‎Directory.Build.props
Lines changed: 0 additions & 5 deletions
diff --git a/‎build/build.proj
Lines changed: 0 additions & 56 deletions b/‎build/build.proj
Lines changed: 0 additions & 56 deletions
diff --git a/‎build/build.ps1
Lines changed: 78 additions & 0 deletions b/‎build/build.ps1
Lines changed: 78 additions & 0 deletions
@@ -0,0 +1,117 @@
+# To learn more about .editorconfig see https://aka.ms/editorconfigdocs
+###############################
+# Core EditorConfig Options   #
+###############################
+# All files
+[*]
+indent_style = space
+# Code files
+[*.{cs,csx,vb,vbx}]
+indent_size = 4
+insert_final_newline = true
+charset = utf-8
+###############################
+# .NET Coding Conventions     #
+###############################
+[*.{cs,vb}]
+# Organize usings
+dotnet_sort_system_directives_first = true
+# this. preferences
+dotnet_style_qualification_for_field = false:silent
+dotnet_style_qualification_for_property = false:silent
+dotnet_style_qualification_for_method = false:silent
+dotnet_style_qualification_for_event = false:silent
+# Language keywords vs BCL types preferences
+dotnet_style_predefined_type_for_locals_parameters_members = true:silent
+dotnet_style_predefined_type_for_member_access = true:silent
+# Parentheses preferences
+dotnet_style_parentheses_in_arithmetic_binary_operators = always_for_clarity:silent
+dotnet_style_parentheses_in_relational_binary_operators = always_for_clarity:silent
+dotnet_style_parentheses_in_other_binary_operators = always_for_clarity:silent
+dotnet_style_parentheses_in_other_operators = never_if_unnecessary:silent
+# Modifier preferences
+dotnet_style_require_accessibility_modifiers = for_non_interface_members:silent
+dotnet_style_readonly_field = true:suggestion
+# Expression-level preferences
+dotnet_style_object_initializer = true:suggestion
+dotnet_style_collection_initializer = true:suggestion
+dotnet_style_explicit_tuple_names = true:suggestion
+dotnet_style_null_propagation = true:suggestion
+dotnet_style_coalesce_expression = true:suggestion
+dotnet_style_prefer_is_null_check_over_reference_equality_method = true:silent
+dotnet_style_prefer_inferred_tuple_names = true:suggestion
+dotnet_style_prefer_inferred_anonymous_type_member_names = true:suggestion
+dotnet_style_prefer_auto_properties = true:silent
+dotnet_style_prefer_conditional_expression_over_assignment = true:silent
+dotnet_style_prefer_conditional_expression_over_return = true:silent
+###############################
+# Naming Conventions          #
+###############################
+# Style Definitions
+dotnet_naming_style.pascal_case_style.capitalization             = pascal_case
+# Use PascalCase for constant fields
+dotnet_naming_rule.constant_fields_should_be_pascal_case.severity = suggestion
+dotnet_naming_rule.constant_fields_should_be_pascal_case.symbols  = constant_fields
+dotnet_naming_rule.constant_fields_should_be_pascal_case.style    = pascal_case_style
+dotnet_naming_symbols.constant_fields.applicable_kinds            = field
+dotnet_naming_symbols.constant_fields.applicable_accessibilities  = *
+dotnet_naming_symbols.constant_fields.required_modifiers          = const
+###############################
+# C# Coding Conventions       #
+###############################
+[*.cs]
+# var preferences
+csharp_style_var_for_built_in_types = true:silent
+csharp_style_var_when_type_is_apparent = true:silent
+csharp_style_var_elsewhere = true:silent
+# Expression-bodied members
+csharp_style_expression_bodied_methods = false:silent
+csharp_style_expression_bodied_constructors = false:silent
+csharp_style_expression_bodied_operators = false:silent
+csharp_style_expression_bodied_properties = true:silent
+csharp_style_expression_bodied_indexers = true:silent
+csharp_style_expression_bodied_accessors = true:silent
+# Pattern matching preferences
+csharp_style_pattern_matching_over_is_with_cast_check = true:suggestion
+csharp_style_pattern_matching_over_as_with_null_check = true:suggestion
+# Null-checking preferences
+csharp_style_throw_expression = true:suggestion
+csharp_style_conditional_delegate_call = true:suggestion
+# Modifier preferences
+csharp_preferred_modifier_order = public,private,protected,internal,static,extern,new,virtual,abstract,sealed,override,readonly,unsafe,volatile,async:suggestion
+# Expression-level preferences
+csharp_prefer_braces = true:silent
+csharp_style_deconstructed_variable_declaration = true:suggestion
+csharp_prefer_simple_default_expression = true:suggestion
+csharp_style_pattern_local_over_anonymous_function = true:suggestion
+csharp_style_inlined_variable_declaration = true:suggestion
+###############################
+# C# Formatting Rules         #
+###############################
+# New line preferences
+csharp_new_line_before_open_brace = all
+csharp_new_line_before_else = true
+csharp_new_line_before_catch = true
+csharp_new_line_before_finally = true
+csharp_new_line_before_members_in_object_initializers = true
+csharp_new_line_before_members_in_anonymous_types = true
+csharp_new_line_between_query_expression_clauses = true
+# Indentation preferences
+csharp_indent_case_contents = true
+csharp_indent_switch_labels = true
+csharp_indent_labels = flush_left
+# Space preferences
+csharp_space_after_cast = false
+csharp_space_after_keywords_in_control_flow_statements = true
+csharp_space_between_method_call_parameter_list_parentheses = false
+csharp_space_between_method_declaration_parameter_list_parentheses = false
+csharp_space_between_parentheses = false
+csharp_space_before_colon_in_inheritance_clause = true
+csharp_space_after_colon_in_inheritance_clause = true
+csharp_space_around_binary_operators = before_and_after
+csharp_space_between_method_declaration_empty_parameter_list_parentheses = false
+csharp_space_between_method_call_name_and_opening_parenthesis = false
+csharp_space_between_method_call_empty_parameter_list_parentheses = false
+# Wrapping preferences
+csharp_preserve_single_line_statements = true
+csharp_preserve_single_line_blocks = true
@@ -17,12 +17,24 @@ static CheckEngine()
 
         public IReadOnlyList<IAuthenticodeRule> GetRules()
         {
-            return (from type in typeof(IAuthenticodeRule).Assembly.GetExportedTypes()
-                    where typeof(IAuthenticodeRule).IsAssignableFrom(type) && type.GetConstructor(Type.EmptyTypes) != null
-                    let instance = (IAuthenticodeRule)Activator.CreateInstance(type)! // We know this should not be null.
-                    orderby instance.RuleId
-                    select instance
-                    ).ToList();
+            return
+            [
+                new Sha1PrimarySignatureRule(),
+                new Sha2SignatureExistsRule(),
+                new NoWeakFileDigestAlgorithmsRule(),
+                new TimestampedRule(),
+                new PublisherInformationPresentRule(),
+                new PublisherInformationUrlHttpsRule(),
+                new SigningCertificateDigestAlgorithmRule(),
+                new TrustedSignatureRule(),
+                new WinCertificatePaddingRule(),
+                new NoUnknownUnsignedAttibuteRule(),
+                new StrongKeyLengthRule(),
+                new RsaDsaPrimarySignatureRule(),
+                new MaxKeyLengthRule(),
+                new SinglePrimarySignatureRule(),
+                new NoSha1Rule(),
+            ];
         }
 
         public RuleEngineResult RunAllRules(string file, IReadOnlyList<ICmsSignature> signatures, List<IRuleResultCollector> collectors, CheckConfiguration configuration)
 
@@ -0,0 +1,78 @@
+# PowerShell < 7 does not handle ZIP files correctly.
+if ($PSVersionTable.PSVersion.Major -lt 7) {
+    throw "This script requires PowerShell 7 or higher."
+}
+
+$rootDir = $MyInvocation.MyCommand.Path
+
+if (!$rootDir) {
+    $rootDir = $psISE.CurrentFile.Fullpath
+}
+
+if ($rootDir)  {
+    foreach($i in 1..2) {
+        $rootDir = Split-Path $rootDir -Parent
+    }
+}
+else {
+    throw 'Could not determine root directory of project.'
+}
+
+if (![bool](Get-Command -ErrorAction Stop -Type Application dotnet)) {
+    throw 'dotnet SDK could not be found.'
+}
+
+$winKitDir = Get-ItemPropertyValue 'HKLM:\SOFTWARE\Microsoft\Windows Kits\Installed Roots' 'KitsRoot10'
+
+if (!$winKitDir -or !(Test-Path -Path $winKitDir)) {
+    throw 'Windows SDK path is not found.'
+}
+
+$sdkVersion = Get-ChildItem -Path 'HKLM:\SOFTWARE\Microsoft\Windows Kits\Installed Roots' | Sort-Object Name -Descending | Select-Object -ExpandProperty PSChildName -First 1
+$sdkPath = Join-Path -Path $winKitDir -ChildPath 'bin'
+$sdkPath = Join-Path -Path $sdkPath -ChildPath $sdkVersion
+
+$architecture = [System.Environment]::GetEnvironmentVariable("PROCESSOR_ARCHITECTURE")
+$archDirName = switch ($architecture) {
+    'ARM64' { 'arm64' }
+    'x86' { 'x86' }
+    'AMD64' { 'x64' }
+    Default { throw 'Unknown architecture' }
+}
+
+$sdkBinPath = Join-Path -Path $sdkPath -ChildPath $archDirName
+$objDir = Join-Path -Path $rootDir -ChildPath 'obj'
+$outDir = Join-Path -Path $rootDir -ChildPath 'out'
+
+pushd $rootDir
+
+Remove-Item -Path $objDir -Recurse -Force -ErrorAction SilentlyContinue
+New-Item -Path $objDir -ItemType Directory
+
+Remove-Item -Path $outDir -Recurse -Force -ErrorAction SilentlyContinue
+New-Item -Path $outDir -ItemType Directory
+
+dotnet pack -p:OutputFileNamesWithoutVersion=true -p:ContinuousIntegrationBuild=true -c Release -o $objDir AuthenticodeLint\AuthenticodeLint.csproj
+
+Expand-Archive -Path $objDir\AuthenticodeLint.nupkg -DestinationPath $objDir\AuthenticodeLint.nupkg.dir
+
+Remove-Item -Path $objDir\AuthenticodeLint.nupkg
+
+& "$sdkBinPath\signtool.exe" sign /d "AuthenticodeLint"  /sha1 73f0844a95e35441a676cd6be1e79a3cd51d00b4 /fd SHA384 /td SHA384 /tr "http://timestamp.digicert.com" /du "https://github.com/vcsjones/AuthenticodeLint" "$objDir\AuthenticodeLint.nupkg.dir\tools\net8.0\any\authlint.dll"
+
+Compress-Archive -Path "$objDir\AuthenticodeLint.nupkg.dir\*" -DestinationPath "$objDir\AuthenticodeLint.nupkg"
+
+dotnet nuget sign --certificate-fingerprint 68821304869e065c24e0684eb43bf974e124642f3437f2ff494a93bb371d029a --hash-algorithm SHA384 --timestamper "http://timestamp.digicert.com" --overwrite "$objDir\AuthenticodeLint.nupkg"
+
+Copy-Item -Path "$objDir\AuthenticodeLint.nupkg" -Destination "$outDir\AuthenticodeLint.nupkg"
+
+dotnet publish -c Release -r win-arm64 -p:ContinuousIntegrationBuild=true -o "$objDir\AuthenticodeLint-arm64" .\AuthenticodeLint\AuthenticodeLint.csproj
+dotnet publish -c Release -r win-x64 -p:ContinuousIntegrationBuild=true -o "$objDir\AuthenticodeLint-x64" .\AuthenticodeLint\AuthenticodeLint.csproj
+
+& "$sdkBinPath\signtool.exe" sign /d "AuthenticodeLint"  /sha1 73f0844a95e35441a676cd6be1e79a3cd51d00b4 /fd SHA384 /td SHA384 /tr "http://timestamp.digicert.com" /du "https://github.com/vcsjones/AuthenticodeLint" "$objDir\AuthenticodeLint-x64\authlint.exe"
+& "$sdkBinPath\signtool.exe" sign /d "AuthenticodeLint"  /sha1 73f0844a95e35441a676cd6be1e79a3cd51d00b4 /fd SHA384 /td SHA384 /tr "http://timestamp.digicert.com" /du "https://github.com/vcsjones/AuthenticodeLint" "$objDir\AuthenticodeLint-arm64\authlint.exe"
+
+Copy-Item -Path "$objDir\AuthenticodeLint-x64\authlint.exe" -Destination "$outDir\authlint-x64.exe"
+Copy-Item -Path "$objDir\AuthenticodeLint-arm64\authlint.exe" -Destination "$outDir\authlint-arm64.exe"
+
+popd