Merge pull request #79 from pusher/develop

Strong naming
pusher · Apr 14, 2021 · 1e8bd35 · 1e8bd35
2 parents 52388bc + 80cf294
commit 1e8bd35
Show file tree

Hide file tree

Showing 13 changed files with 167 additions and 5 deletions.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -13,11 +13,16 @@ jobs:
     - uses: actions/checkout@v2
     - name: Setup MS Build
       uses: microsoft/[email protected]
+    - name: Write code signing key
+      env:
+        CI_CODE_SIGN_KEY: ${{ secrets.CI_CODE_SIGN_KEY }}
+      run: |
+        ./StrongName/WritePusherKey.ps1
     - name: Restore dependencies
       run: nuget restore pusher-dotnet-server.sln
     - name: Build
-      run: msbuild /p:deterministic=true /p:msbuildArchitecture=x64 /p:configuration=Release pusher-dotnet-server.sln
+      run: msbuild /p:SignAssembly=true /p:deterministic=true /p:msbuildArchitecture=x64 /p:configuration=Release pusher-dotnet-server.sln
     - name: Pack
-      run: msbuild /t:Pack /p:configuration=release PusherServer/PusherServer.csproj
+      run: msbuild /t:Pack /p:SignAssembly=true /p:configuration=release PusherServer/PusherServer.csproj
     - name: Publish
       run: nuget push PusherServer\bin\release\PusherServer.*.nupkg -NonInteractive -Source https://api.nuget.org/v3/index.json -SkipDuplicate -ApiKey ${{ secrets.NUGET_API_KEY }}
diff --git a/.github/workflows/sign.yml b/.github/workflows/sign.yml
@@ -0,0 +1,28 @@
+name: Test signing
+
+on:
+  pull_request:
+  push:
+    branches: [ master, develop ]
+
+jobs:
+  build:
+
+    runs-on: windows-2019
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Setup MS Build
+      uses: microsoft/[email protected]
+    - name: Write code signing key
+      env:
+        CI_CODE_SIGN_KEY: ${{ secrets.CI_CODE_SIGN_KEY }}
+      run: |
+        ./StrongName/WritePusherKey.ps1
+    - name: Restore dependencies
+      run: nuget restore pusher-dotnet-server.sln
+    - name: Build
+      run: msbuild /p:SignAssembly=true /p:deterministic=true /p:msbuildArchitecture=x64 /p:configuration=Release pusher-dotnet-server.sln
+    - name: Pack
+      run: msbuild /t:Pack /p:SignAssembly=true /p:configuration=release PusherServer/PusherServer.csproj
+
diff --git a/.gitignore b/.gitignore
@@ -16,7 +16,8 @@ build
 msbuild.log
 *.nupkg
 .vs/
-PusherServer.Core/project.lock.json
+PusherServer.Core/project.lock.json
 *.userprefs
 TestResults/
-AppConfig.test.json
+AppConfig.test.json
+PusherServer.snk
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Changelog
 
+## 4.6.0
+* [ADDED] Strong name to the PusherServer assembly.
+
 ## 4.5.0
 * [ADDED] End-to-end encryption using NaCl.Net.
 * [ADDED] EncryptionMasterKey and RestClientTimeout properties to IPusherOptions.

diff --git a/PusherServer.Tests/PusherServer.Tests.csproj b/PusherServer.Tests/PusherServer.Tests.csproj
@@ -4,8 +4,17 @@
   <PropertyGroup>
     <TargetFrameworks>net45</TargetFrameworks>
     <IsPackable>false</IsPackable>
+    <SignAssembly>false</SignAssembly>
   </PropertyGroup>
 
+  <PropertyGroup Condition="$(SignAssembly) == 'true'">
+    <AssemblyOriginatorKeyFile>..\PusherServer.snk</AssemblyOriginatorKeyFile>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <None Include="..\PusherServer.snk" Link="PusherServer.snk" Pack="false" Condition="$(SignAssembly) == 'true'" />
+  </ItemGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\PusherServer\PusherServer.csproj" />
   </ItemGroup>

diff --git a/PusherServer.public.snk b/PusherServer.public.snk
diff --git a/PusherServer/Properties/AssemblyInfo.Signed.cs b/PusherServer/Properties/AssemblyInfo.Signed.cs
@@ -0,0 +1 @@
+[assembly: System.Runtime.CompilerServices.InternalsVisibleTo("PusherServer.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100456864dbf1cbca1cfaca7dc1af4103e2fc957a7db4e525dd577054d01d7974a75a201a3c4856a513603ee24d893cfebb17199a2c9cd1a677d86f07ee612e21aff7c5c4f507872d343c93875a353b76f8c1d0b937cc563f0e361580940bb7a759739be3dce880f62cff52e36698efc38895b7cde9bc984c95b443075dbc8cf7dd")]
diff --git a/PusherServer/PusherServer.csproj b/PusherServer/PusherServer.csproj
@@ -6,12 +6,24 @@
     <NetStandardImplicitPackageVersion>2.0.0</NetStandardImplicitPackageVersion>
     <AssemblyName>PusherServer</AssemblyName>
     <PackageId>PusherServer</PackageId>
+    <SignAssembly>false</SignAssembly>
+  </PropertyGroup>
+
+  <PropertyGroup Condition="$(SignAssembly) == 'true'">
+    <AssemblyOriginatorKeyFile>..\PusherServer.snk</AssemblyOriginatorKeyFile>
   </PropertyGroup>
 
   <ItemGroup>
     <None Include="Properties\icon-128.png" Pack="true" PackagePath="\" />
     <None Include="..\README.md" Link="Properties\README.md" Pack="true" PackagePath="\" />
     <None Include="..\CHANGELOG.md" Link="Properties\CHANGELOG.md" Pack="true" PackagePath="\" />
+    <None Include="..\PusherServer.public.snk" Link="Properties\PusherServer.public.snk" Pack="true" PackagePath="\" />
+    <Compile Remove="Properties\AssemblyInfo.Signed.cs" Condition="$(SignAssembly) != 'true'" />
+  </ItemGroup>
+
+  <ItemGroup Condition="$(SignAssembly) == 'true'">
+    <Compile Remove="Properties\AssemblyInfo.cs" />
+    <None Include="..\PusherServer.snk" Link="PusherServer.snk" Pack="false" />
   </ItemGroup>
 
   <ItemGroup>

diff --git a/README.md b/README.md
@@ -39,6 +39,7 @@ Comprehensive documentation can be found at <http://pusher.com/docs/channels>.
   - [Getting user information for a presence channel](#getting-user-information-for-a-presence-channel)
 - [Webhooks](#webhooks)
 - [Developer notes](#developer-notes)
+  - [Code signing key generation](#code-signing-key-generation)
   - [Debug tracing](#debug-tracing)
   - [Asynchronous programming](#asynchronous-programming)
   - [Alternative environments](#alternative-environments)
@@ -379,6 +380,24 @@ Make a copy of `./AppConfig.sample.json` and name it `AppConfig.test.json`.
 Modify the contents of `AppConfig.test.json` with your test application settings.
 You should be good to run all the tests successfully.
 
+### Code signing key generation
+
+To generate a new signing key, open a PowerShell command console and execute the command
+
+```powershell
+./StrongName/GeneratePusherKey.ps1
+```
+
+Copy the public key file `PusherServer.public.snk` to the source root folder.
+
+Take the base 64 encoded string and add it to the environment secret named CI_CODE_SIGN_KEY. This is used by `publish.yml`. Once this step is done remove all traces of the private signing key file.
+
+Also copy the PublicKey and apply it to the code file ./PusherServer/Properties/AssemblyInfo.Signed.cs; for example
+
+```cs
+[assembly: System.Runtime.CompilerServices.InternalsVisibleTo("PusherServer.Tests, PublicKey=002400000...7dd")]
+```
+
 ### Debug tracing
 
 Debug tracing is now off by default. To enable it use the new Pusher option: TraceLogger.

diff --git a/Root.Build.props b/Root.Build.props
@@ -12,7 +12,7 @@
     <PackageTags>pusher channels realtime websocket</PackageTags>
     <PackageLicenseExpression>MIT</PackageLicenseExpression>
     <PackageIcon>icon-128.png</PackageIcon>
-    <Version>4.5.0</Version>
+    <Version>4.6.0</Version>
     <AssemblyVersion>$(Version).0</AssemblyVersion>
     <FileVersion>$(Version).0</FileVersion>
   </PropertyGroup>

diff --git a/StrongName/GeneratePusherKey.ps1 b/StrongName/GeneratePusherKey.ps1
@@ -0,0 +1,15 @@
+$ErrorActionPreference = "stop";
+$scriptDir = Split-Path -Parent $MyInvocation.MyCommand.Definition;
+Push-Location $scriptDir;
+try {
+    $keyName = "PusherServer";
+    .\GenerateStrongNameKey.cmd "$keyName"
+    $keyBytes = [System.IO.File]::ReadAllBytes("$scriptDir\\$keyName.snk");
+    $keyBase64 = [System.Convert]::ToBase64String($keyBytes);
+    Write-Output "";
+    Write-Output "Base 64 encoded signing key:";
+    Write-Output $keyBase64;
+}
+finally {
+    Pop-Location
+}
diff --git a/StrongName/GenerateStrongNameKey.cmd b/StrongName/GenerateStrongNameKey.cmd
@@ -0,0 +1,52 @@
+@if '%1' == '' GOTO EXIT_WITH_ERROR
+
+@set "WIP_FILE=C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\Common7\Tools\VsDevCmd.bat"
+@if exist %WIP_FILE% (
+    @call "%WIP_FILE%"
+    GOTO GENERATE_SNK
+)
+
+@set "WIP_FILE=%VS150COMNTOOLS%\vsvars32.bat"
+@if exist "%WIP_FILE%" (
+    @call "%WIP_FILE%"
+    GOTO GENERATE_SNK
+)
+
+@set "WIP_FILE=%VS140COMNTOOLS%\vsvars32.bat"
+@if exist %WIP_FILE% (
+    @call "%WIP_FILE%"
+    GOTO GENERATE_SNK
+)
+
+@set "WIP_FILE=%VS130COMNTOOLS%\vsvars32.bat"
+@if exist %WIP_FILE% (
+    @call "%WIP_FILE%"
+    GOTO GENERATE_SNK
+)
+
+@set "WIP_FILE=%VS120COMNTOOLS%\vsvars32.bat"
+@if exist %WIP_FILE% (
+    @call "%WIP_FILE%"
+    GOTO GENERATE_SNK
+)
+
+@set "WIP_FILE=%VS110COMNTOOLS%\vsvars32.bat"
+@if exist %WIP_FILE% (
+    @call "%WIP_FILE%"
+    GOTO GENERATE_SNK
+)
+
+@set "WIP_FILE=%VS100COMNTOOLS%\vsvars32.bat"
+@if exist %WIP_FILE% (
+    @call "%WIP_FILE%"
+    GOTO GENERATE_SNK
+)
+
+:GENERATE_SNK
+sn -k "%~1.snk"
+sn -p "%~1.snk" "%~1.public.snk"
+sn -tp "%~1.public.snk"
+exit /B 0
+
+:EXIT_WITH_ERROR
+@echo Please provide a strong name key file name as a parameter to this command file.
diff --git a/StrongName/WritePusherKey.ps1 b/StrongName/WritePusherKey.ps1
@@ -0,0 +1,17 @@
+$ErrorActionPreference = "stop";
+$scriptDir = Split-Path -Parent $MyInvocation.MyCommand.Definition;
+Push-Location $scriptDir
+try {
+    $keyText = $Env:CI_CODE_SIGN_KEY;
+    if ($keyText) {
+        $key = [System.Convert]::FromBase64String($keyText);
+        $fileInfo = [System.IO.FileInfo]::new("$scriptDir\..\PusherServer.snk");
+        [System.IO.File]::WriteAllBytes($fileInfo.FullName, $key) | Out-Null;
+    }
+    else {
+        throw "The environment variable CI_CODE_SIGN_KEY is undefined. It needs to be a base 64 encoded key.";
+    }
+}
+finally {
+    Pop-Location;
+}