Enable stream based strong signing (#14471)

* Enable stream based strong signing

* moare

* fantomas

* readwrite

Author: KevinRansom

src/Compiler/AbstractIL/ilsign.fs

@@ -297,12 +297,6 @@ let signStream stream keyBlob =
     let signature = createSignature hash keyBlob KeyType.KeyPair
     patchSignature stream peReader signature
 
-let signFile fileName keyBlob =
-    use fs =
-        FileSystem.OpenFileForWriteShim(fileName, FileMode.Open, FileAccess.ReadWrite)
-
-    signStream fs keyBlob
-
 let signatureSize (pk: byte[]) =
     if pk.Length < 25 then
         raise (CryptographicException(getResourceString (FSComp.SR.ilSignInvalidPKBlob ())))
@@ -339,18 +333,9 @@ let signerOpenKeyPairFile filePath =
 
 let signerGetPublicKeyForKeyPair (kp: keyPair) : pubkey = getPublicKeyForKeyPair kp
 
-let signerGetPublicKeyForKeyContainer (_kcName: keyContainerName) : pubkey =
-    raise (NotImplementedException("signerGetPublicKeyForKeyContainer is not yet implemented"))
-
-let signerCloseKeyContainer (_kc: keyContainerName) : unit =
-    raise (NotImplementedException("signerCloseKeyContainer is not yet implemented"))
-
 let signerSignatureSize (pk: pubkey) : int = signatureSize pk
 
-let signerSignFileWithKeyPair (fileName: string) (kp: keyPair) : unit = signFile fileName kp
-
-let signerSignFileWithKeyContainer (_fileName: string) (_kcName: keyContainerName) : unit =
-    raise (NotImplementedException("signerSignFileWithKeyContainer is not yet implemented"))
+let signerSignStreamWithKeyPair stream keyBlob = signStream stream keyBlob
 
 let failWithContainerSigningUnsupportedOnThisPlatform () =
     failwith (FSComp.SR.containerSigningUnsupportedOnThisPlatform () |> snd)
@@ -371,13 +356,6 @@ type ILStrongNameSigner =
     static member OpenKeyPairFile s = KeyPair(signerOpenKeyPairFile s)
     static member OpenKeyContainer s = KeyContainer s
 
-    member s.Close() =
-        match s with
-        | PublicKeySigner _
-        | PublicKeyOptionsSigner _
-        | KeyPair _ -> ()
-        | KeyContainer _ -> failWithContainerSigningUnsupportedOnThisPlatform ()
-
     member s.IsFullySigned =
         match s with
         | PublicKeySigner _ -> false
@@ -412,9 +390,9 @@ type ILStrongNameSigner =
         | KeyPair kp -> pkSignatureSize (signerGetPublicKeyForKeyPair kp)
         | KeyContainer _ -> failWithContainerSigningUnsupportedOnThisPlatform ()
 
-    member s.SignFile file =
+    member s.SignStream stream =
         match s with
         | PublicKeySigner _ -> ()
         | PublicKeyOptionsSigner _ -> ()
-        | KeyPair kp -> signerSignFileWithKeyPair file kp
+        | KeyPair kp -> signerSignStreamWithKeyPair stream kp
         | KeyContainer _ -> failWithContainerSigningUnsupportedOnThisPlatform ()

src/Compiler/AbstractIL/ilsign.fsi

@@ -7,6 +7,9 @@
 
 module internal FSharp.Compiler.AbstractIL.StrongNameSign
 
+open System
+open System.IO
+
 //---------------------------------------------------------------------
 // Strong name signing
 //---------------------------------------------------------------------
@@ -17,8 +20,7 @@ type ILStrongNameSigner =
     static member OpenPublicKey: byte[] -> ILStrongNameSigner
     static member OpenKeyPairFile: string -> ILStrongNameSigner
     static member OpenKeyContainer: string -> ILStrongNameSigner
-    member Close: unit -> unit
     member IsFullySigned: bool
     member PublicKey: byte[]
     member SignatureSize: int
-    member SignFile: string -> unit
+    member SignStream: Stream -> unit

src/Compiler/AbstractIL/ilwrite.fs

@@ -3711,9 +3711,22 @@ let writePdb (
     // Used to capture the pdb file bytes in the case we're generating in-memory
     let mutable pdbBytes = None
 
+    let signImage () =
+        // Sign the binary. No further changes to binary allowed past this point!
+        match signer with
+        | None -> ()
+        | Some s ->
+            use fs = reopenOutput()
+            try
+                s.SignStream fs
+            with exn ->
+                failwith ($"Warning: A call to SignFile failed ({exn.Message})")
+        reportTime showTimes "Signing Image"
+
     // Now we've done the bulk of the binary, do the PDB file and fixup the binary.
     match pdbfile with
-    | None -> ()
+    | None -> signImage ()
+
     | Some pdbfile ->
         let idd =
             match pdbInfoOpt with
@@ -3763,28 +3776,14 @@ let writePdb (
                     os2.BaseStream.Seek (int64 (textV2P i.iddChunk.addr), SeekOrigin.Begin) |> ignore
                     if i.iddChunk.size < i.iddData.Length then failwith "Debug data area is not big enough. Debug info may not be usable"
                     writeBytes os2 i.iddData
+            reportTime showTimes "Finalize PDB"
+            signImage ()
             os2.Dispose()
         with exn ->
             failwith ("Error while writing debug directory entry: " + exn.Message)
             (try os2.Dispose(); FileSystem.FileDeleteShim outfile with _ -> ())
             reraise()
 
-    reportTime showTimes "Finalize PDB"
-
-    // Sign the binary. No further changes to binary allowed past this point!
-    match signer with
-    | None -> ()
-    | Some s ->
-        try
-            s.SignFile outfile
-            s.Close()
-        with exn ->
-            failwith ("Warning: A call to SignFile failed ("+exn.Message+")")
-            (try s.Close() with _ -> ())
-            (try FileSystem.FileDeleteShim outfile with _ -> ())
-            ()
-
-    reportTime showTimes "Signing Image"
     pdbBytes
 
 type options =
@@ -4528,7 +4527,7 @@ let writeBinaryFiles (options: options, modul, normalizeAssemblyRefs) =
             reraise()
 
     let reopenOutput () =
-        FileSystem.OpenFileForWriteShim(options.outfile, FileMode.Open, FileAccess.Write, FileShare.Read)
+        FileSystem.OpenFileForWriteShim(options.outfile, FileMode.Open, FileAccess.ReadWrite, FileShare.Read)
 
     writePdb (options.dumpDebugInfo,
         options.showTimes,
@@ -4558,7 +4557,9 @@ let writeBinaryInMemory (options: options, modul, normalizeAssemblyRefs) =
     let pdbData, pdbInfoOpt, debugDirectoryChunk, debugDataChunk, debugChecksumPdbChunk, debugEmbeddedPdbChunk, debugDeterministicPdbChunk, textV2P, _mappings =
         writeBinaryAux(stream, options, modul, normalizeAssemblyRefs)
 
-    let reopenOutput () = stream
+    let reopenOutput () =
+        stream.Seek(0, SeekOrigin.Begin) |> ignore
+        stream
 
     let pdbBytes =
         writePdb (options.dumpDebugInfo,