Add SAPTeam certificates

Author: Aeliux

src/EasySign.Cli/Program.cs

@@ -47,6 +47,7 @@ private static int Main(string[] args)
                 config = new CommandProviderConfiguration();
             }
 
+            config.AddSAPTeamCertificates();
             var cp = new BundleCommandProvider(config, commandProviderLogger, bundleLogger);
 
             RootCommand root = cp.GetRootCommand();

src/EasySign.CommandLine/CommandProvider.cs

@@ -418,7 +418,7 @@ public Command Trust
 
                     if (Configuration.IsProtected(id))
                     {
-                        AnsiConsole.MarkupLine($"[red]This ID is protected and cannot be removed[/]");
+                        AnsiConsole.MarkupLine($"[red]This ID is protected and cannot be modified[/]");
                         return;
                     }
 

src/EasySign.CommandLine/CommandProviderConfiguration.cs

@@ -16,7 +16,7 @@ public class CommandProviderConfiguration
         /// <summary>
         /// Gets or sets the list of prefixes that should be protected from modification.
         /// </summary>
-        protected string[] ProtectedPrefixes { get; } = [];
+        protected string[] ProtectedPrefixes { get; set; } = [];
 
         /// <summary>
         /// Gets or sets the list of trusted root CA certificates.
@@ -57,7 +57,7 @@ public CommandProviderConfiguration()
         /// </param>
         public CommandProviderConfiguration(string[] protectedPrefixes)
         {
-            ProtectedPrefixes = ProtectedPrefixes.Union(protectedPrefixes).ToArray();
+            AddProtectedPrefix(protectedPrefixes);
         }
 
         /// <summary>
@@ -89,6 +89,34 @@ public bool IsProtected(string id)
             return ProtectedPrefixes.Any(id.StartsWith);
         }
 
+        /// <summary>
+        /// Adds given prefixes to the list of Protected ID Prefixes.
+        /// </summary>
+        /// <param name="prefixes">
+        /// The prefixes to add.
+        /// </param>
+        /// <exception cref="ArgumentNullException"></exception>
+        public void AddProtectedPrefix(params string[] prefixes)
+        {
+            if (prefixes == null || prefixes.Length == 0)
+            {
+                throw new ArgumentNullException(nameof(prefixes), "Prefixes cannot be null or empty.");
+            }
+
+            ProtectedPrefixes = ProtectedPrefixes.Union(prefixes).ToArray();
+        }
+
+        /// <summary>
+        /// Adds the SAP Team certificates to the trusted root CA and intermediate CA stores and Locks the sapteam: prefix.
+        /// </summary>
+        public void AddSAPTeamCertificates()
+        {
+            AddProtectedPrefix("sapteam:");
+
+            TrustedRootCA["sapteam:rootca"] = SAPTeamCertificates.RootCA;
+            IntermediateCA["sapteam:packages"] = SAPTeamCertificates.PackagesIntermediateCA;
+        }
+
         /// <summary>
         /// Adds a certificate to the specified certificate store.
         /// </summary>

src/EasySign.CommandLine/EasySign.CommandLine.csproj

@@ -28,6 +28,21 @@
     <PackageReference Include="Spectre.Console" Version="0.49.1" />
     <PackageReference Include="System.CommandLine" Version="2.0.0-beta4.22272.1" />
   </ItemGroup>
+
+  <ItemGroup>
+    <Compile Update="SAPTeamCertificates.Designer.cs">
+      <DesignTime>True</DesignTime>
+      <AutoGen>True</AutoGen>
+      <DependentUpon>SAPTeamCertificates.resx</DependentUpon>
+    </Compile>
+  </ItemGroup>
+
+  <ItemGroup>
+    <EmbeddedResource Update="SAPTeamCertificates.resx">
+      <Generator>ResXFileCodeGenerator</Generator>
+      <LastGenOutput>SAPTeamCertificates.Designer.cs</LastGenOutput>
+    </EmbeddedResource>
+  </ItemGroup>
 
   <Import Project="$(RepoRootPath)\build\Library.props" />
 

src/EasySign.CommandLine/Resources/PackagesIntermediateCA.crt

@@ -0,0 +1,127 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <assembly alias="System.Windows.Forms" name="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
+  <data name="PackagesIntermediateCA" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Resources\PackagesIntermediateCA.crt;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </data>
+  <data name="RootCA" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Resources\RootCA.crt;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </data>
+</root>