对Visual Studio 2012 VSIX扩展进行数字签名 [英] Digitally sign a Visual Studio 2012 VSIX extension
问题描述
我正在尝试对 Visual Studio 2012扩展
进行签名,该扩展打包为 VSIX
文件。
I am trying to sign a Visual Studio 2012 extension
that is packaged as a VSIX
file.
我已按照 http:上的说明进行操作: //www.jeff.wilcox.name/2010/03/vsixcodesigning/ ;但是,我感兴趣的是执行签名而不指定pfx文件和密码。
I have followed the instructions at http://www.jeff.wilcox.name/2010/03/vsixcodesigning/; however, I am interested in performing signing without specifying a pfx file and password.
例如,如果我要调用 signtool.exe,则命令行为:
For example, if I were to call 'signtool.exe', my command line would be:
"signtool.exe" sign /n MySubjectName /t 'http://timestamp.verisign.com/scripts/timstamp.dll' /d "MyDescription" MyPackage.vsix
我知道此命令不适用于 VSIX
文件,尽管它确实适用于 MSI
存档。
I understand that this command does not work with VSIX
files, though it does work for an MSI
archive.
使用此命令,在调用signtool时不需要指定密码或pfx文件。使用指定的主题 MySubjectName
选择安装最好的证书。
With this command, I do not need to specify a password or pfx file when calling signtool. The best installed certificate is selected, using the specified subject MySubjectName
.
按照 Jeff的博客,签名步骤要求定义pfx文件名和密码以创建 X509Certificate2
用于签名:
Following the code on Jeff's Blog, the signing step requires pfx file name and password to be defined to create the X509Certificate2
used in signing:
private static void SignAllParts(Package package, string pfx, string password, string timestamp){
var signatureManager = new PackageDigitalSignatureManager(package);
signatureManager.CertificateOption = CertificateEmbeddingOption.InSignaturePart;
/*...*/
signatureManager.Sign(toSign, new System.Security.Cryptography.X509Certificates.X509Certificate2(pfx, password));
}
是否有任何涉及 PackageDigitalSignatureManager 可能会让我找到基于
MySubjectName
的 X509Certificate
,以便我可以对此进行签名?
Is there any API involving PackageDigitalSignatureManager
that might let me find a X509Certificate
based on MySubjectName
so that I can sign against that?
推荐答案
我已经通过遍历当前用户商店中找到的证书来解决此问题。我按发布者名称过滤,只获取有效证书,然后遍历匹配的证书,并返回与主题名称也匹配的第一个证书:
I've solved this by iterating over the certificates found in the current user's store. I filter by the issuer name and take only valid certificates, then I loop over the matching certificates and return the first one which matches also the subject name:
public static X509Certificate2 Find(string issuer, string subject)
{
var certStore = new X509Store (StoreName.My, StoreLocation.CurrentUser);
certStore.Open (OpenFlags.ReadOnly);
var certCollection = certStore.Certificates.Find (X509FindType.FindByIssuerName, issuer, true);
foreach (var cert in certCollection)
{
if (cert.FriendlyName == subject)
{
return cert;
}
}
return null;
}
这篇关于对Visual Studio 2012 VSIX扩展进行数字签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!