对Visual Studio 2012 VSIX扩展进行数字签名 [英] Digitally sign a Visual Studio 2012 VSIX extension

问题描述

我正在尝试对 Visual Studio 2012扩展进行签名，该扩展打包为 VSIX 文件。

I am trying to sign a Visual Studio 2012 extension that is packaged as a VSIX file.

我已按照 http：上的说明进行操作： //www.jeff.wilcox.name/2010/03/vsixcodesigning/ ;但是，我感兴趣的是执行签名而不指定pfx文件和密码。

I have followed the instructions at http://www.jeff.wilcox.name/2010/03/vsixcodesigning/; however, I am interested in performing signing without specifying a pfx file and password.

例如，如果我要调用 signtool.exe，则命令行为：

For example, if I were to call 'signtool.exe', my command line would be:

"signtool.exe" sign /n MySubjectName /t 'http://timestamp.verisign.com/scripts/timstamp.dll' /d "MyDescription" MyPackage.vsix

我知道此命令不适用于 VSIX 文件，尽管它确实适用于 MSI 存档。

I understand that this command does not work with VSIX files, though it does work for an MSI archive.

使用此命令，在调用signtool时不需要指定密码或pfx文件。使用指定的主题 MySubjectName 选择安装最好的证书。

With this command, I do not need to specify a password or pfx file when calling signtool. The best installed certificate is selected, using the specified subject MySubjectName.

按照 Jeff的博客，签名步骤要求定义pfx文件名和密码以创建 X509Certificate2 用于签名：

Following the code on Jeff's Blog, the signing step requires pfx file name and password to be defined to create the X509Certificate2 used in signing:

 private static void SignAllParts(Package package, string pfx, string password, string timestamp){
  var signatureManager = new PackageDigitalSignatureManager(package);
  signatureManager.CertificateOption = CertificateEmbeddingOption.InSignaturePart;

  /*...*/

  signatureManager.Sign(toSign, new System.Security.Cryptography.X509Certificates.X509Certificate2(pfx, password));
}

是否有任何涉及 PackageDigitalSignatureManager 可能会让我找到基于 MySubjectName 的 X509Certificate ，以便我可以对此进行签名？

Is there any API involving PackageDigitalSignatureManager that might let me find a X509Certificate based on MySubjectName so that I can sign against that?

推荐答案

我已经通过遍历当前用户商店中找到的证书来解决此问题。我按发布者名称过滤，只获取有效证书，然后遍历匹配的证书，并返回与主题名称也匹配的第一个证书：

I've solved this by iterating over the certificates found in the current user's store. I filter by the issuer name and take only valid certificates, then I loop over the matching certificates and return the first one which matches also the subject name:

public static X509Certificate2 Find(string issuer, string subject)
{
    var certStore = new X509Store (StoreName.My, StoreLocation.CurrentUser);
    certStore.Open (OpenFlags.ReadOnly);
    var certCollection = certStore.Certificates.Find (X509FindType.FindByIssuerName, issuer, true);

    foreach (var cert in certCollection)
    {
        if (cert.FriendlyName == subject)
        {
            return cert;
        }
    }

    return null;
}

这篇关于对Visual Studio 2012 VSIX扩展进行数字签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！