[英]Digitally sign a Visual Studio 2012 VSIX extension
I am trying to sign a Visual Studio 2012 extension
that is packaged as a VSIX
file. 我正在尝试签署一个打包为VSIX
文件的Visual Studio 2012 extension
。
I have followed the instructions at http://www.jeff.wilcox.name/2010/03/vsixcodesigning/ ; 我已按照http://www.jeff.wilcox.name/2010/03/vsixcodesigning/上的说明进行操作; however, I am interested in performing signing without specifying a pfx file and password. 但是,我有兴趣在不指定pfx文件和密码的情况下执行签名。
For example, if I were to call 'signtool.exe', my command line would be: 例如,如果我要调用'signtool.exe',我的命令行将是:
"signtool.exe" sign /n MySubjectName /t 'http://timestamp.verisign.com/scripts/timstamp.dll' /d "MyDescription" MyPackage.vsix
I understand that this command does not work with VSIX
files, though it does work for an MSI
archive. 我知道这个命令不适用于VSIX
文件,尽管它适用于MSI
存档。
With this command, I do not need to specify a password or pfx file when calling signtool. 使用此命令,调用signtool时无需指定密码或pfx文件。 The best installed certificate is selected, using the specified subject MySubjectName
. 使用指定的主题MySubjectName
选择已安装的最佳证书。
Following the code on Jeff's Blog , the signing step requires pfx file name and password to be defined to create the X509Certificate2
used in signing: 按照Jeff博客上的代码,签名步骤需要定义pfx文件名和密码以创建签名中使用的X509Certificate2
:
private static void SignAllParts(Package package, string pfx, string password, string timestamp){
var signatureManager = new PackageDigitalSignatureManager(package);
signatureManager.CertificateOption = CertificateEmbeddingOption.InSignaturePart;
/*...*/
signatureManager.Sign(toSign, new System.Security.Cryptography.X509Certificates.X509Certificate2(pfx, password));
}
Is there any API involving PackageDigitalSignatureManager
that might let me find a X509Certificate
based on MySubjectName
so that I can sign against that? 是否有任何涉及PackageDigitalSignatureManager
API可能让我找到基于MySubjectName
的X509Certificate
,以便我可以签名?
I've solved this by iterating over the certificates found in the current user's store. 我通过迭代当前用户商店中的证书来解决这个问题。 I filter by the issuer name and take only valid certificates, then I loop over the matching certificates and return the first one which matches also the subject name: 我按发行者名称过滤并只获取有效证书,然后我循环匹配的证书并返回第一个与主题名称匹配的证书:
public static X509Certificate2 Find(string issuer, string subject)
{
var certStore = new X509Store (StoreName.My, StoreLocation.CurrentUser);
certStore.Open (OpenFlags.ReadOnly);
var certCollection = certStore.Certificates.Find (X509FindType.FindByIssuerName, issuer, true);
foreach (var cert in certCollection)
{
if (cert.FriendlyName == subject)
{
return cert;
}
}
return null;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.