CertificateEmbeddingOption 枚举
定义
重要
一些信息与预发行产品相关,相应产品在发行之前可能会进行重大修改。 对于此处提供的信息,Microsoft 不作任何明示或暗示的担保。
指定一个位置,其中存储了签名时所用的 X.509 证书。
public enum class CertificateEmbeddingOption
public enum CertificateEmbeddingOption
type CertificateEmbeddingOption =
Public Enum CertificateEmbeddingOption
- 继承
字段
名称 | 值 | 说明 |
---|---|---|
InCertificatePart | 0 | 该证书嵌入在自己的 PackagePart 中。 |
InSignaturePart | 1 | 该证书嵌入到为要添加的签名创建的 SignaturePart 中。 |
NotEmbedded | 2 | 包中未嵌入证书。 |
示例
以下示例演示如何使用 CertificateEmbeddingOption
来设置 PackageDigitalSignatureManager.CertificateOption 属性。
private static void SignAllParts(Package package)
{
if (package == null)
throw new ArgumentNullException("SignAllParts(package)");
// Create the DigitalSignature Manager
PackageDigitalSignatureManager dsm =
new PackageDigitalSignatureManager(package);
dsm.CertificateOption =
CertificateEmbeddingOption.InSignaturePart;
// Create a list of all the part URIs in the package to sign
// (GetParts() also includes PackageRelationship parts).
System.Collections.Generic.List<Uri> toSign =
new System.Collections.Generic.List<Uri>();
foreach (PackagePart packagePart in package.GetParts())
{
// Add all package parts to the list for signing.
toSign.Add(packagePart.Uri);
}
// Add the URI for SignatureOrigin PackageRelationship part.
// The SignatureOrigin relationship is created when Sign() is called.
// Signing the SignatureOrigin relationship disables counter-signatures.
toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin));
// Also sign the SignatureOrigin part.
toSign.Add(dsm.SignatureOrigin);
// Add the package relationship to the signature origin to be signed.
toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));
// Sign() will prompt the user to select a Certificate to sign with.
try
{
dsm.Sign(toSign);
}
// If there are no certificates or the SmartCard manager is
// not running, catch the exception and show an error message.
catch (CryptographicException ex)
{
MessageBox.Show(
"Cannot Sign\n" + ex.Message,
"No Digital Certificates Available",
MessageBoxButton.OK,
MessageBoxImage.Exclamation);
}
}// end:SignAllParts()
Private Shared Sub SignAllParts(ByVal package As Package)
If package Is Nothing Then
Throw New ArgumentNullException("SignAllParts(package)")
End If
' Create the DigitalSignature Manager
Dim dsm As New PackageDigitalSignatureManager(package)
dsm.CertificateOption = CertificateEmbeddingOption.InSignaturePart
' Create a list of all the part URIs in the package to sign
' (GetParts() also includes PackageRelationship parts).
Dim toSign As New System.Collections.Generic.List(Of Uri)()
For Each packagePart As PackagePart In package.GetParts()
' Add all package parts to the list for signing.
toSign.Add(packagePart.Uri)
Next
' Add the URI for SignatureOrigin PackageRelationship part.
' The SignatureOrigin relationship is created when Sign() is called.
' Signing the SignatureOrigin relationship disables counter-signatures.
toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin))
' Also sign the SignatureOrigin part.
toSign.Add(dsm.SignatureOrigin)
' Add the package relationship to the signature origin to be signed.
toSign.Add(PackUriHelper.GetRelationshipPartUri(New Uri("/", UriKind.RelativeOrAbsolute)))
' Sign() will prompt the user to select a Certificate to sign with.
Try
dsm.Sign(toSign)
Catch ex As CryptographicException
' If there are no certificates or the SmartCard manager is
' not running, catch the exception and show an error message.
MessageBox.Show("Cannot Sign" & vbLf & ex.Message, "No Digital Certificates Available", MessageBoxButton.OK, MessageBoxImage.Exclamation)
End Try
End Sub
Private Shared Function InlineAssignHelper(Of T)(ByRef target As T, ByVal value As T) As T
target = value
Return value
End Function
' end:SignAllParts()
注解
如果证书在 NotEmbedded
包中,则验证签名的应用程序必须提供证书的副本,以便验证由它签名的签名。
InSignaturePart
添加两个信息元素 <KeyName>
和 <KeyValue>
,作为存储数字签名的 字段的一部分 KeyInfo 。
<KeyName>
和 <KeyValue>
元素不会作为签名验证的一部分进行处理,因此无法进行修改。 应用程序不应对这两个元素的有效性做出任何假设。 为了避免未检测到的修改和可能的混淆,应用程序应使用 InCertificatePart
选项而不是 InSignaturePart
。 选项 InCertificatePart
不提供或公开 <KeyName>
或 <KeyValue>
。