Wednesday, November 7, 2007

Using the SignCode Macro

The SignCode macro is dependent on the SignCode.exe utility included with the Microsoft .NET Framework SDK. Full information on the utility can be found in the topic, File Signing Tool (Signcode.exe), in the .NET Framework SDK documentation. The .NET Framework SDK is installed by default when you install Visual Studio .NET. However, if you chose not to install the .NET Framework SDK, the macro will not function. If you have moved the SignCode.exe utility to a different location, be sure the directory is included in your local path environment variable.

Internet 2010

Before running the SignCode macro, you must set the security level of the form template to full trust using the following procedure.

  1. Open the form template in design mode.
  2. On the Tools menu, click Form Options.
  3. On the Security tab, clear the Automatically determine security level based on form's design check box.
  4. Click the Full Trust option, and then save your changes.

Signing an InfoPath project requires a code signing certificate file (.cer). A code signing certificate can be obtained from a certificate authority such as Verisign or from an internal corporate certificate authority. For debug and test purposes, a code signing certificate can also be created by using the Makecert.exe utility included in the .NET Framework SDK. A certificate created using Makecert.exe is not suitable for publishing signed forms but will work for debugging and testing on a development computer.

To create a certificate with the Makecert.exe utility, a trusted root certificate authority must be created first. To create the certificate authority:

  1. Open the Command Prompt, type the following, and then press ENTER:

    makecert -n "CN=TrustedRootCA" -r -cy authority -a sha1 -sky signature -m 1 -sv certRoot.pvk certRoot.cer -ss ROOT

  2. The Create Private Key Password dialog box is displayed. Click None.
  3. A Security Warning message is displayed stating "You are about to install a certificate from a certification authority (CA) claiming to represent: TrustedRootCA". Click Yes to install the certificate to the Trusted Root Certification Authorities store.
  4. To create a certificate that can be used for signing, type the following, and then press ENTER:

    makecert -n "CN=TestCert" -cy end -a sha1 -sky signature -m 1 -iv Certroot.pvk -ic certroot.cer -ss MY -sv MyKey.pvk MyCertificate.cer

  5. The Create Private Key Password dialog box is displayed. Because this is just a debug and test certificate, it is recommended that you use a blank password to make the signing process simpler. To create a blank password, click None.
  6. The files MyCertificate.cer and MyKey.pvk are created in the directory in which you issued the command in step 4. Copy them to the project directory of any InfoPath project you wish to sign.

Important The certificate created with this procedure is only suitable for testing and debugging. Be sure to obtain a legitimate code signing certificate from a certificate authority if you want to sign any release versions of your project. Additional information on the code signing process can be found in the topic, Signing and Checking Code with Authenticode, on the Microsoft Developer Network (MSDN).

The SignCode macro is designed to run when a build of a project is successfully completed using event handler code for the Visual Studio .NET OnBuildDone event. By default, the lines of code to run the SignCode macro are commented out. To remove the comments from the OnBuildDone event handler, use the following steps:

  1. In Microsoft Visual Studio .NET, on the Tools menu, point to Macros, and then click Macro Explorer.
  2. In the Macro Explorer window, expand the InfoPathSDK node.
  3. Right-click the SignCode node, and then click Edit.
  4. In the Project Explorer pane, double-click EnvironmentEvents.
  5. In the Code Editor window, remove the comments from the three lines of code in the following event handler.
    Private Sub BuildEvents_OnBuildDone(ByVal Scope As EnvDTE.vsBuildScope, ByVal Action As EnvDTE.vsBuildAction) _
    Handles BuildEvents.OnBuildDone
    ' If DTE.Solution.SolutionBuild.LastBuildInfo() = 0 Then 'check for successful build
    ' SignCode.SignCode()
    ' End If
    End Sub
  6. Save your changes, and close the Microsoft Visual Studio Macros editor.

After removing the comments from the OnBuildDone event handler and copying your certificate and key file to your project directory, your project will be signed automatically when it is built. The SignCode macro is hard coded to look for certificate and private key files named MyCertificate.cer and MyKey.pvk located in the current project directory. To sign your project with legitimate code signing certificate files, you can either rename the files to these names, or you can modify the CertificateFileName and KeyFileName constants in the SignCode macro code to use the names of your certificate files. For more information on the SignCode macro code, see the Macro Code Walkthroughs topic.

No comments:

Internet Blogosphere