Allow explicit specification of certificate chains in SecurityUtil.SignFile

[chrischu]

Summary

It would be really great if there was an overload of SecurityUtil.SignFile(

msbuild/src/Tasks/ManifestUtil/SecurityUtil.cs

Line 636 in b3eba18

public static void SignFile(X509Certificate2 cert, Uri timestampUrl, string path)

) that allows passing in the certificate chain that will be attached to the signature explicitly (without having to go through the certificate store).

Background and Motivation

We're using the code in an automated system that runs code in parallel and therefore cannot reliably add the certificate chain to the Windows certificate store to allow correct resolution and adding of the chain certificates to the signature. Therefore we would appreciate an overload that allows us to explicitly pass in the whole certificate chain.

This is kind of similar to the fact that there are already overloads that take a certificate thumbprint (and therefore go through the Windows certificate store) and ones that explicitly take a X509Certificate2.

Proposed Feature

Add an overload that allows passing in a certificate chain explicitly (probably as X509Certificate2Collection?).

Alternative Designs

No response