Run SignCheck on .NET Core (#15470)

Author: ellahathaway

Arcade.sln

@@ -35,12 +35,12 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.DotNet.SwaggerGen
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.DotNet.GenAPI", "src\Microsoft.DotNet.GenAPI\Microsoft.DotNet.GenAPI.csproj", "{9427265E-C224-4B40-8157-F05529D084D3}"
 EndProject
-Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "SignCheck", "SignCheck", "{A704E5B2-86A4-4D4F-902D-C10EA18C12DF}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.DotNet.SignCheck", "src\SignCheck\SignCheck\Microsoft.DotNet.SignCheck.csproj", "{AF298985-511F-476A-8F62-79908BE8DF01}"
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Microsoft.DotNet.SignCheckLibrary", "src\SignCheck\Microsoft.SignCheck\Microsoft.DotNet.SignCheckLibrary.csproj", "{2A62655C-1AE0-480E-9F1A-E21F21C1D095}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.DotNet.SignCheckLibrary", "src\SignCheck\Microsoft.SignCheck\Microsoft.DotNet.SignCheckLibrary.csproj", "{39B69A56-43E9-480D-9A60-8E0917795FE8}"
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Microsoft.DotNet.SignCheck", "src\SignCheck\SignCheck\Microsoft.DotNet.SignCheck.csproj", "{40CB2592-3B06-4D0D-9878-7DFD5C4B3E9E}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Microsoft.DotNet.SignCheckTask", "src\SignCheck\SignCheckTask\Microsoft.DotNet.SignCheckTask.csproj", "{F6F5E649-F477-44ED-BAB2-11D4F0E87402}"
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "WinShimmer", "src\WinShimmer\WinShimmer.csproj", "{39C3FC42-21E8-40BF-AE3F-CB9C4CC226D7}"
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.DotNet.Build.Tasks.Packaging", "src\Microsoft.DotNet.Build.Tasks.Packaging\src\Microsoft.DotNet.Build.Tasks.Packaging.csproj", "{EFC8C541-1DC4-40DA-B6E5-FBF44F6DD8BC}"
@@ -327,26 +327,6 @@ Global
 		{9427265E-C224-4B40-8157-F05529D084D3}.Release|x64.Build.0 = Release|Any CPU
 		{9427265E-C224-4B40-8157-F05529D084D3}.Release|x86.ActiveCfg = Release|Any CPU
 		{9427265E-C224-4B40-8157-F05529D084D3}.Release|x86.Build.0 = Release|Any CPU
-		{AF298985-511F-476A-8F62-79908BE8DF01}.Debug|Any CPU.ActiveCfg = Debug|x86
-		{AF298985-511F-476A-8F62-79908BE8DF01}.Debug|Any CPU.Build.0 = Debug|x86
-		{AF298985-511F-476A-8F62-79908BE8DF01}.Debug|x64.ActiveCfg = Debug|x86
-		{AF298985-511F-476A-8F62-79908BE8DF01}.Debug|x86.ActiveCfg = Debug|x86
-		{AF298985-511F-476A-8F62-79908BE8DF01}.Debug|x86.Build.0 = Debug|x86
-		{AF298985-511F-476A-8F62-79908BE8DF01}.Release|Any CPU.ActiveCfg = Release|x86
-		{AF298985-511F-476A-8F62-79908BE8DF01}.Release|Any CPU.Build.0 = Release|x86
-		{AF298985-511F-476A-8F62-79908BE8DF01}.Release|x64.ActiveCfg = Release|x86
-		{AF298985-511F-476A-8F62-79908BE8DF01}.Release|x86.ActiveCfg = Release|x86
-		{AF298985-511F-476A-8F62-79908BE8DF01}.Release|x86.Build.0 = Release|x86
-		{39B69A56-43E9-480D-9A60-8E0917795FE8}.Debug|Any CPU.ActiveCfg = Debug|x86
-		{39B69A56-43E9-480D-9A60-8E0917795FE8}.Debug|Any CPU.Build.0 = Debug|x86
-		{39B69A56-43E9-480D-9A60-8E0917795FE8}.Debug|x64.ActiveCfg = Debug|x86
-		{39B69A56-43E9-480D-9A60-8E0917795FE8}.Debug|x86.ActiveCfg = Debug|x86
-		{39B69A56-43E9-480D-9A60-8E0917795FE8}.Debug|x86.Build.0 = Debug|x86
-		{39B69A56-43E9-480D-9A60-8E0917795FE8}.Release|Any CPU.ActiveCfg = Release|x86
-		{39B69A56-43E9-480D-9A60-8E0917795FE8}.Release|Any CPU.Build.0 = Release|x86
-		{39B69A56-43E9-480D-9A60-8E0917795FE8}.Release|x64.ActiveCfg = Release|x86
-		{39B69A56-43E9-480D-9A60-8E0917795FE8}.Release|x86.ActiveCfg = Release|x86
-		{39B69A56-43E9-480D-9A60-8E0917795FE8}.Release|x86.Build.0 = Release|x86
 		{39C3FC42-21E8-40BF-AE3F-CB9C4CC226D7}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{39C3FC42-21E8-40BF-AE3F-CB9C4CC226D7}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{39C3FC42-21E8-40BF-AE3F-CB9C4CC226D7}.Debug|x64.ActiveCfg = Debug|Any CPU
@@ -971,6 +951,42 @@ Global
 		{1F5118A8-A5C5-4D18-AF34-FFB60FECCD45}.Release|x64.Build.0 = Release|Any CPU
 		{1F5118A8-A5C5-4D18-AF34-FFB60FECCD45}.Release|x86.ActiveCfg = Release|Any CPU
 		{1F5118A8-A5C5-4D18-AF34-FFB60FECCD45}.Release|x86.Build.0 = Release|Any CPU
+		{2A62655C-1AE0-480E-9F1A-E21F21C1D095}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{2A62655C-1AE0-480E-9F1A-E21F21C1D095}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{2A62655C-1AE0-480E-9F1A-E21F21C1D095}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{2A62655C-1AE0-480E-9F1A-E21F21C1D095}.Debug|x64.Build.0 = Debug|Any CPU
+		{2A62655C-1AE0-480E-9F1A-E21F21C1D095}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{2A62655C-1AE0-480E-9F1A-E21F21C1D095}.Debug|x86.Build.0 = Debug|Any CPU
+		{2A62655C-1AE0-480E-9F1A-E21F21C1D095}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{2A62655C-1AE0-480E-9F1A-E21F21C1D095}.Release|Any CPU.Build.0 = Release|Any CPU
+		{2A62655C-1AE0-480E-9F1A-E21F21C1D095}.Release|x64.ActiveCfg = Release|Any CPU
+		{2A62655C-1AE0-480E-9F1A-E21F21C1D095}.Release|x64.Build.0 = Release|Any CPU
+		{2A62655C-1AE0-480E-9F1A-E21F21C1D095}.Release|x86.ActiveCfg = Release|Any CPU
+		{2A62655C-1AE0-480E-9F1A-E21F21C1D095}.Release|x86.Build.0 = Release|Any CPU
+		{40CB2592-3B06-4D0D-9878-7DFD5C4B3E9E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{40CB2592-3B06-4D0D-9878-7DFD5C4B3E9E}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{40CB2592-3B06-4D0D-9878-7DFD5C4B3E9E}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{40CB2592-3B06-4D0D-9878-7DFD5C4B3E9E}.Debug|x64.Build.0 = Debug|Any CPU
+		{40CB2592-3B06-4D0D-9878-7DFD5C4B3E9E}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{40CB2592-3B06-4D0D-9878-7DFD5C4B3E9E}.Debug|x86.Build.0 = Debug|Any CPU
+		{40CB2592-3B06-4D0D-9878-7DFD5C4B3E9E}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{40CB2592-3B06-4D0D-9878-7DFD5C4B3E9E}.Release|Any CPU.Build.0 = Release|Any CPU
+		{40CB2592-3B06-4D0D-9878-7DFD5C4B3E9E}.Release|x64.ActiveCfg = Release|Any CPU
+		{40CB2592-3B06-4D0D-9878-7DFD5C4B3E9E}.Release|x64.Build.0 = Release|Any CPU
+		{40CB2592-3B06-4D0D-9878-7DFD5C4B3E9E}.Release|x86.ActiveCfg = Release|Any CPU
+		{40CB2592-3B06-4D0D-9878-7DFD5C4B3E9E}.Release|x86.Build.0 = Release|Any CPU
+		{F6F5E649-F477-44ED-BAB2-11D4F0E87402}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{F6F5E649-F477-44ED-BAB2-11D4F0E87402}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{F6F5E649-F477-44ED-BAB2-11D4F0E87402}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{F6F5E649-F477-44ED-BAB2-11D4F0E87402}.Debug|x64.Build.0 = Debug|Any CPU
+		{F6F5E649-F477-44ED-BAB2-11D4F0E87402}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{F6F5E649-F477-44ED-BAB2-11D4F0E87402}.Debug|x86.Build.0 = Debug|Any CPU
+		{F6F5E649-F477-44ED-BAB2-11D4F0E87402}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{F6F5E649-F477-44ED-BAB2-11D4F0E87402}.Release|Any CPU.Build.0 = Release|Any CPU
+		{F6F5E649-F477-44ED-BAB2-11D4F0E87402}.Release|x64.ActiveCfg = Release|Any CPU
+		{F6F5E649-F477-44ED-BAB2-11D4F0E87402}.Release|x64.Build.0 = Release|Any CPU
+		{F6F5E649-F477-44ED-BAB2-11D4F0E87402}.Release|x86.ActiveCfg = Release|Any CPU
+		{F6F5E649-F477-44ED-BAB2-11D4F0E87402}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -982,8 +998,6 @@ Global
 		{FF9DA4D9-3A84-441B-8AAE-B73B6D1EE8B3} = {BB99CE55-AD68-484A-9474-B8BACED247AB}
 		{697EB593-3277-4C43-B8F3-C578E21B051B} = {BB99CE55-AD68-484A-9474-B8BACED247AB}
 		{4FA6B420-53A3-4956-9C02-8649A720A9F5} = {BB99CE55-AD68-484A-9474-B8BACED247AB}
-		{AF298985-511F-476A-8F62-79908BE8DF01} = {A704E5B2-86A4-4D4F-902D-C10EA18C12DF}
-		{39B69A56-43E9-480D-9A60-8E0917795FE8} = {A704E5B2-86A4-4D4F-902D-C10EA18C12DF}
 		{F23ED302-7451-4D40-85C3-FACFCF884661} = {C53DD924-C212-49EA-9BC4-1827421361EF}
 		{BA4250FD-9258-4469-A16D-48A0CAF5A2F8} = {C53DD924-C212-49EA-9BC4-1827421361EF}
 		{DC0D0EE5-1C0C-4D3E-BA0B-D6A59717DA94} = {6BE49638-F842-4329-BE8A-30C0F30CCAA5}

eng/common/sdk-task.sh

@@ -0,0 +1,104 @@
+#!/usr/bin/env bash
+
+show_usage() {
+    echo "Common settings:"
+    echo "  --task <value>           Name of Arcade task (name of a project in SdkTasks directory of the Arcade SDK package)"
+    echo "  --restore                Restore dependencies"
+    echo "  --verbosity <value>      Msbuild verbosity: q[uiet], m[inimal], n[ormal], d[etailed], and diag[nostic]"
+    echo "  --help                   Print help and exit"
+    echo ""
+    echo "Command line arguments not listed above are passed thru to msbuild."
+}
+
+source="${BASH_SOURCE[0]}"
+
+# resolve $source until the file is no longer a symlink
+while [[ -h "$source" ]]; do
+  scriptroot="$( cd -P "$( dirname "$source" )" && pwd )"
+  source="$(readlink "$source")"
+  # if $source was a relative symlink, we need to resolve it relative to the path where the
+  # symlink file was located
+  [[ $source != /* ]] && source="$scriptroot/$source"
+done
+scriptroot="$( cd -P "$( dirname "$source" )" && pwd )"
+
+Build() {
+    local target=$1
+    local log_suffix=""
+    [[ "$target" != "Execute" ]] && log_suffix=".$target"
+    local log="$log_dir/$task$log_suffix.binlog"
+    local output_path="$toolset_dir/$task/"
+
+    MSBuild "$taskProject" \
+        /bl:"$log" \
+        /t:"$target" \
+        /p:Configuration="$configuration" \
+        /p:RepoRoot="$repo_root" \
+        /p:BaseIntermediateOutputPath="$output_path" \
+        /v:"$verbosity" \
+        $properties
+}
+
+configuration="Debug"
+verbosity="minimal"
+restore=false
+help=false
+properties=''
+
+while (($# > 0)); do
+  lowerI="$(echo $1 | tr "[:upper:]" "[:lower:]")"
+  case $lowerI in
+    --task)
+      task=$2
+      shift 2
+      ;;
+    --restore)
+      restore=true
+      shift 1
+      ;;
+    --verbosity)
+      verbosity=$2
+      shift 2
+      ;;
+    --help)
+      help=true
+      shift 1
+      ;;
+    *)
+      properties="$properties $1"
+      shift 1
+      ;;
+  esac
+done
+
+ci=true
+binaryLog=true
+warnAsError=true
+
+if $help; then
+  show_usage
+  exit 0
+fi
+
+. "$scriptroot/tools.sh"
+InitializeToolset
+
+if [[ -z "$task" ]]; then
+    Write-PipelineTelemetryError -Category 'Task' -Name 'MissingTask' -Message "Missing required parameter '-task <value>'"
+    ExitWithExitCode 1
+fi
+
+taskProject=$(GetSdkTaskProject "$task")
+if [[ ! -e "$taskProject" ]]; then
+    Write-PipelineTelemetryError -Category 'Task' -Name 'UnknownTask' -Message "Unknown task: $task"
+    ExitWithExitCode 1
+fi
+
+if $restore; then
+    Build "Restore"
+fi
+
+Build "Execute"
+
+
+ExitWithExitCode 0

eng/common/tools.sh

@@ -528,6 +528,12 @@ function GetDarc {
     "$eng_root/common/darc-init.sh" --toolpath "$darc_path" $version
 }
 
+# Returns a full path to an Arcade SDK task project file.
+function GetSdkTaskProject {
+  taskName=$1
+  echo "$(dirname $_InitializeToolset)/SdkTasks/$taskName.proj"
+}
+
 ResolvePath "${BASH_SOURCE[0]}"
 _script_dir=`dirname "$_ResolvePath"`
 

src/Microsoft.DotNet.Arcade.Sdk/tools/SdkTasks/SigningValidation.proj

@@ -21,10 +21,11 @@
   <PropertyGroup>
     <TargetFramework>$(NetToolCurrent)</TargetFramework>
     <NETCORE_ENGINEERING_TELEMETRY>Build</NETCORE_ENGINEERING_TELEMETRY>
-    <SignCheckTaskAssembly>$(NuGetPackageRoot)Microsoft.DotNet.SignCheck\$(MicrosoftDotNetSignCheckVersion)\tools\Microsoft.DotNet.SignCheck.exe</SignCheckTaskAssembly>
   </PropertyGroup>
 
-  <UsingTask TaskName="SignCheck.SignCheckTask" AssemblyFile="$(SignCheckTaskAssembly)" />
+  <ItemGroup>
+    <PackageReference Include="Microsoft.DotNet.SignCheckTask" Version="$(MicrosoftDotNetSignCheckTaskVersion)" />
+  </ItemGroup>
 
   <Target Name="Execute">
     <PropertyGroup>
@@ -35,14 +36,12 @@
       <InputFiles Condition="'$(BuildManifestFile)' != ''">@(ItemsToSign)</InputFiles>
     </PropertyGroup>
 
-    <Error Condition="'$(MSBuildRuntimeType)' == 'Core'" Text="Signing validation task does not run on core." />
-
     <Message Text="Using build manifest file '$(BuildManifestFile)'" Condition="Exists('$(BuildManifestFile)')" />
       <!--
         Documentation for these arguments is available here:
         https://github.com/dotnet/arcade/tree/master/src/SignCheck
       -->
-    <SignCheckTask 
+    <Microsoft.DotNet.SignCheckTask.SignCheckTask 
       Recursive="true"
       FileStatus="UnsignedFiles"
       InputFiles="$(InputFiles)"
@@ -62,8 +61,4 @@
       Condition="Exists($(SignCheckErrorLog)) and '$([System.IO.File]::ReadAllText($(SignCheckErrorLog)))' != ''" />
   </Target>
 
-  <ItemGroup>
-    <PackageReference Include="Microsoft.DotNet.SignCheck" Version="$(MicrosoftDotNetSignCheckVersion)" />
-  </ItemGroup>
-
 </Project>

src/Microsoft.DotNet.Arcade.Sdk/tools/SdkTasks/Versions.props

@@ -7,7 +7,7 @@
     <MicrosoftDotNetMaestroTasksVersion>$(MicrosoftDotNetMaestroTasksVersion)</MicrosoftDotNetMaestroTasksVersion>
     <MicrosoftDotNetBuildTasksVisualStudioVersion>$(ArcadeSdkVersion)</MicrosoftDotNetBuildTasksVisualStudioVersion>
     <MicrosoftDotNetBuildTasksFeedVersion Condition="'$(MicrosoftDotNetBuildTasksFeedVersion)' == ''">$(ArcadeSdkVersion)</MicrosoftDotNetBuildTasksFeedVersion>
-    <MicrosoftDotNetSignCheckVersion Condition="'$(MicrosoftDotNetSignCheckVersion)' == ''">$(ArcadeSdkVersion)</MicrosoftDotNetSignCheckVersion>
+    <MicrosoftDotNetSignCheckTaskVersion Condition="'$(MicrosoftDotNetSignCheckTaskVersion)' == ''">$(ArcadeSdkVersion)</MicrosoftDotNetSignCheckTaskVersion>
     <MicrosoftSymbolUploaderBuildTaskVersion>$(MicrosoftSymbolUploaderBuildTaskVersion)</MicrosoftSymbolUploaderBuildTaskVersion>
   </PropertyGroup>
 

src/SignCheck/Microsoft.SignCheck/Microsoft.DotNet.SignCheckLibrary.csproj

@@ -3,22 +3,23 @@
   <Import Project="ResxWorkaround.props" />
 
   <PropertyGroup>
-    <TargetFramework>$(NetFrameworkMinimum)</TargetFramework>
-    <Platforms>x86</Platforms>
+    <TargetFrameworks>$(NetToolCurrent);$(NetFrameworkMinimum)</TargetFrameworks>
     <SignAssembly>false</SignAssembly>
     <RootNamespace>Microsoft.SignCheck</RootNamespace>
     <!-- This assembly is bundled in the Microsoft.DotNet.SignCheck package and is not mean to be used as a class library package. -->
     <IsPackable>false</IsPackable>
     <IsTool>true</IsTool>
+    <ExcludeFromSourceOnlyBuild>true</ExcludeFromSourceOnlyBuild>
   </PropertyGroup>
 
   <ItemGroup>
     <PackageReference Include="LZMA-SDK" />
-    <PackageReference Include="Microsoft.VisualStudio.OLE.Interop" />
+    <PackageReference Include="Microsoft.VisualStudio.OLE.Interop" Condition="$(TargetFramework) != $(NetToolCurrent)"/>
     <PackageReference Include="NuGet.Frameworks" />
     <PackageReference Include="NuGet.Packaging" />
     <PackageReference Include="System.IO.Packaging" />
     <PackageReference Include="Microsoft.Signed.Wix" />
+    <PackageReference Include="System.Security.Cryptography.Xml" />
   </ItemGroup>
 
   <ItemGroup>
@@ -35,6 +36,27 @@
              CopyToOutputDirectory="PreserveNewest" />
   </ItemGroup>
 
+  <ItemGroup Condition="'$(TargetFramework)' == '$(NetToolCurrent)'">
+    <!-- Interop -->
+    <Compile Remove="Interop\**" />
+    <EmbeddedResource Remove="Interop\**" />
+
+    <!-- Unsupported file types -->
+    <Compile Remove="Verification\AuthentiCode.cs" />
+    <Compile Remove="Verification\AuthentiCodeVerifier.cs" />
+    <Compile Remove="Verification\CabVerifier.cs" />
+    <Compile Remove="Verification\ExeVerifier.cs" />
+    <Compile Remove="Verification\JarVerifier.cs" />
+    <Compile Remove="Verification\MsiVerifier.cs" />
+    <Compile Remove="Verification\MspVerifier.cs" />
+    <Compile Remove="Verification\MsuVerifier.cs" />
+    <Compile Remove="Verification\PortableExecutableVerifier.cs" />
+    <Compile Remove="Verification\StrongName.cs" />
+    <Compile Remove="Verification\VsixVerifier.cs" />
+    <Compile Remove="Verification\Jar\JarFile.cs" />
+    <Compile Remove="Verification\Jar\JarSignatureFile.cs" />
+  </ItemGroup>
+
   <ItemGroup>
     <Compile Update="SignCheckResources.Designer.cs"
              DesignTime="True"

src/SignCheck/Microsoft.SignCheck/Utils.cs

@@ -19,7 +19,7 @@ public class Utils
         public static string GetHash(string value, string hashName)
         {
             byte[] bytes = Encoding.UTF8.GetBytes(value);
-            HashAlgorithm ha = HashAlgorithm.Create(hashName);
+            HashAlgorithm ha = CreateHashAlgorithm(hashName);
             byte[] hash = ha.ComputeHash(bytes);
 
             var sb = new StringBuilder();
@@ -31,6 +31,25 @@ public static string GetHash(string value, string hashName)
             return sb.ToString();
         }
 
+        public static HashAlgorithm CreateHashAlgorithm(string hashName)
+        {
+            switch (hashName.ToUpperInvariant())
+            {
+                case "SHA256":
+                    return SHA256.Create();
+                case "SHA1":
+                    return SHA1.Create();
+                case "MD5":
+                    return MD5.Create();
+                case "SHA384":
+                    return SHA384.Create();
+                case "SHA512":
+                    return SHA512.Create();
+                default:
+                    throw new ArgumentException("Unsupported hash algorithm name", nameof(hashName));
+            }
+        }
+
         /// <summary>
         /// Converts a string containing wildcards (*, ?) into a regular expression pattern string.
         /// </summary>

src/SignCheck/Microsoft.SignCheck/Verification/AuthentiCode.cs

@@ -200,6 +200,6 @@ public static IEnumerable<Timestamp> GetTimestamps(string path)
 
             return timestamps;
         }
-        
+
     }
 }

src/SignCheck/Microsoft.SignCheck/Verification/Jar/JarManifestFile.cs

@@ -48,7 +48,7 @@ private bool Verify(JarIndividualEntry entry, ZipArchiveEntry archiveEntry)
         {
             using (Stream stream = archiveEntry.Open())
             {
-                HashAlgorithm ha = HashAlgorithm.Create(entry.HashAlgorithmName);
+                HashAlgorithm ha = Utils.CreateHashAlgorithm(entry.HashAlgorithmName);
                 byte[] computedHash = ha.ComputeHash(stream);
                 string hashDigest = Convert.ToBase64String(computedHash);
 
@@ -65,7 +65,7 @@ private bool Verify(JarIndividualEntry entry, ZipArchiveEntry archiveEntry)
 
         private string GetHashDigest(string input, string algorithmName)
         {
-            using (HashAlgorithm hashAlgorithm = HashAlgorithm.Create(algorithmName))
+            using (HashAlgorithm hashAlgorithm = Utils.CreateHashAlgorithm(algorithmName))
             {
                 byte[] hashValue = hashAlgorithm.ComputeHash(new UTF8Encoding().GetBytes(input.ToCharArray()));
                 return Convert.ToBase64String(hashValue);

src/SignCheck/Microsoft.SignCheck/Verification/Jar/JarManifestFileBase.cs

@@ -130,7 +130,7 @@ public JarManifestFileBase(string archivePath, string manifestPath)
         /// <returns>A base64 encoded string of the manifest hash.</returns>
         public string GetManifestDigest(string algorithmName)
         {
-            using (HashAlgorithm hashAlgorithm = HashAlgorithm.Create(algorithmName))
+            using (HashAlgorithm hashAlgorithm = Utils.CreateHashAlgorithm(algorithmName))
             {
                 byte[] hashValue = hashAlgorithm.ComputeHash(new UTF8Encoding().GetBytes(ManifestText.ToCharArray()));
                 return Convert.ToBase64String(hashValue);