Restore old signing to get out hotfix release

[chkr1011]

This PR restores the old signing code so that a hotfix can be released. Upload to nuget is not working.

[CZEMacLeod]

@chkr1011 looking at these two build processes, I think you need to keep the certificate.snk bit and the SignAssembly and AssemblyOriginatorKeyFile properties - these are for strong nameing and affect the naming of the assembly.
The sign tool applies digital signatures that prove the DLL was built by the owner of the certificate, and has not been modified (and the same of the nuget package by signing the nuget (zip) file).
My public nuget packages have (require) both types of 'signature'.

[chkr1011]

The problem I has was that I need to import the certificate into nuget somehow. Otherwise, I cannot publish the packet. Myget accepts them (see: https://www.myget.org/feed/mqttnet/package/nuget/MQTTnet/5.0.0.1145). But I only got some keys, IDs etc. from the .NET Foundation and no actual certificate file. So, I have to figure out how to export it and import it into nuget.

Regarding the strong name if found this:

For .NET Core and .NET 5+, strong-named assemblies do not provide material benefits. The runtime never validates the strong-name signature, nor does it use the strong-name for assembly binding.

But since the project also covers older frameworks, I will restore the SignAssembly stuff (or keep it as soon as the certificate is imported to nuget).

[rido-min]

So, I have to figure out how to export it and import it into nuget.

this article might be useful https://learn.microsoft.com/en-us/nuget/create-packages/sign-a-package#register-the-certificate-on-nugetorg

[chkr1011]

@rido-min The thing is that I need an actual certificate file. I only got some tenant ID, subscription ID and so on (see CI script). Now I have to upload the certificate to nuget but don't have a certificate file. I found some articles on how to download a certificate from key vault via API only but was not able to execute it properly (yet).

[rido-min]

the certificate is already in the signed packages (without the private key)

So I downloaded the signed packages from: https://github.com/dotnet/MQTTnet/actions/runs/9148210346/artifacts/1517149691

And then extract the certificate with NuGetPackageExplorer (iirc there is an option in a cli)

X.509v3 TLS Certificate (RSA 4096) [Serial: 2793...4564]
  Subject:     MQTTNET (.NET Foundation)
  Issuer:      .NET Foundation Projects Code Signing CA2
  Valid from:  2024-05-15T00:00:00Z
          to:  2027-05-14T23:59:59Z

pasted below for reference.

-----BEGIN CERTIFICATE-----
MIIHpDCCBYygAwIBAgIQAhoXLJfHLAljF9zyG2bgpDANBgkqhkiG9w0BAQsFADBb
MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPLk5FVCBGb3VuZGF0aW9uMTIwMAYDVQQD
EykuTkVUIEZvdW5kYXRpb24gUHJvamVjdHMgQ29kZSBTaWduaW5nIENBMjAeFw0y
NDA1MTUwMDAwMDBaFw0yNzA1MTQyMzU5NTlaMIHjMRMwEQYLKwYBBAGCNzwCAQMT
AlVTMRswGQYLKwYBBAGCNzwCAQITCldhc2hpbmd0b24xHTAbBgNVBA8MFFByaXZh
dGUgT3JnYW5pemF0aW9uMRQwEgYDVQQFEws2MDMgMzg5IDA2ODELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxIjAgBgNV
BAoTGU1RVFRORVQgKC5ORVQgRm91bmRhdGlvbikxIjAgBgNVBAMTGU1RVFRORVQg
KC5ORVQgRm91bmRhdGlvbikwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQC16lbICWdmvblBSL7SQgxVZI6cIZmEfxBy13iXgwolc4BPNdNKPK5++QqP0e3C
OPyLc/7Zay2w/6A+24iNU1ewnbOyD8gOutnJ71jcCyGpOeQl94J9ZTwUJJTpt/51
5seTmqB+moowCnK1/z6dnYeT6lfCKMYc6vnciBxfdephdmcsqFfVMUojH7D9peZZ
wX7CV63+YvQ+FVlMWISLLDr+0lTovt/NCpWHl9XWRtJYe3LRD7AId5qf6j97Kwzy
qZmMnzoKN74TxfnQVo2yf9+U1Aufvyj5YeP3GRGtaPHJ0G/zBufR3AQg+8GHgCgr
i5p1pDoUCuZH8IuP5ai96SsEjbTvMD+F2A90dawe4d85uPV9tfOxnS1QCHTlBcpp
6tKJ5yvRkc14lhVXlvS5++8JvJjkI2Vg3WPC+JY6QJBvoxUsos3GptUAjIo5J1D6
5FVhjobZvj4cLVDSsT5wc12Jh7TtwCHZrl+M4qdZYNPZ/JEbgRVXZ8oQ9dO+QNyj
clHiHEQmfdpc+/Io2sEp87NVkrLaOEV+lR9tcu+cocL4tmuVonZIWiVoBefOgpCw
YJQBlRXCKBG1Bevj9bUstnKlA0OXVZXdt3WhBHx6L0d+ZBp+XicUKbCz4F83uYIP
KXQf7dB5GO/M1mbuACxkfNgU6DT7g8dmZHfOjyA5zhMgTwIDAQABo4IB2TCCAdUw
HwYDVR0jBBgwFoAUKA5MiRyZl/GB8I8I3lcSS7y4eM8wHQYDVR0OBBYEFDJEGQjN
AIEbKRKLn8RjOPstZfetMD0GA1UdIAQ2MDQwMgYFZ4EMAQMwKTAnBggrBgEFBQcC
ARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDAzCBmwYDVR0fBIGTMIGQMEagRKBChkBodHRwOi8v
Y3JsMy5kaWdpY2VydC5jb20vTkVURm91bmRhdGlvblByb2plY3RzQ29kZVNpZ25p
bmdDQTIuY3JsMEagRKBChkBodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vTkVURm91
bmRhdGlvblByb2plY3RzQ29kZVNpZ25pbmdDQTIuY3JsMIGFBggrBgEFBQcBAQR5
MHcwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEF
BQcwAoZDaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL05FVEZvdW5kYXRpb25Q
cm9qZWN0c0NvZGVTaWduaW5nQ0EyLmNydDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEB
CwUAA4ICAQBPmiyhi+R3uKkcllaU46o9CxDOGP8JgGyY0RrmpMExgbe1Fq+Xy4jP
5HzRRXjD5TqaT2UiPuu2l4DeMq0xIQYmbdyCCaaghgG8KpWnSpaCTQpDhtZB6cLv
Lw4zYrzRkmLiooKkwaZKJosNe6M/SWNP/+M7nvHRsJWXKOCHIGBQaG+Ov5C122Vu
Da/uDlbWq3kvMlFSSJbFBzn/XEfwh1KN/7faQEz/EJ9jNJMrIumP3+bGsaBa+NKf
sHoOkMUwOw8tjqc7Lpur4AsKinSISnz0xnQvOaHNXO2k/pOY199/gRq1Kd+gUNXI
dWQQWPAlu+JKrji22prbUnX+YVCWNMcioHdqb55HO36SUl1T1k0DFX0Bm+dqtQVq
WLNtkTO2zz1W+rp99wYaq0nwue6jUOrz3+uFew2gMWWN0X/B6Ap9x94AQ8mWD5af
+dtoqWQDyAjtCJmlVd7Kk+YZSQ7sv0vItJka925/M5NgKNqdDPT6yzCNnp9fS75J
n4ZQWzJ0uCAyO1B/839oSetoZf+RKHRc0JG68FGfGKzcO0VYK6qsVAtrxEqJJsNT
CoOj7trXQc1KZaenaU+UGOO4jrRYRf/eTzrJAaFnM1UvNTKcbqjSri0JxFFaIBX7
dl8sf6CaVne3/TNjzf2C0hhGW6RyFUuhjFefjTlLzwiy5eRH5wWoWw==
-----END CERTIFICATE-----

You can paste the base64 string into a new text file, rename as cer,pem or crt, and use it to register the certificate in NuGet.

[chkr1011]

@rido-min I had to convert the format of the cert from PEM to CRT but now it works (can be uploaded). Thank you very much, your supported saved me a lot of time 👍