removed dead code that had been removed in NETFX (#11742)

And some minor clean-up changes:

* added readonly to a field
* added parameter names to function parameters

Author: Tanya-Solyanik

src/Tasks/ManifestUtil/SecurityUtil.cs

@@ -502,7 +502,7 @@ public static PermissionSet XmlToPermissionSet(XmlElement element)
         [SupportedOSPlatform("windows")]
         public static void SignFile(string certThumbprint, Uri timestampUrl, string path)
         {
-            SignFile(certThumbprint, timestampUrl, path, null, null);
+            SignFile(certThumbprint, timestampUrl, path, targetFrameworkVersion: null, targetFrameworkIdentifier: null);
         }
 
         /// <summary>
@@ -518,7 +518,7 @@ public static void SignFile(string certThumbprint,
                                     string path,
                                     string targetFrameworkVersion)
         {
-            SignFile(certThumbprint, timestampUrl, path, targetFrameworkVersion, null);
+            SignFile(certThumbprint, timestampUrl, path, targetFrameworkVersion, targetFrameworkIdentifier: null);
         }
 
         /// <summary>
@@ -536,7 +536,7 @@ public static void SignFile(string certThumbprint,
                                     string targetFrameworkVersion,
                                     string targetFrameworkIdentifier)
         {
-            SignFile(certThumbprint, timestampUrl, path, targetFrameworkVersion, targetFrameworkIdentifier, false);
+            SignFile(certThumbprint, timestampUrl, path, targetFrameworkVersion, targetFrameworkIdentifier, disallowMansignTimestampFallback: false);
         }
 
         /// <summary>
@@ -637,7 +637,7 @@ public static void SignFile(X509Certificate2 cert, Uri timestampUrl, string path
         {
             // setup resources
             System.Resources.ResourceManager resources = new System.Resources.ResourceManager("Microsoft.Build.Tasks.Core.Strings.ManifestUtilities", typeof(SecurityUtilities).Module.Assembly);
-            SignFileInternal(cert, timestampUrl, path, true, resources);
+            SignFileInternal(cert, timestampUrl, path, targetFrameworkSupportsSha256: true, resources);
         }
 
         [SupportedOSPlatform("windows")]
@@ -701,6 +701,7 @@ private static void SignFileInternal(X509Certificate2 cert,
                         {
                             doc.Load(xr);
                         }
+
                         var manifest = new SignedCmiManifest2(doc, useSha256);
                         CmiManifestSigner2 signer;
                         if (useSha256 && rsa is RSACryptoServiceProvider rsacsp)

src/Tasks/ManifestUtil/mansign2.cs

@@ -550,126 +550,68 @@ private static void ReplacePublicKeyToken(XmlDocument manifestDom, AsymmetricAlg
             }
         }
 
+        [SuppressMessage("Security", "CA5350:Do Not Use Weak Cryptographic Algorithms", Justification = "SHA1 is retained for compatibility reasons as an option in VisualStudio signing page and consequently in the trust manager, default is SHA2.")]
         private static byte[] ComputeHashFromManifest(XmlDocument manifestDom, bool useSha256)
         {
-#if (true) // BUGBUG: Remove before RTM when old format support is no longer needed.
-            return ComputeHashFromManifest(manifestDom, false, useSha256);
-        }
+            // Since the DOM given to us is not guaranteed to be normalized,
+            // we need to normalize it ourselves. Also, we always preserve
+            // white space as Fusion XML engine always preserve white space.
+            XmlDocument normalizedDom = new XmlDocument();
+            normalizedDom.PreserveWhitespace = true;
+
+            // Normalize the document
+            using (TextReader stringReader = new StringReader(manifestDom.OuterXml))
+            {
+                XmlReaderSettings settings = new XmlReaderSettings();
+                settings.DtdProcessing = DtdProcessing.Parse;
+                using (XmlReader reader = XmlReader.Create(stringReader, settings, manifestDom.BaseURI))
+                {
+                    normalizedDom.Load(reader);
+                }
+            }
 
-        [System.Diagnostics.CodeAnalysis.SuppressMessage("Security", "CA5350:Do Not Use Weak Cryptographic Algorithms", Justification = "SHA1 is retained for compatibility reasons as an option in VisualStudio signing page and consequently in the trust manager, default is SHA2.")]
-        private static byte[] ComputeHashFromManifest(XmlDocument manifestDom, bool oldFormat, bool useSha256)
-        {
-            if (oldFormat)
-            {
-                XmlDsigExcC14NTransform exc = new XmlDsigExcC14NTransform();
-                exc.LoadInput(manifestDom);
+            XmlDsigExcC14NTransform exc = new XmlDsigExcC14NTransform();
+            exc.LoadInput(normalizedDom);
 
-                if (useSha256)
-                {
+            if (useSha256)
+            {
 #pragma warning disable SA1111, SA1009 // Closing parenthesis should be on line of last parameter
-                    using (SHA256 sha2 = SHA256.Create(
+                using (SHA256 sha2 = SHA256.Create(
 #if FEATURE_CRYPTOGRAPHIC_FACTORY_ALGORITHM_NAMES
-                        "System.Security.Cryptography.SHA256CryptoServiceProvider"
+                    "System.Security.Cryptography.SHA256CryptoServiceProvider"
 #endif
-                ))
+                    ))
 #pragma warning restore SA1111, SA1009 // Closing parenthesis should be on line of last parameter
-                    {
-                        byte[] hash = sha2.ComputeHash(exc.GetOutput() as MemoryStream);
-                        if (hash == null)
-                        {
-                            throw new CryptographicException(Win32.TRUST_E_BAD_DIGEST);
-                        }
-
-                        return hash;
-                    }
-                }
-                else
                 {
-#pragma warning disable SA1111, SA1009 // Closing parenthesis should be on line of last parameter
-                    // codeql[cs/weak-crypto] SHA1 is retained for compatibility reasons as an option in VisualStudio signing page and consequently in the trust manager, default is SHA2. https://devdiv.visualstudio.com/DevDiv/_workitems/edit/139025
-                    using (SHA1 sha1 = SHA1.Create(
-#if FEATURE_CRYPTOGRAPHIC_FACTORY_ALGORITHM_NAMES
-                        "System.Security.Cryptography.SHA1CryptoServiceProvider"
-#endif
-                        ))
-#pragma warning restore SA1111, SA1009 // Closing parenthesis should be on line of last parameter
+                    byte[] hash = sha2.ComputeHash(exc.GetOutput() as MemoryStream);
+                    if (hash == null)
                     {
-                        byte[] hash = sha1.ComputeHash(exc.GetOutput() as MemoryStream);
-                        if (hash == null)
-                        {
-                            throw new CryptographicException(Win32.TRUST_E_BAD_DIGEST);
-                        }
-
-                        return hash;
+                        throw new CryptographicException(Win32.TRUST_E_BAD_DIGEST);
                     }
+
+                    return hash;
                 }
             }
             else
             {
-#endif
-                // Since the DOM given to us is not guaranteed to be normalized,
-                // we need to normalize it ourselves. Also, we always preserve
-                // white space as Fusion XML engine always preserve white space.
-                XmlDocument normalizedDom = new XmlDocument();
-                normalizedDom.PreserveWhitespace = true;
-
-                // Normalize the document
-                using (TextReader stringReader = new StringReader(manifestDom.OuterXml))
-                {
-                    XmlReaderSettings settings = new XmlReaderSettings();
-                    settings.DtdProcessing = DtdProcessing.Parse;
-                    using (XmlReader reader = XmlReader.Create(stringReader, settings, manifestDom.BaseURI))
-                    {
-                        normalizedDom.Load(reader);
-                    }
-                }
-
-                XmlDsigExcC14NTransform exc = new XmlDsigExcC14NTransform();
-                exc.LoadInput(normalizedDom);
-
-                if (useSha256)
-                {
 #pragma warning disable SA1111, SA1009 // Closing parenthesis should be on line of last parameter
-                    using (SHA256 sha2 = SHA256.Create(
+                // codeql[cs/weak-crypto] SHA1 is retained for compatibility reasons as an option in VisualStudio signing page and consequently in the trust manager, default is SHA2. https://devdiv.visualstudio.com/DevDiv/_workitems/edit/139025
+                using (SHA1 sha1 = SHA1.Create(
 #if FEATURE_CRYPTOGRAPHIC_FACTORY_ALGORITHM_NAMES
-                        "System.Security.Cryptography.SHA256CryptoServiceProvider"
+                    "System.Security.Cryptography.SHA1CryptoServiceProvider"
 #endif
-                        ))
+                     ))
 #pragma warning restore SA1111, SA1009 // Closing parenthesis should be on line of last parameter
-                    {
-                        byte[] hash = sha2.ComputeHash(exc.GetOutput() as MemoryStream);
-                        if (hash == null)
-                        {
-                            throw new CryptographicException(Win32.TRUST_E_BAD_DIGEST);
-                        }
-
-                        return hash;
-                    }
-                }
-                else
                 {
-#pragma warning disable SA1111, SA1009 // Closing parenthesis should be on line of last parameter
-                    // codeql[cs/weak-crypto] SHA1 is retained for compatibility reasons as an option in VisualStudio signing page and consequently in the trust manager, default is SHA2. https://devdiv.visualstudio.com/DevDiv/_workitems/edit/139025
-                    using (SHA1 sha1 = SHA1.Create(
-#if FEATURE_CRYPTOGRAPHIC_FACTORY_ALGORITHM_NAMES
-                        "System.Security.Cryptography.SHA1CryptoServiceProvider"
-#endif
-                         ))
-#pragma warning restore SA1111, SA1009 // Closing parenthesis should be on line of last parameter
+                    byte[] hash = sha1.ComputeHash(exc.GetOutput() as MemoryStream);
+                    if (hash == null)
                     {
-                        byte[] hash = sha1.ComputeHash(exc.GetOutput() as MemoryStream);
-                        if (hash == null)
-                        {
-                            throw new CryptographicException(Win32.TRUST_E_BAD_DIGEST);
-                        }
-
-                        return hash;
+                        throw new CryptographicException(Win32.TRUST_E_BAD_DIGEST);
                     }
-                }
 
-#if (true) // BUGBUG: Remove before RTM when old format support is no longer needed.
+                    return hash;
+                }
             }
-#endif
         }
 
         private const string AssemblyNamespaceUri = "urn:schemas-microsoft-com:asm.v1";
@@ -739,8 +681,8 @@ private static void AuthenticodeSignLicenseDom(XmlDocument licenseDom, CmiManife
             signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
             if (signer.UseSha256)
             {
-                signedXml.SignedInfo.SignatureMethod = Sha256SignatureMethodUri;
-            }
+                    signedXml.SignedInfo.SignatureMethod = Sha256SignatureMethodUri;
+                }
             else
             {
                 signedXml.SignedInfo.SignatureMethod = Sha1SignatureMethodUri;
@@ -1108,12 +1050,12 @@ internal class CmiManifestSigner2
         private X509Certificate2Collection _certificates;
         private X509IncludeOption _includeOption;
         private CmiManifestSignerFlag _signerFlag;
-        private bool _useSha256;
+        private readonly bool _useSha256;
 
         private CmiManifestSigner2() { }
 
         internal CmiManifestSigner2(AsymmetricAlgorithm strongNameKey) :
-            this(strongNameKey, null, false)
+            this(strongNameKey, certificate: null, useSha256: false)
         { }
 
         internal CmiManifestSigner2(AsymmetricAlgorithm strongNameKey, X509Certificate2 certificate, bool useSha256)
@@ -1311,7 +1253,7 @@ internal CmiAuthenticodeSignerInfo(int errorCode)
         }
 
         internal CmiAuthenticodeSignerInfo(Win32.AXL_SIGNER_INFO signerInfo,
-                                            Win32.AXL_TIMESTAMPER_INFO timestamperInfo)
+                                           Win32.AXL_TIMESTAMPER_INFO timestamperInfo)
         {
             _error = (int)signerInfo.dwError;
             if (signerInfo.pChainContext != IntPtr.Zero)