Protect added certificates

Author: Aeliux

src/EasySign/Bundle.cs

@@ -53,7 +53,7 @@ public class Bundle
         /// The entries with these names are only resolved with <see cref="ReadSource.Bundle"/>.
         /// This feature is only designed to prevent accidental modification of important files.
         /// </remarks>
-        protected List<string> ProtectedEntryNames { get; private set; } =
+        protected HashSet<string> ProtectedEntryNames { get; private set; } =
         [
             ".manifest.ec",
             ".signatures.ec",
@@ -330,7 +330,7 @@ protected virtual void Parse(ZipArchive zip)
                 Logger.LogDebug("Parsing manifest");
                 Manifest = JsonSerializer.Deserialize(entry.Open(), typeof(Manifest), SourceGenerationManifestContext.Default) as Manifest ?? new Manifest();
 
-                List<string> protectedEntries = ProtectedEntryNames.Union(Manifest.ProtectedEntryNames).ToList();
+                HashSet<string> protectedEntries = ProtectedEntryNames.Union(Manifest.ProtectedEntryNames).ToHashSet();
                 ProtectedEntryNames = protectedEntries;
                 Manifest.ProtectedEntryNames = protectedEntries;
             }
@@ -447,6 +447,9 @@ public void Sign(X509Certificate2 certificate, RSA privateKey)
             byte[] certData = certificate.Export(X509ContentType.Cert);
             string name = certificate.GetCertHashString();
 
+            Logger.LogDebug("Adding entry name: {name} to protected entry names", name);
+            ProtectedEntryNames.Add(name);
+
             Logger.LogDebug("Signing manifest");
             byte[] manifestData = GetManifestData();
             byte[] signature = privateKey.SignData(manifestData, HashAlgorithmName.SHA512, RSASignaturePadding.Pkcs1);
@@ -785,6 +788,7 @@ private void ProcessPendingFiles(ZipArchive zip)
         protected virtual byte[] GetManifestData()
         {
             Manifest.UpdatedBy = GetType().FullName;
+            Manifest.ProtectedEntryNames = ProtectedEntryNames.Union(Manifest.ProtectedEntryNames).ToHashSet();
 
             return Export(Manifest, SourceGenerationManifestContext.Default);
         }

src/EasySign/Manifest.cs

@@ -36,7 +36,7 @@ public SortedDictionary<string, byte[]> Entries
         /// <summary>
         /// Gets or sets the list of entry names that should be protected by the bundle from accidental modifications.
         /// </summary>
-        public List<string> ProtectedEntryNames { get; set; } = [];
+        public HashSet<string> ProtectedEntryNames { get; set; } = [];
 
         /// <summary>
         /// Gets the entries as a thread-safe concurrent dictionary.