Default publisher name may result in a failed ClickOnce installation

[MH-ZShearer]

Describe the bug

 
When signing a ClickOnce package without --publisher-name, the publisher information from the certificate may be too long. No messages are logged by sign indicating something may be amiss. mage verified the manifest, but when attempting to install in Windows Sandbox, the following exception is reported:

ERROR SUMMARY
	Below is a summary of the errors, details of these errors are listed later in the log.
	* Activation of C:\Users\WDAGUtilityAccount\Desktop\HCS.application resulted in exception. Following failure messages were detected:
		+ The specified path, file name, or both are too long. The fully qualified file name must be less than 260 characters, and the directory name must be less than 248 characters.

There were no relevant details later in the log.

Repro steps

https://github.com/MH-ZShearer/SignedClickOnce is a barebones .NET 6 WinForms application that has a simple ClickOnce publish profile configured.

Our certificate's Subject, which got used as the Publisher somehow, looks like this:

[email protected], CN=Morehouse Instrument Company, O=Morehouse Instrument Company, L=York, S=Pennsylvania, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Pennsylvania, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=238776, OID.2.5.4.15=Private Organization

ClickOnce Releases

• Unsigned
• Signed, Unspecified Publisher
  • sign code azure-key-vault ".\SignedClickOnce\bin\publish\SignedClickOnce.application" -kvu <VaultURI> -kvc <VaultCert>
• Signed, Specified Publisher
  • sign code azure-key-vault ".\SignedClickOnce\bin\publish\SignedClickOnce.application" -kvu <VaultURI> -kvc <VaultCert> -pn "Morehouse Instrument Company"

Expected behavior

A warning, or even an informational log, message stating that a Publisher longer than maybe 50 characters may cause issues due to ClickOnce limitations. According to the below message, this may also be relevant for the product name as well.

Actual behavior

No notice that something could have been wrong, even with trace logging.

Additional context

The following exception came from the above Repro steps using our certificate. This is what ultimately led me to uncover the issue. I'm still unsure why I received different errors, or why this shows that the deployment manifest is not semantically valid.

ERROR SUMMARY
	Below is a summary of the errors, details of these errors are listed later in the log.
	* Activation of C:\Users\WDAGUtilityAccount\Desktop\SignedClickOnce.application resulted in exception. Following failure messages were detected:
		+ Exception reading manifest from file:///C:/Users/WDAGUtilityAccount/Desktop/SignedClickOnce.application: the manifest may not be valid or the file could not be opened.
		+ Deployment manifest is not semantically valid.
		+ Publisher and/or Product name in the deployment manifest must be less than 260 characters.