github/msft-calculator
1
0
Fork 0
mirror of https://github.com/Microsoft/calculator.git synced 2025-08-21 05:43:10 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Improved signing script: Added error handling, comments, and path resolution enhancements

Browse source
This commit is contained in:
Nsenzia 2024-10-31 17:48:46 +02:00
commit 90a14fe97d
1 changed files with 20 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

28
build/scripts/SignTestApp.ps1
View file

@ -1,33 +1,45 @@
#requires -RunAsAdministrator
param(
[Parameter(Position = 0, Mandatory = $true)][string]$AppToSign,
[string]$SignTool = "C:\Program Files (x86)\Windows Kits\10\bin\10.*\x64\signtool.exe"
)
# Resolve paths
$AppToSign = (Resolve-Path -Path $AppToSign)[-1]
Write-Host "AppToSign: $AppToSign"
Write-Host "App to Sign: $AppToSign"
$SignTool = (Resolve-Path -Path $SignTool)[-1]
Write-Host "SignTool: $SignTool"
if ((Test-Path -Path $SignTool -PathType Leaf) -ne $true) {
Write-Error "signtool is not found with the given argument: $SignTool" -ErrorAction Stop
# Check if signtool exists
if (-not (Test-Path -Path $SignTool -PathType Leaf)) {
Write-Error "signtool not found at: $SignTool" -ErrorAction Stop
}
# Create OID for code signing
$codeSignOid = New-Object -TypeName "System.Security.Cryptography.Oid" -ArgumentList @("1.3.6.1.5.5.7.3.3")
$oidColl = New-Object -TypeName "System.Security.Cryptography.OidCollection"
$oidColl.Add($codeSignOid) > $null
# Define certificate request parameters
$publisher = "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
$certReq = New-Object -TypeName "System.Security.Cryptography.X509Certificates.CertificateRequest" `
-ArgumentList @($publisher, ([System.Security.Cryptography.ECDsa]::Create()), "SHA256")
$certReq.CertificateExtensions.Add((New-Object -TypeName "System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension" `
-ArgumentList @($oidColl, $false)))
$certReq = New-Object -TypeName "System.Security.Cryptography.X509Certificates.CertificateRequest" -ArgumentList @($publisher, ([System.Security.Cryptography.ECDsa]::Create()), "SHA256")
$certReq.CertificateExtensions.Add((New-Object -TypeName "System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension" -ArgumentList @($oidColl, $false)))
# Create self-signed certificate
$now = Get-Date
$cert = $certReq.CreateSelfSigned($now, $now.AddHours(1))
$pfxFile = "$($env:TEMP)\$(New-Guid).pfx"
# Export the certificate to a PFX file
$pfxFile = Join-Path -Path $env:TEMP -ChildPath "$(New-Guid).pfx"
[System.IO.File]::WriteAllBytes($pfxFile, $cert.Export("Pfx"))
Write-Host "Exported PFX: $pfxFile"
# Sign the application with signtool
& $SignTool sign /fd SHA256 /a /f $pfxFile $AppToSign
Write-Host "Certificate Thumbprint: $($cert.Thumbprint.ToLower())"
# Import the certificate to Trusted People store
Import-PfxCertificate -CertStoreLocation 'Cert:\LocalMachine\TrustedPeople' -FilePath $pfxFile > $null
Write-Host "Certificate imported to Trusted People store."