forked from Dana-Prajea/code-sign-action
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.ts
141 lines (129 loc) · 4.61 KB
/
index.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
import * as core from '@actions/core';
import { promises as fs } from 'fs';
import path from 'path';
import util from 'util';
import { exec } from 'child_process';
import { env } from 'process';
const asyncExec = util.promisify(exec);
const certificateFileName = env['TEMP'] + '\\certificate.pfx';
const signtool = 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.17763.0/x86/signtool.exe';
const signtoolFileExtensions = [
'.dll', '.exe', '.sys', '.vxd',
'.msix', '.msixbundle', '.appx',
'.appxbundle', '.msi', '.msp',
'.msm', '.cab', '.ps1', '.psm1'
];
function sleep(seconds: number) {
if (seconds > 0)
console.log(`Waiting for ${seconds} seconds.`);
return new Promise(resolve => setTimeout(resolve, seconds * 1000));
}
async function createCertificatePfx() {
const base64Certificate = core.getInput('certificate');
const certificate = Buffer.from(base64Certificate, 'base64');
if (certificate.length == 0) {
console.log('The value for "certificate" is not set.');
return false;
}
console.log(`Writing ${certificate.length} bytes to ${certificateFileName}.`);
await fs.writeFile(certificateFileName, certificate);
return true;
}
async function addCertificateToStore(){
try {
const password : string= core.getInput('password');
if (password == ''){
console.log("Password is required to add pfx certificate to store");
return false;
}
var command = `certutil -f -p ${password} -importpfx ${certificateFileName}`
console.log("Adding cert to store command: " + command);
const { stdout } = await asyncExec(command);
console.log(stdout);
return true;
} catch(err) {
console.log(err.stdout);
console.log(err.stderr);
return false;
}
}
async function signWithSigntool(fileName: string) {
try {
// var command = `"${signtool}" sign /sm /t ${timestampUrl} /sha1 "1d7ec06212fdeae92f8d3010ea422ecff2619f5d" /n "DanaWoo" ${fileName}`
var vitalParameterIncluded = false;
var timestampUrl : string = core.getInput('timestampUrl');
if (timestampUrl === '') {
timestampUrl = 'http://timestamp.verisign.com/scripts/timstamp.dll'; // 'http://timestamp.digicert.com';//
}
var command = `"${signtool}" sign /sm /t ${timestampUrl}`
const sha1 : string= core.getInput('certificatesha1');
if (sha1 != ''){
command = command + ` /sha1 "${sha1}"`
vitalParameterIncluded = true;
}
const name : string= core.getInput('certificatename');
if (name != ''){
vitalParameterIncluded = true;
command = command + ` /n "${name}"`
}
if (!vitalParameterIncluded){
console.log("You need to include a NAME or a SHA1 Hash for the certificate to sign with.")
}
command = command + ` ${fileName}`;
console.log("Signing command: " + command);
const { stdout } = await asyncExec(command);
console.log(stdout);
return true;
} catch(err) {
console.log(err.stdout);
console.log(err.stderr);
return false;
}
}
async function trySignFile(fileName: string) {
console.log(`Signing ${fileName}.`);
const extension = path.extname(fileName);
for (let i=0; i< 10; i++) {
await sleep(i);
if (signtoolFileExtensions.includes(extension)) {
if (await signWithSigntool(fileName))
return;
}
}
throw `Failed to sign '${fileName}'.`;
}
async function* getFiles(folder: string, recursive: boolean): any {
const files = await fs.readdir(folder);
for (const file of files) {
const fullPath = `${folder}/${file}`;
const stat = await fs.stat(fullPath);
if (stat.isFile()) {
const extension = path.extname(file);
if (signtoolFileExtensions.includes(extension) || extension == '.nupkg')
yield fullPath;
}
else if (stat.isDirectory() && recursive) {
yield* getFiles(fullPath, recursive);
}
}
}
async function signFiles() {
const folder = core.getInput('folder', { required: true });
const recursive = core.getInput('recursive') == 'true';
for await (const file of getFiles(folder, recursive)) {
await trySignFile(file);
}
}
async function run() {
try {
if (await createCertificatePfx())
{
if (await addCertificateToStore())
await signFiles();
}
}
catch (err) {
core.setFailed(`Action failed with error: ${err}`);
}
}
run();