diff --git a/.gitignore b/.gitignore index 2169c55..24a9dee 100644 --- a/.gitignore +++ b/.gitignore @@ -3,6 +3,7 @@ _temp/ gulp-tsc-tmp-* .gulp-tsc-tmp-* *.vsix +*.pfx node_modules typings diff --git a/.vscode/launch.json b/.vscode/launch.json index 03db3f6..c70a84f 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -19,6 +19,9 @@ "INPUT_FILEALGO": "sha256", "INPUT_FILEPATH": "c:\\temp\\*.dll", "INPUT_RETRYCOUNT": "5", + "INPUT_CERTIFICATELOCATION": "computerStore", + "INPUT_PFXPATH": "c:\\temp\\code.pfx", + //"INPUT_PFXPASSWORD": "passwordhere", "PROCESSOR_ARCHITECTURE": "x64" } } diff --git a/Tasks/authenticode-sign/entry.ts b/Tasks/authenticode-sign/entry.ts index 3e931b5..4bf5b7a 100644 --- a/Tasks/authenticode-sign/entry.ts +++ b/Tasks/authenticode-sign/entry.ts @@ -3,15 +3,17 @@ import * as tr from "vsts-task-lib/ToolRunner"; async function run() { let signToolLocation: string = getSignToolLocation(); - let timestampServer: string = tl.getInput("timestampServer", true); - let timestampAlgo: string = tl.getInput("timestampAlgo", true); - let fileAlgo: string = tl.getInput("fileAlgo", true); - let filePath: string = tl.getInput("filePath", true); let retryCount: number = Number(tl.getInput("retryCount", true)); let signtool: tr.ToolRunner = new tr.ToolRunner(signToolLocation); - signtool.arg([ "sign", "/tr", timestampServer, "/td", timestampAlgo, "/fd", fileAlgo, "/a", filePath ]); + let signtoolArguments: string[] = ["sign"]; + + pushTimestampArgs(signtoolArguments); + pushCertArgs(signtoolArguments); + pushFileArgs(signtoolArguments); + + signtool.arg(signtoolArguments); let i: number = 0; @@ -31,8 +33,55 @@ async function run() { } } } +} +function pushTimestampArgs(args: string[]) { + let timestampServer: string = tl.getInput("timestampServer", true); + let timestampAlgo: string = tl.getInput("timestampAlgo", true); + + args.push("/tr", timestampServer, "/td", timestampAlgo); } + +function pushCertArgs(args: string[]) { + let certificateLocation: string = tl.getInput("certificateLocation", true); + if (certificateLocation == "computerStore") { + return; // Nothing to do. + } + + if (certificateLocation == "userStore") { + args.push("/sm"); + } + + if (certificateLocation != "pfxFile") { + tl.setResult(tl.TaskResult.Failed, `Unknown cert location: ${certificateLocation}`); + } + + let pfxLocation: string = tl.getPathInput("pfxPath", true); + if (pfxLocation == null || pfxLocation == '') { + let error: string = "Pfx Location not set."; + tl.setResult(tl.TaskResult.Failed, error); + throw error; + } + + tl.checkPath(pfxLocation, "pfxfile"); + + let pfxPassword: string = tl.getInput("pfxPassword"); + if (pfxPassword == null || pfxPassword == '') { + let error: string = "Pfx Password not set."; + tl.setResult(tl.TaskResult.Failed, error); + throw error; + } + + args.push("/f", pfxLocation, "/p", pfxPassword); +} + +function pushFileArgs(args: string[]) { + let fileAlgo: string = tl.getInput("fileAlgo", true); + let filePath: string = tl.getInput("filePath", true); + + args.push("/fd", fileAlgo, "/a", filePath); +} + function getSignToolLocation(): string { let toolLocation: string = tl.getInput("toolLocation", false); if (toolLocation != null && toolLocation != "") { diff --git a/Tasks/authenticode-sign/task.json b/Tasks/authenticode-sign/task.json index 2fc01dc..4c2867a 100644 --- a/Tasks/authenticode-sign/task.json +++ b/Tasks/authenticode-sign/task.json @@ -96,7 +96,7 @@ }, { "name": "pfxFile", - "type": "string", + "type": "filePath", "label": "Pfx File", "defaultValue": "", "required": true,