SignTool/SignTool.psm1
|
using namespace System using namespace System.Collections.Generic function Format-SignToolArgumentList { param ( [Parameter(Mandatory)] [List[string]]$FileList, [Parameter(Mandatory)] [string]$FileDigest, [Parameter()] [AllowEmptyString()] [string]$TimestampRfc3161, [Parameter()] [AllowEmptyString()] [string]$TimestampDigest, [Parameter(Mandatory)] [string]$DlibFilePath, [Parameter(Mandatory)] [string]$MetadataFilePath, [Parameter()] [switch]$AppendSignature = $false, [Parameter()] [AllowEmptyString()] [string]$Description, [Parameter()] [AllowEmptyString()] [string]$DescriptionUrl, [Parameter()] [AllowEmptyString()] [string]$GenerateDigestPath, [Parameter()] [switch]$GenerateDigestXml = $false, [Parameter()] [AllowEmptyString()] [string]$IngestDigestPath, [Parameter()] [switch]$SignDigest = $false, [Parameter()] [switch]$GeneratePageHashes = $false, [Parameter()] [switch]$SuppressPageHashes = $false, [Parameter()] [switch]$GeneratePkcs7 = $false, [Parameter()] [AllowEmptyString()] [string]$Pkcs7Options, [Parameter()] [AllowEmptyString()] [string]$Pkcs7Oid, [Parameter()] [AllowEmptyString()] [string]$EnhancedKeyUsage ) $result = [List[string]]::new() $result.Add("sign") $result.Add("/v") $result.Add("/debug") $result.Add("/fd") $result.Add($FileDigest) if ($TimestampRfc3161) { $result.Add("/tr") $result.Add($TimestampRfc3161) } if ($TimestampDigest) { $result.Add("/td") $result.Add($TimestampDigest) } $result.Add("/dlib") $result.Add("`"$DlibFilePath`"") $result.Add("/dmdf") $result.Add("`"$MetadataFilePath`"") if ($AppendSignature) { $result.Add("/as") } if ($Description) { $result.Add("/d") $result.Add("`"$Description`"") } if ($DescriptionUrl) { $result.Add("/du") $result.Add("`"$DescriptionUrl`"") } if ($GenerateDigestPath) { $result.Add("/dg") $result.Add("`"$GenerateDigestPath`"") } if ($GenerateDigestXml) { $result.Add("/dxml") } if ($IngestDigestPath) { $result.Add("/di") $result.Add("`"$IngestDigestPath`"") } if ($SignDigest) { $result.Add("/ds") } if ($GeneratePageHashes) { $result.Add("/ph") } if ($SuppressPageHashes) { $result.Add("/nph") } if ($GeneratePkcs7) { $result.Add("/p7") } if ($Pkcs7Options) { $result.Add("/p7ce") $result.Add("`"$Pkcs7Options`"") } if ($Pkcs7Oid) { $result.Add("/p7co") $result.Add("`"$Pkcs7Oid`"") } if ($EnhancedKeyUsage) { $result.Add("/u") $result.Add("`"$EnhancedKeyUsage`"") } $result.AddRange($FileList) return $result } function Invoke-SignTool { param ( [Parameter(Mandatory)] [string]$SignToolFolderPath, [Parameter(Mandatory)] [List[string]]$SignToolArguments, [Parameter(Mandatory)] [int]$Timeout ) $signToolPath = Join-Path -Path $SignToolFolderPath -ChildPath "signtool.exe" Write-Information -MessageData "`tExecuting signtool.exe: $signToolPath $SignToolArguments" -InformationAction Continue $startProcessParams = @{ FilePath = $signToolPath ArgumentList = $SignToolArguments NoNewWindow = $true PassThru = $true } $process = Start-Process @startProcessParams try { Wait-Process -InputObject $process -Timeout $Timeout } catch [TimeoutException] { $timeoutError = "The Trusted Signing service could not finish the request within the" $timeoutError += " allotted time of $Timeout seconds. This may happen if you are signing" $timeoutError += " a large number of files. You can try to increase the value of the" $timeoutError += " 'Timeout' parameter which is 300 seconds by default." throw $timeoutError } return $process.ExitCode } |