-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.js
More file actions
110 lines (96 loc) · 4.06 KB
/
index.js
File metadata and controls
110 lines (96 loc) · 4.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
//
// From @ossign/azuresigntool
// This module provides a Node.js interface to the AzureSignTool, allowing you to sign files using Azure Key Vault.
//
const fs = require('fs');
const { exec, execSync } = require('child_process');
const downloadSigntool = function({ url, dest }) {
if (fs.existsSync(dest)) {
console.log(`signtool already exists at ${dest}`);
return;
}
try {
execSync(
`curl -L ${url} -o ${dest}`, {
stdio: 'inherit'
});
console.log(`Downloaded signtool from ${url} to ${dest}`);
} catch (error) {
console.log("curl is not installed, trying wget...");
try {
execSync(
`wget ${url} -O ${dest}`,
{
stdio: 'inherit'
}
);
console.log(`Downloaded signtool from ${url} to ${dest}`);
} catch (error) {
console.log("wget is not installed, trying Invoke-WebRequest...");
try {
execSync(`powershell.exe -ExecutionPolicy Bypass -Command "Invoke-WebRequest -Uri ${url} -OutFile ${dest}"`, {
stdio: 'inherit'
});
console.log(`Downloaded signtool from ${url} to ${dest}`);
} catch (error) {
console.error("Failed to download signtool.");
process.exit(1);
}
}
}
}
exports.azuresigntool = async function({ path, args = {}, azureSigntoolPath = '' }) {
const AST_CERT = process.env.AST_CERT || args.cert;
const AST_IDENT = process.env.AST_IDENT || args.ident;
const AST_SECRET = process.env.AST_SECRET || args.secret;
const AST_TD = process.env.AST_TD || args.td;
const AST_TENANT = process.env.AST_TENANT || args.tenant;
const AST_TIMESTAMP = process.env.AST_TIMESTAMP || args.timestamp;
const AST_VAULT = process.env.AST_VAULT || args.vault;
if (!AST_CERT || !AST_IDENT || !AST_SECRET || !AST_TENANT || !AST_VAULT) {
throw new Error('Missing required Azure Key Vault parameters: AST_CERT, AST_IDENT, AST_SECRET, AST_TENANT, AST_VAULT');
}
if (azureSigntoolPath == '') {
azureSigntoolPath = 'AzureSignTool.exe';
}
if (!fs.existsSync(azureSigntoolPath)) {
downloadSigntool({
url: 'https://github.com/vcsjones/AzureSignTool/releases/download/v6.0.1/AzureSignTool-x64.exe',
dest: azureSigntoolPath
});
}
await exec(
`${azureSigntoolPath} sign -kvu "${AST_VAULT}" -kvc "${AST_CERT}" -kvi "${AST_IDENT}" -kvs "${AST_SECRET}" --azure-key-vault-tenant-id "${AST_TENANT}" -tr "${AST_TIMESTAMP}" -td ${AST_TD} "${path}"`,
{
stdio: 'inherit'
}
);
}
exports.azuresigntoolSync = function({ path, args = {}, azureSigntoolPath = '' }) {
const { execSync } = require('child_process');
const AST_CERT = process.env.AST_CERT || args.cert;
const AST_IDENT = process.env.AST_IDENT || args.ident;
const AST_SECRET = process.env.AST_SECRET || args.secret;
const AST_TD = process.env.AST_TD || args.td;
const AST_TENANT = process.env.AST_TENANT || args.tenant;
const AST_TIMESTAMP = process.env.AST_TIMESTAMP || args.timestamp;
const AST_VAULT = process.env.AST_VAULT || args.vault;
if (!AST_CERT || !AST_IDENT || !AST_SECRET || !AST_TENANT || !AST_VAULT) {
throw new Error('Missing required Azure Key Vault parameters: AST_CERT, AST_IDENT, AST_SECRET, AST_TENANT, AST_VAULT');
}
if (azureSigntoolPath == '') {
azureSigntoolPath = 'AzureSignTool.exe';
}
if (!fs.existsSync(azureSigntoolPath)) {
downloadSigntool({
url: 'https://github.com/vcsjones/AzureSignTool/releases/download/v6.0.1/AzureSignTool-x64.exe',
dest: azureSigntoolPath
});
}
execSync(
`${azureSigntoolPath} sign -kvu "${AST_VAULT}" -kvc "${AST_CERT}" -kvi "${AST_IDENT}" -kvs "${AST_SECRET}" --azure-key-vault-tenant-id "${AST_TENANT}" -tr "${AST_TIMESTAMP}" -td ${AST_TD} "${path}"`,
{
stdio: 'inherit'
}
);
}