ci: check cert

Author: Kuingsmile

.github/workflows/build-test.yml

@@ -228,110 +228,55 @@ jobs:
         shell: pwsh
         run: |
           $ErrorActionPreference = "Continue"
-          Start-Sleep -Seconds 60
-
+          Start-Sleep -Seconds 30
           $tp = "${{ secrets.CERTUM_CERTIFICATE_SHA1 }}".Replace(" ", "").ToUpper()
           Write-Host "=== WHOAMI / SESSION ==="
           whoami
           qwinsta
           Write-Host "Thumbprint to find: $tp"
 
-          Write-Host "`n=== SimplySign processes (if any) ==="
-          Get-Process | Where-Object { $_.ProcessName -match "simply|certum|sign|scard|smart" } | Select-Object ProcessName,Id,StartTime | Format-Table -Auto
-
-          Write-Host "`n=== Services (smart card / cryptsvc) ==="
-          Get-Service CryptSvc, SCardSvr -ErrorAction SilentlyContinue | Format-Table -Auto
-          # 可选：看看有没有 SimplySign/Certum 相关服务
-          Get-Service | Where-Object { $_.Name -match "simply|certum" -or $_.DisplayName -match "Simply|Certum" } | Format-Table -Auto
-
-          Write-Host "`n=== CSP/KSP list (certutil -csplist) ==="
-          certutil -csplist | Out-Host
-
-          Write-Host "`n=== Try dump CSP details (filter by keywords) ==="
-          $cspList = (certutil -csplist) 2>$null
-          $candidates = @()
-          foreach ($line in $cspList) {
-            if ($line -match "Certum|Simply|Asseco|Unizeto|KSP|CSP") { $candidates += $line.Trim() }
+          Write-Host "`n=== SimplySign processes ==="
+          Get-Process -ErrorAction SilentlyContinue |
+              Where-Object { $_.ProcessName -match "SimplySign|Certum" } |
+              Select-Object ProcessName,Id,StartTime | Format-Table -Auto
+
+          Write-Host "`n=== Services (safe) ==="
+          Get-Service -Name CryptSvc,SCardSvr -ErrorAction SilentlyContinue | Format-Table -Auto
+          cmd /c "sc query type= service state= all | findstr /I simply certum asseco unizeto" | Out-Host
+          $logDir = "$env:RUNNER_TEMP\certum-diagnose"
+          New-Item -ItemType Directory -Force -Path $logDir | Out-Null
+          Write-Host "`n=== certutil -csplist (timeout 45s, write to file) ==="
+          $p = Start-Process -FilePath "cmd.exe" -ArgumentList "/c certutil -csplist > `"$logDir\csplist.txt`" 2>&1" -PassThru
+          if (-not $p.WaitForExit(45000)) {
+            Write-Host "certutil -csplist timed out, killing..."
+            $p.Kill()
           }
-          if ($candidates.Count -gt 0) {
-            $candidates | ForEach-Object {
-              Write-Host "`n--- certutil -csp `"$_`" ---"
-              certutil -csp "$_" | Out-Host
-            }
+          if (Test-Path "$logDir\csplist.txt") {
+            Write-Host "=== csplist keyword lines ==="
+            Get-Content "$logDir\csplist.txt" | Select-String -Pattern "Certum|Simply|Asseco|Unizeto|KSP|CSP" |
+              ForEach-Object { $_.Line } | Out-Host
           } else {
-            Write-Host "No obvious Certum/SimplySign provider strings found in csplist output."
-          }
-
-          Write-Host "`n=== Key containers (certutil -key) ==="
-          certutil -key | Out-Host
-
-          function List-Stores($root) {
-            Write-Host "`n=== Enumerating stores under $root ==="
-            $stores = Get-ChildItem "Cert:\$root" -ErrorAction SilentlyContinue | Select-Object -ExpandProperty PSChildName
-            foreach ($s in $stores) {
-              Write-Host "`n-- Store: Cert:\$root\$s --"
-              try {
-                $items = Get-ChildItem "Cert:\$root\$s" -ErrorAction Stop
-                if ($items.Count -eq 0) {
-                  Write-Host "(empty)"
-                } else {
-                  $items | Select-Object Subject, Thumbprint, NotAfter, HasPrivateKey | Format-Table -Auto
-                }
-              } catch {
-                Write-Host "Failed to read Cert:\$root\$s : $($_.Exception.Message)"
-              }
-            }
-          }
-
-          function Find-Thumbprint($root, $tp) {
-            Write-Host "`n=== Searching thumbprint in $root (recursive) ==="
-            try {
-              $hit = Get-ChildItem "Cert:\$root" -Recurse -ErrorAction Stop | Where-Object { $_.Thumbprint -eq $tp }
-              if ($hit) {
-                $hit | ForEach-Object {
-                  Write-Host "FOUND: $($_.PSParentPath)"
-                  $_ | Format-List Subject, Thumbprint, NotAfter, HasPrivateKey, EnhancedKeyUsageList
-                }
-                return $true
-              } else {
-                Write-Host "NOT FOUND anywhere under Cert:\$root"
-                return $false
-              }
-            } catch {
-              Write-Host "Recursive search failed under Cert:\$root : $($_.Exception.Message)"
-              return $false
-            }
+            Write-Host "csplist.txt not found"
           }
-
-          # 1) 全列出所有 store（CurrentUser & LocalMachine）
-          List-Stores "CurrentUser"
-          List-Stores "LocalMachine"
-
-          # 2) 全局按 thumbprint 搜索
-          $foundCU = $false
-          $foundLM = $false
-          if ($tp) {
-            $foundCU = Find-Thumbprint "CurrentUser" $tp
-            $foundLM = Find-Thumbprint "LocalMachine" $tp
-          } else {
-            Write-Host "No thumbprint provided."
-          }
-
-          # 3) 同时输出 certutil 的 store 列表（有时比 PSProvider 更直观）
-          Write-Host "`n=== certutil -user -store My ==="
+          Write-Host "`n=== certutil -key (write to file) ==="
+          cmd /c "certutil -key > `"$logDir\key.txt`" 2>&1"
+          Write-Host "=== key keyword lines ==="
+          Get-Content "$logDir\key.txt" -ErrorAction SilentlyContinue |
+            Select-String -Pattern "Certum|Simply|Asseco|Unizeto|\{[0-9A-F-]+\}" |
+            ForEach-Object { $_.Line } | Out-Host
+          Write-Host "`n=== LIST CurrentUser\\My ==="
           certutil -user -store My | Out-Host
-          Write-Host "`n=== certutil -store My ==="
+          Write-Host "`n=== LIST LocalMachine\\My ==="
           certutil -store My | Out-Host
+          Write-Host "`n=== Search thumbprint in ALL stores (CurrentUser) ==="
+          Get-ChildItem Cert:\CurrentUser -Recurse -ErrorAction SilentlyContinue |
+            Where-Object { $_.Thumbprint -eq $tp } |
+            ForEach-Object { "FOUND in: $($_.PSParentPath) Subject=$($_.Subject)" } | Out-Host
+          Write-Host "`n=== Search thumbprint in ALL stores (LocalMachine) ==="
+          Get-ChildItem Cert:\LocalMachine -Recurse -ErrorAction SilentlyContinue |
+            Where-Object { $_.Thumbprint -eq $tp } |
+            ForEach-Object { "FOUND in: $($_.PSParentPath) Subject=$($_.Subject)" } | Out-Host
 
-          Write-Host "`n=== Summary ==="
-          if ($tp -and ($foundCU -or $foundLM)) {
-            Write-Host "✅ Cert object FOUND in Windows cert stores."
-            Write-Host "Next: ensure Tauri/signtool uses the correct store (CurrentUser vs LocalMachine)."
-          } else {
-            Write-Host "❌ Cert object NOT found in any Windows cert store."
-            Write-Host "Next: rely on CSP/KSP signing (signCommand) OR import public .cer into CurrentUser\\My."
-            Write-Host "Also verify SimplySign login is in same user session (runneradmin) and not a service/SYSTEM context."
-          }
 
       - name: Build the app
         if: matrix.platform == 'windows' || matrix.platform == 'linux'