Authenticode https fix issue PowerShell#12827 (PowerShell#16134)

Ryan Hutchison · TravisEz13 · web-flow · commit f2204a08b863 · 2022-08-01T09:57:03.000-07:00
* Added https:// as valid prefix for TSA url

* fixed typo

* Format matching

* Added proper logic

* Appended https to error message

* Update src/System.Management.Automation/security/Authenticode.cs

I agree.

Co-authored-by: Travis Plunk &lt;travis.plunk@microsoft.com&gt;

Co-authored-by: Travis Plunk &lt;travis.plunk@microsoft.com&gt;
diff --git a/src/Microsoft.PowerShell.Security/resources/SignatureCommands.resx b/src/Microsoft.PowerShell.Security/resources/SignatureCommands.resx
@@ -121,7 +121,7 @@
     <value>Cannot sign code. The specified certificate is not suitable for code signing.</value>
   </data>
   <data name="TimeStampUrlRequired" xml:space="preserve">
-    <value>Cannot sign code.  The TimeStamp server URL must be fully qualified in the form of http://&lt;server url&gt;</value>
+    <value>Cannot sign code.  The TimeStamp server URL must be fully qualified in the form of http://&lt;server url&gt; or https://&lt;server url&gt;.</value>
   </data>
   <data name="CannotRetrieveFromContainer" xml:space="preserve">
     <value>The Get-AuthenticodeSignature cmdlet does not support directories. Supply a path to a file and retry.</value>
diff --git a/src/System.Management.Automation/resources/Authenticode.resx b/src/System.Management.Automation/resources/Authenticode.resx
@@ -142,7 +142,7 @@
     <value>Cannot sign code. The specified certificate is not suitable for code signing.</value>
   </data>
   <data name="TimeStampUrlRequired" xml:space="preserve">
-    <value>Cannot sign code. The TimeStamp server URL must be fully qualified, and in the format http://&lt;server url&gt;.</value>
+    <value>Cannot sign code. The TimeStamp server URL must be fully qualified, and in the format http://&lt;server url&gt; or https://&lt;server url&gt;.</value>
   </data>
   <data name="InvalidHashAlgorithm" xml:space="preserve">
     <value>Cannot sign code. The hash algorithm is not supported.</value>
diff --git a/src/System.Management.Automation/security/Authenticode.cs b/src/System.Management.Automation/security/Authenticode.cs
@@ -109,11 +109,12 @@ internal static Signature SignFile(SigningOption option,
             Utils.CheckArgForNullOrEmpty(fileName, "fileName");
             Utils.CheckArgForNull(certificate, "certificate");
 
-            // If given, TimeStamp server URLs must begin with http://
+            // If given, TimeStamp server URLs must begin with http:// or https://
             if (!string.IsNullOrEmpty(timeStampServerUrl))
             {
-                if ((timeStampServerUrl.Length <= 7) ||
-                    (timeStampServerUrl.IndexOf("http://", StringComparison.OrdinalIgnoreCase) != 0))
+                if ((timeStampServerUrl.Length <= 7) || (
+                    (timeStampServerUrl.IndexOf("http://", StringComparison.OrdinalIgnoreCase) != 0) && 
+                    (timeStampServerUrl.IndexOf("https://", StringComparison.OrdinalIgnoreCase) != 0)))
                 {
                     throw PSTraceSource.NewArgumentException(
                         nameof(certificate),
