1 [CmdletBinding()]
2 param (
3 [Parameter()]
4 [String]
5 $Path
6 )
7
8
FindSignToolnull9 function FindSignTool {
10 $SignTool = "signtool.exe"
11 if (Get-Command $SignTool -ErrorAction SilentlyContinue) {
12 return $SignTool
13 }
14 $SignTool = "${env:ProgramFiles(x86)}\Windows Kits\10\bin\x64\signtool.exe"
15 if (Test-Path -Path $SignTool -PathType Leaf) {
16 return $SignTool
17 }
18 $SignTool = "${env:ProgramFiles(x86)}\Windows Kits\10\bin\x86\signtool.exe"
19 if (Test-Path -Path $SignTool -PathType Leaf) {
20 return $SignTool
21 }
22 $sdkVers = "10.0.22000.0", "10.0.20348.0", "10.0.19041.0", "10.0.17763.0"
23 Foreach ($ver in $sdkVers)
24 {
25 $SignTool = "${env:ProgramFiles(x86)}\Windows Kits\10\bin\${ver}\x64\signtool.exe"
26 if (Test-Path -Path $SignTool -PathType Leaf) {
27 return $SignTool
28 }
29 }
30 "signtool.exe not found"
31 Exit 1
32 }
33
SignEsptoolnull34 function SignEsptool {
35 param(
36 [Parameter()]
37 [String]
38 $Path
39 )
40
41 $SignTool = FindSignTool
42 "Using: $SignTool"
43 $CertificateFile = [system.io.path]::GetTempPath() + "certificate.pfx"
44
45 if ($null -eq $env:CERTIFICATE) {
46 "CERTIFICATE variable not set, unable to sign the file"
47 Exit 1
48 }
49
50 if ("" -eq $env:CERTIFICATE) {
51 "CERTIFICATE variable is empty, unable to sign the file"
52 Exit 1
53 }
54
55 $SignParameters = @("sign", "/tr", 'http://timestamp.digicert.com', "/td", "SHA256", "/f", $CertificateFile, "/fd", "SHA256")
56 if ($env:CERTIFICATE_PASSWORD) {
57 "CERTIFICATE_PASSWORD detected, using the password"
58 $SignParameters += "/p"
59 $SignParameters += $env:CERTIFICATE_PASSWORD
60 }
61 $SignParameters += $Path
62
63 [byte[]]$CertificateBytes = [convert]::FromBase64String($env:CERTIFICATE)
64 [IO.File]::WriteAllBytes($CertificateFile, $CertificateBytes)
65
66 &$SignTool $SignParameters
67
68 if (0 -eq $LASTEXITCODE) {
69 Remove-Item $CertificateFile
70 } else {
71 Remove-Item $CertificateFile
72 "Signing failed"
73 Exit 1
74 }
75
76 }
77
78 SignEsptool ${Path}
79
