From 2a3fd2c84355d5d6ec043722eb28d246a9441d60 Mon Sep 17 00:00:00 2001 From: Medeni Baykal <433724+Haplois@users.noreply.github.com> Date: Thu, 19 Nov 2020 15:35:54 +0100 Subject: [PATCH] Added additional certificates. (#2643) --- scripts/verify-sign.ps1 | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/scripts/verify-sign.ps1 b/scripts/verify-sign.ps1 index 6a3673da07..65dd978d31 100644 --- a/scripts/verify-sign.ps1 +++ b/scripts/verify-sign.ps1 @@ -45,6 +45,9 @@ function Verify-Assemblies if ($signature.SignerCertificate.Subject -eq "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US") { Write-Log "Valid: $($_.FullName)" } + elseif ($signature.SignerCertificate.Subject -eq "CN=Microsoft 3rd Party Application Component, O=Microsoft Corporation, L=Redmond, S=Washington, C=US") { + Write-Log "Valid (3rd Party): $($_.FullName)" + } else { # For legacy components, sign certificate is always "prod" signature. Skip such binaries. if ($signature.SignerCertificate.Thumbprint -eq "98ED99A67886D020C564923B7DF25E9AC019DF26") { @@ -74,6 +77,10 @@ function Verify-Assemblies elseif ($signature.SignerCertificate.Thumbprint -eq "709133ECC53CBF386F4A5ECB782AEEF499F0F8CA") { Write-Log "Valid (Prod Signed): $($_.FullName)." } + # Microsoft 3rd Party Application Component + elseif ($signature.SignerCertificate.Thumbprint -eq "912357a68d29b8fe17168ef8c44d6830d1d42801") { + Write-Log "Valid (Prod Signed): $($_.FullName)." + } else { Write-FailLog "Incorrect certificate. File: $($_.FullName). Certificate: $($signature.SignerCertificate.Thumbprint)." } @@ -107,8 +114,9 @@ function Verify-NugetPackages $artifactsDirectory = Join-Path $env:TP_OUT_DIR $TPB_Configuration $packagesDirectory = Join-Path $artifactsDirectory "packages" + Get-ChildItem -Filter *.nupkg $packagesDirectory | % { - & $nugetInstallPath verify -signature -CertificateFingerprint 3F9001EA83C560D712C24CF213C3D312CB3BFF51EE89435D3430BD06B5D0EECE $_.FullName + & $nugetInstallPath verify -signature -CertificateFingerprint "3F9001EA83C560D712C24CF213C3D312CB3BFF51EE89435D3430BD06B5D0EECE;AA12DA22A49BCE7D5C1AE64CC1F3D892F150DA76140F210ABD2CBFFCA2C18A27;" $_.FullName } Write-Log "Verify-NugetPackages: Complete"