feat: Add certificate parameter

PeculiarVentures · May 27, 2024 · ec0df53 · ec0df53
1 parent 92adc76
commit ec0df53
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 6 deletions.
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
@@ -15,5 +15,6 @@ jobs:
         with:
           organization: ${{ secrets.ORGANIZATION }}
           token: ${{ secrets.TOKEN }}
+          certificate: "224b501264c1454d4627268297670451aed3b0d9"
           file: "wmi.dll"
 
diff --git a/action.yml b/action.yml
@@ -10,6 +10,9 @@ inputs:
   token:
     description: "The GoodKey API token."
     required: true
+  certificate:
+    description: "SHA-1 thumbprint of the certificate to use for signing."
+    required: true
   file:
     description: "The file to sign."
     required: true

diff --git a/src/index.ts b/src/index.ts
@@ -4,13 +4,20 @@ import { SYSTEM_ROOT, installGoodKey, registerUser, sign } from './utils';
 
 const TOKEN = 'token';
 const ORGANIZATION = 'organization';
+const CERTIFICATE = 'certificate';
+const FILE = 'file';
 
 async function run() {
   core.setSecret(core.getInput(TOKEN));
   try {
+    const token = core.getInput(TOKEN);
+    const organization = core.getInput(ORGANIZATION);
+    const certificate = core.getInput(CERTIFICATE);
+    const file = core.getInput(FILE);
+
     await installGoodKey(__dirname, path.join(SYSTEM_ROOT, 'System32'));
-    await registerUser(core.getInput(TOKEN), core.getInput(ORGANIZATION));
-    await sign(core.getInput('file'));
+    await registerUser(token, organization);
+    await sign(certificate, file);
   }
   catch (error) {
     if (error instanceof Error) {

diff --git a/src/utils.ts b/src/utils.ts
@@ -76,12 +76,11 @@ export async function registerUser(token: string, organizationId: string) {
   }
 }
 
-export async function sign(file: string) {
+export async function sign(certificate: string, file: string) {
   try {
     const signtool = await getSignToolPath();
-    // signtool.exe sign /v /fd sha256 /a "file"
-    const command = `"${signtool}" sign /v /fd sha256 /a "${file}"`;
-    console.log(command);
+    // signtool.exe sign /v /fd sha256 /a "file" /sha1 "hex(sha1(cert))"
+    const command = `"${signtool}" sign /v /fd sha256 /a "${file} /sha1 ${certificate}"`;
     const { stdout, stderr } = await execAsync(command);
     console.log(stdout);
     console.log(stderr);