From ec0df53bfddc1273c478226c02d6b2cd9bf15012 Mon Sep 17 00:00:00 2001
From: microshine <microshine@mail.ru>
Date: Mon, 27 May 2024 23:23:29 +0200
Subject: [PATCH] feat: Add `certificate` parameter

---
 .github/workflows/master.yml |  1 +
 action.yml                   |  3 +++
 src/index.ts                 | 11 +++++++++--
 src/utils.ts                 |  7 +++----
 4 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 0c93076..03252e4 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -15,5 +15,6 @@ jobs:
         with:
           organization: ${{ secrets.ORGANIZATION }}
           token: ${{ secrets.TOKEN }}
+          certificate: "224b501264c1454d4627268297670451aed3b0d9"
           file: "wmi.dll"
           
diff --git a/action.yml b/action.yml
index 4dfae78..490c2cd 100644
--- a/action.yml
+++ b/action.yml
@@ -10,6 +10,9 @@ inputs:
   token:
     description: "The GoodKey API token."
     required: true
+  certificate:
+    description: "SHA-1 thumbprint of the certificate to use for signing."
+    required: true
   file:
     description: "The file to sign."
     required: true
diff --git a/src/index.ts b/src/index.ts
index 7e7a103..0ff04d9 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -4,13 +4,20 @@ import { SYSTEM_ROOT, installGoodKey, registerUser, sign } from './utils';
 
 const TOKEN = 'token';
 const ORGANIZATION = 'organization';
+const CERTIFICATE = 'certificate';
+const FILE = 'file';
 
 async function run() {
   core.setSecret(core.getInput(TOKEN));
   try {
+    const token = core.getInput(TOKEN);
+    const organization = core.getInput(ORGANIZATION);
+    const certificate = core.getInput(CERTIFICATE);
+    const file = core.getInput(FILE);
+
     await installGoodKey(__dirname, path.join(SYSTEM_ROOT, 'System32'));
-    await registerUser(core.getInput(TOKEN), core.getInput(ORGANIZATION));
-    await sign(core.getInput('file'));
+    await registerUser(token, organization);
+    await sign(certificate, file);
   }
   catch (error) {
     if (error instanceof Error) {
diff --git a/src/utils.ts b/src/utils.ts
index 07f36d4..3b819dc 100644
--- a/src/utils.ts
+++ b/src/utils.ts
@@ -76,12 +76,11 @@ export async function registerUser(token: string, organizationId: string) {
   }
 }
 
-export async function sign(file: string) {
+export async function sign(certificate: string, file: string) {
   try {
     const signtool = await getSignToolPath();
-    // signtool.exe sign /v /fd sha256 /a "file"
-    const command = `"${signtool}" sign /v /fd sha256 /a "${file}"`;
-    console.log(command);
+    // signtool.exe sign /v /fd sha256 /a "file" /sha1 "hex(sha1(cert))"
+    const command = `"${signtool}" sign /v /fd sha256 /a "${file} /sha1 ${certificate}"`;
     const { stdout, stderr } = await execAsync(command);
     console.log(stdout);
     console.log(stderr);