-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathupdatevsto.ps1
127 lines (120 loc) · 4.88 KB
/
updatevsto.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
# $TimestampServer は署名時に使用するタイムスタンプサーバー
$TimestampServer = "http://timestamp.digicert.com"
function ShowUsage {
if ($PSUICulture -eq "ja-JP") {
[System.Console]::Error.WriteLine("updatevsto.ps1 <file.vsto>")
[System.Console]::Error.WriteLine(" 引数で渡したVSTOファイルおよびそれに依存するマニフェストファイルの")
[System.Console]::Error.WriteLine(" コードサイニング署名を更新します")
} else {
[System.Console]::Error.WriteLine("updatevsto.ps1 <file.vsto>")
[System.Console]::Error.WriteLine(" Update Code-Signing-Certificate of the .vsto-file passed as argument")
[System.Console]::Error.WriteLine(" and dependency files.")
}
exit 1
}
function IsValidSignature($File) {
$info = New-Object -TypeName System.Diagnostics.ProcessStartInfo
$info.CreateNoWindow = $true
$info.UseShellExecute = $false
$info.RedirectStandardOutput = $true
$info.FileName = $mage
$info.Arguments = "-ver $File"
$proc = New-Object -TypeName System.Diagnostics.Process
$proc.StartInfo = $info
$f = $proc.Start()
$s = $proc.StandardOutput.ReadToEnd().Trim()
$flag = $s -eq "Manifest has a valid signature."
return $flag
}
if ($Args.Length -ne 1) {
ShowUsage
}
#コードサイニング証明書関連の情報を取得
$Cert=Get-ChildItem -Path Cert:\CurrentUser\My -CodeSigningCert | Sort-Object -Property NotAfter -Descending | Select-Object -First 1
if ($Cert -eq $null) {
if ($PSUICulture -eq "ja-JP") {
[System.Console]::Error.WriteLine("端末にコードサイニング証明書がインストールされていません")
} else {
[System.Console]::Error.WriteLine("Code-Signing-Certificate is not found.")
}
exit 1
}
$thumb = $Cert.Thumbprint
[string]$signopt = "-ch $thumb -a sha256RSA -ti $TimestampServer"
# mage.exe のパスを探索
$mage = $null
$progdir = (get-item "Registry::HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion").GetValue("ProgramFilesDir (x86)")
foreach ($a in get-item "$progdir\Microsoft SDKs\Windows\*\bin\*\mage.exe" |Sort-Object -Propert LastWriteTime) {
$mage = $a
}
if ($mage -eq $null) {
if ($PSUICulture -eq "ja-JP") {
[System.Console]::Error.WriteLine("mage.exeが見つかりません")
} else {
[System.Console]::Error.WriteLine("mage.exe is not found.")
}
exit 1
}
$vsto = $Args[0]
$baseDir = [System.IO.Path]::GetDirectoryName($vsto)
$invalidVsto = $false
$xml = [xml](Get-Content($vsto))
foreach ($elem in $xml.GetElementsByTagName("dependentAssembly")) {
$manifest = $elem.Attributes["codebase"].Value
$manPath = [System.IO.Path]::Combine($baseDir, $manifest)
$files = @()
[bool]$invalidManifest = $false
foreach ($elem2 in $elem.ChildNodes) {
if ($elem2.LocalName -eq "assemblyIdentity") {
$file = $elem2.Attributes["name"].Value
$path = [System.IO.Path]::Combine($baseDir, $file)
$sign = Get-AuthenticodeSignature -FilePath $path
if ($sign -eq $null -or $sign.Status -ne "Valid") {
$files += $path
$invalidManifest = $true
$invalidVsto = $true
} else {
if ((Get-Item $manPath).LastWriteTime -lt (Get-Item $path).LastWriteTime) {
$invalidManifest = $true
$invalidVsto = $true
}
if ($PSUICulture -eq "ja-JP") {
Write-Output ($file + " は署名済みです。スキップします。")
} else {
Write-Output ($file + " is already singed. Skip.")
}
}
}
}
if ($files.Length -ne 0) {
Set-AuthenticodeSignature -Certificate $Cert -Filepath $Files -HashAlgorithm "SHA256" -TimestampServer $TimestampServer
}
if (-not $invalidManifest -and -not (IsValidSignature($manPath))) {
$invalidManifest = $true
$invalidVsto = $true
}
if ($invalidManifest) {
Start-Process -FilePath "$mage" -ArgumentList "-u ""$manPath"" $signopt" -Wait -NoNewWindow
} else {
if ($PSUICulture -eq "ja-JP") {
Write-Output ($manifest + " は署名済みです。スキップします。")
} else {
Write-Output ($manifest + " is already singed. Skip.")
}
}
if ((Get-Item $vsto).LastWriteTime -lt (Get-Item $manPath).LastWriteTime) {
$invalidVsto = $true
}
if (-not $invalidVsto -and -not (IsValidSignature($vsto))) {
$invalidVsto = $true
}
if ($invalidVsto) {
Start-Process -FilePath "$mage" -ArgumentList "-u ""$vsto"" -appm ""$manPath"" $signopt" -Wait -NoNewWindow
} else {
if ($PSUICulture -eq "ja-JP") {
Write-Output ($vsto + " は署名済みです。スキップします。")
} else {
Write-Output ($vsto + " is already singed. Skip.")
}
}
}