diff --git a/src/code/InstallHelper.cs b/src/code/InstallHelper.cs index 5f2a7b06f..35fea684c 100644 --- a/src/code/InstallHelper.cs +++ b/src/code/InstallHelper.cs @@ -501,7 +501,11 @@ private List InstallPackage( : _pathsToInstallPkg.Find(path => path.EndsWith("Scripts", StringComparison.InvariantCultureIgnoreCase)); } - if (_authenticodeCheck && !AuthenticodeSignature.CheckAuthenticodeSignature(pkg.Name, tempDirNameVersion, _versionRange, _pathsToSearch, installPath, _cmdletPassedIn, out ErrorRecord errorRecord)) + if (_authenticodeCheck && !AuthenticodeSignature.CheckAuthenticodeSignature( + pkg.Name, + tempDirNameVersion, + _cmdletPassedIn, + out ErrorRecord errorRecord)) { ThrowTerminatingError(errorRecord); } diff --git a/src/code/Utils.cs b/src/code/Utils.cs index ae72d6b21..f19861847 100644 --- a/src/code/Utils.cs +++ b/src/code/Utils.cs @@ -819,7 +819,7 @@ private static bool TryReadPSDataFile( } public static void ValidateModuleManifest(string moduleManifestPath, out string[] errorMsgs) - { + { List errorMsgsList = new List(); using (System.Management.Automation.PowerShell pwsh = System.Management.Automation.PowerShell.Create()) { @@ -866,11 +866,11 @@ public static void ValidateModuleManifest(string moduleManifestPath, out string[ { // This will handle version errors message = $"{pwsh.Streams.Error[0].ToString()} Run 'Test-ModuleManifest' to validate the module manifest."; - } - + } + errorMsgsList.Add(message); } - } + } errorMsgs = errorMsgsList.ToArray(); } @@ -1236,7 +1236,11 @@ internal static class AuthenticodeSignature { #region Methods - internal static bool CheckAuthenticodeSignature(string pkgName, string tempDirNameVersion, VersionRange versionRange, List pathsToSearch, string installPath, PSCmdlet cmdletPassedIn, out ErrorRecord errorRecord) + internal static bool CheckAuthenticodeSignature( + string pkgName, + string tempDirNameVersion, + PSCmdlet cmdletPassedIn, + out ErrorRecord errorRecord) { errorRecord = null; @@ -1246,16 +1250,16 @@ internal static bool CheckAuthenticodeSignature(string pkgName, string tempDirNa return true; } - // Check that the catalog file is signed properly + // First check if the files are catalog signed. string catalogFilePath = Path.Combine(tempDirNameVersion, pkgName + ".cat"); if (File.Exists(catalogFilePath)) { - // Run catalog validation - Collection TestFileCatalogResult = new Collection(); + // Run catalog validation. + Collection TestFileCatalogResult; string moduleBasePath = tempDirNameVersion; try { - // By default "Test-FileCatalog will look through all files in the provided directory, -FilesToSkip allows us to ignore specific files + // By default "Test-FileCatalog will look through all files in the provided directory, -FilesToSkip allows us to ignore specific files. TestFileCatalogResult = cmdletPassedIn.InvokeCommand.InvokeScript( script: @"param ( [string] $moduleBasePath, @@ -1283,7 +1287,7 @@ internal static bool CheckAuthenticodeSignature(string pkgName, string tempDirNa return false; } - bool catalogValidation = (TestFileCatalogResult[0] != null) ? (bool)TestFileCatalogResult[0].BaseObject : false; + bool catalogValidation = TestFileCatalogResult.Count > 0 ? (bool)TestFileCatalogResult[0].BaseObject : false; if (!catalogValidation) { var exMessage = String.Format("The catalog file '{0}' is invalid.", pkgName + ".cat"); @@ -1292,13 +1296,16 @@ internal static bool CheckAuthenticodeSignature(string pkgName, string tempDirNa errorRecord = new ErrorRecord(ex, "TestFileCatalogError", ErrorCategory.InvalidResult, cmdletPassedIn); return false; } + + return true; } - Collection authenticodeSignature = new Collection(); + // Otherwise check for signatures on individual files. + Collection authenticodeSignatures; try { string[] listOfExtensions = { "*.ps1", "*.psd1", "*.psm1", "*.mof", "*.cat", "*.ps1xml" }; - authenticodeSignature = cmdletPassedIn.InvokeCommand.InvokeScript( + authenticodeSignatures = cmdletPassedIn.InvokeCommand.InvokeScript( script: @"param ( [string] $tempDirNameVersion, [string[]] $listOfExtensions @@ -1315,20 +1322,17 @@ internal static bool CheckAuthenticodeSignature(string pkgName, string tempDirNa return false; } - // If the authenticode signature is not valid, return false - if (authenticodeSignature.Any() && authenticodeSignature[0] != null) + // If any file authenticode signatures are not valid, return false. + foreach (var signatureObject in authenticodeSignatures) { - foreach (var sign in authenticodeSignature) + Signature signature = (Signature)signatureObject.BaseObject; + if (!signature.Status.Equals(SignatureStatus.Valid)) { - Signature signature = (Signature)sign.BaseObject; - if (!signature.Status.Equals(SignatureStatus.Valid)) - { - var exMessage = String.Format("The signature for '{0}' is '{1}.", pkgName, signature.Status.ToString()); - var ex = new ArgumentException(exMessage); - errorRecord = new ErrorRecord(ex, "GetAuthenticodeSignatureError", ErrorCategory.InvalidResult, cmdletPassedIn); + var exMessage = String.Format("The signature for '{0}' is '{1}.", pkgName, signature.Status.ToString()); + var ex = new ArgumentException(exMessage); + errorRecord = new ErrorRecord(ex, "GetAuthenticodeSignatureError", ErrorCategory.InvalidResult, cmdletPassedIn); - return false; - } + return false; } }