@@ -29,7 +29,7 @@ function Install-Binary
2929 [Parameter (Mandatory , ParameterSetName = " LocalPath" )]
3030 [String ] $FilePath ,
3131 [String []] $ArgumentList ,
32- [String ] $ExpectedSignature
32+ [String [] ] $ExpectedSignature
3333 )
3434
3535 if ($PSCmdlet.ParameterSetName -eq " LocalPath" )
@@ -47,14 +47,13 @@ function Install-Binary
4747 if ($ExpectedSignature )
4848 {
4949 Test-FileSignature - FilePath $filePath - ExpectedThumbprint $ExpectedSignature
50-
5150 }
5251 else
5352 {
5453 throw " ExpectedSignature parameter is specified, but no signature is provided."
5554 }
5655 }
57-
56+
5857 # MSI binaries should be installed via msiexec.exe
5958 $fileExtension = ([System.IO.Path ]::GetExtension($Name )).Replace(" ." , " " )
6059 if ($fileExtension -eq " msi" )
@@ -722,18 +721,27 @@ function Test-FileSignature {
722721 [Parameter (Mandatory = $true )]
723722 [string ]$FilePath ,
724723 [Parameter (Mandatory = $true )]
725- [string ]$ExpectedThumbprint
724+ [string [] ]$ExpectedThumbprint
726725 )
727-
726+
728727 $signature = Get-AuthenticodeSignature $FilePath
729-
728+
730729 if ($signature.Status -ne " Valid" ) {
731730 throw " Signature status is not valid. Status: $ ( $signature.Status ) "
732731 }
733-
734- if ($signature.SignerCertificate.Thumbprint.Contains ($ExpectedThumbprint ) -ne $true ) {
735- throw " Signature thumbprint do not match expected"
732+
733+ foreach ($thumbprint in $ExpectedThumbprint ) {
734+ if ($signature.SignerCertificate.Thumbprint.Contains ($thumbprint )) {
735+ Write-Output " Signature for $FilePath is valid"
736+ $signatureMatched = $true
737+ return
738+ }
736739 }
737740
738- Write-Output " Signature for $FilePath is valid"
741+ if ($signatureMatched ) {
742+ Write-Output " Signature for $FilePath is valid"
743+ }
744+ else {
745+ throw " Signature thumbprint do not match expected."
746+ }
739747}
0 commit comments