|
| 1 | +#!/usr/bin/env pwsh |
| 2 | +# |
| 3 | +# Verify Windows executable signatures |
| 4 | +# |
| 5 | +# This script verifies that Windows executables are properly signed |
| 6 | +# with valid Authenticode signatures. |
| 7 | +# |
| 8 | +# Usage: |
| 9 | +# verify-signature.ps1 -Executables <exe1>,<exe2>,... |
| 10 | +# |
| 11 | +# Example: |
| 12 | +# verify-signature.ps1 -Executables "./artifacts/dist/foo.exe","./artifacts/dist/bar.exe" |
| 13 | +# |
| 14 | + |
| 15 | +param( |
| 16 | + [Parameter(Mandatory=$true)] |
| 17 | + [string[]]$Executables |
| 18 | +) |
| 19 | + |
| 20 | +Write-Host "Verifying signatures for Windows executables" |
| 21 | +Write-Host "==============================================" |
| 22 | +Write-Host "" |
| 23 | + |
| 24 | +$allValid = $true |
| 25 | + |
| 26 | +foreach ($exePath in $Executables) { |
| 27 | + $exeName = Split-Path -Leaf $exePath |
| 28 | + |
| 29 | + Write-Host "Checking: $exeName" |
| 30 | + Write-Host " Path: $exePath" |
| 31 | + |
| 32 | + if (-not (Test-Path $exePath)) { |
| 33 | + Write-Host " ERROR: File not found!" -ForegroundColor Red |
| 34 | + $allValid = $false |
| 35 | + Write-Host "" |
| 36 | + continue |
| 37 | + } |
| 38 | + |
| 39 | + $signature = Get-AuthenticodeSignature -FilePath $exePath |
| 40 | + |
| 41 | + Write-Host " Status: $($signature.Status)" |
| 42 | + |
| 43 | + if ($signature.SignerCertificate) { |
| 44 | + Write-Host " Signer: $($signature.SignerCertificate.Subject)" |
| 45 | + Write-Host " Thumbprint: $($signature.SignerCertificate.Thumbprint)" |
| 46 | + } |
| 47 | + |
| 48 | + if ($signature.Status -ne 'Valid') { |
| 49 | + Write-Host " ERROR: Signature is not valid!" -ForegroundColor Red |
| 50 | + if ($signature.StatusMessage) { |
| 51 | + Write-Host " Reason: $($signature.StatusMessage)" -ForegroundColor Red |
| 52 | + } |
| 53 | + $allValid = $false |
| 54 | + } else { |
| 55 | + Write-Host " SUCCESS: Signature is valid" -ForegroundColor Green |
| 56 | + } |
| 57 | + |
| 58 | + Write-Host "" |
| 59 | +} |
| 60 | + |
| 61 | +Write-Host "==============================================" |
| 62 | +if (-not $allValid) { |
| 63 | + Write-Host "FAILED: One or more executables are missing or have invalid signatures" -ForegroundColor Red |
| 64 | + exit 1 |
| 65 | +} |
| 66 | + |
| 67 | +Write-Host "SUCCESS: All Windows executables are properly signed" -ForegroundColor Green |
| 68 | +exit 0 |
0 commit comments