Update build certificate

CZEMacLeod · Oct 26, 2021 · ef89e00 · ef89e00
1 parent 9144ef3
commit ef89e00
Show file tree

Hide file tree

Showing 5 changed files with 53 additions and 39 deletions.
diff --git a/C3D.MSBuild.Tools.EF6.GenerateViews.sln b/C3D.MSBuild.Tools.EF6.GenerateViews.sln
@@ -8,7 +8,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "build", "build", "{A547D473
 		build\azure-pipelines.yml = build\azure-pipelines.yml
 		Directory.Build.Props = Directory.Build.Props
 		Directory.Build.Targets = Directory.Build.Targets
-		build\InstallCert.ps1 = build\InstallCert.ps1
+		build\ImportCert.ps1 = build\ImportCert.ps1
 		build\RemoveCert.ps1 = build\RemoveCert.ps1
 		build\Test.snk = build\Test.snk
 	EndProjectSection

diff --git a/build/ImportCert.ps1 b/build/ImportCert.ps1
@@ -0,0 +1,23 @@
+$password = "$($env:password)"
+$pfx64 = "$($env:pfx)"
+
+$PfxUnprotectedBytes = [Convert]::FromBase64String($pfx64)
+
+Add-Type -AssemblyName System.Security
+
+$Pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
+
+$Pfx.Import($PfxUnprotectedBytes, $null, [Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
+
+$PfxProtectedBytes = $Pfx.Export([Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12, $password)
+
+$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
+$cert.Import($PfxProtectedBytes, $password, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]"PersistKeySet")
+$store = new-object system.security.cryptography.X509Certificates.X509Store -argumentlist "MY", CurrentUser
+$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]"ReadWrite")
+$store.Add($cert)
+$store.Close()
+Write-Host Imported certificate $cert
+$thumb = $cert.Thumbprint
+Write-Host ("##vso[task.setvariable variable=app_pfx_thumbprint;]$thumb")
+Write-Host ("##vso[task.setvariable variable=MSBuildEmitSolution;]0")
diff --git a/build/InstallCert.ps1 b/build/InstallCert.ps1
diff --git a/build/RemoveCert.ps1 b/build/RemoveCert.ps1
@@ -1,11 +1,13 @@
 Param(
-   [string]$pfxpath,
-   [string]$password
+   [string]$thumb
 )
-Add-Type -AssemblyName System.Security
-$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
-$cert.Import($pfxpath, $password, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]"PersistKeySet")
-$store = new-object system.security.cryptography.X509Certificates.X509Store -argumentlist "MY", CurrentUser
-$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]"ReadWrite")
-$store.Remove($cert)
-$store.Close()
+if ($thumb -ne "") {
+	Add-Type -AssemblyName System.Security
+	$store = new-object system.security.cryptography.X509Certificates.X509Store -argumentlist "MY", CurrentUser
+	$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]"ReadWrite")
+	$certs = $store.Certificates.Find([System.Security.Cryptography.X509Certificates.X509FindType]"FindByThumbprint", $thumb, $false)
+	if ($certs -ne $null) {
+		$store.RemoveRange($certs)
+	}
+	$store.Close()
+}
diff --git a/build/azure-pipelines.yml b/build/azure-pipelines.yml
@@ -19,7 +19,7 @@ pool:
 
 variables:
 - group: Github-Packages
-- group: Signing
+- group: 'c3d-devops'
 - name: solution
   value: 'C3D.MSBuild.Tools.EF6.GenerateViews.sln'
 - name: buildPlatform
@@ -30,38 +30,42 @@ variables:
   value: '$(Agent.MachineName)'
 - name: buildUser
   value: '$(Build.QueuedBy)'
+- name: 'timestamper'
+  value: 'http://timestamp.comodoca.com'
 
 steps:
 - checkout: self
   clean: true
   submodules: true
   persistCredentials: true
 
+- script: |
+    git config --global user.email "[email protected]"
+    git config --global user.name "Agent - $(Agent.Name)"
+  workingDirectory: $(Build.SourcesDirectory)
+  displayName: 'Git Configure'
+
 - powershell: 'Write-Host ("##vso[task.setvariable variable=MSBuildEmitSolution;]0")'
   displayName: 'Ensure MSBuildEmitSolution is not set'
 
-- task: DownloadSecureFile@1
-  displayName: 'Download secure file PFX'
-  name: app_pfx
-  inputs:
-    secureFile: 'Cloud3D-codesign.pfx'
-
 - task: DownloadSecureFile@1
   displayName: 'Download secure file SNK'
   name: snk
   inputs:
     secureFile: 'cloud3d-codesign.snk'
 
 - task: PowerShell@2
-  displayName: 'Install Cert'
+  displayName: 'Install Certificate'
   inputs:
-    targetType: filePath
-    filePath: 'build/InstallCert.ps1'
-    arguments: '-pfxpath $(app_pfx.secureFilePath) -password $(pfx_password)'
+    targetType: 'filePath'
+    filePath: ImportCert.ps1
+  env:
+    password: $(pfx-password)
+    pfx: $(c3d-codesign)
 
 - task: NuGetToolInstaller@0
   inputs:
-    versionSpec: 5.10.0
+    versionSpec: 5.11.0
 
 - task: NuGetCommand@2
   inputs:
@@ -183,6 +187,6 @@ steps:
   displayName: 'Remove Cert'
   inputs:
     targetType: filePath
-    filePath: 'build/RemoveCert.ps1'
-    arguments: '-pfxpath $(app_pfx.secureFilePath) -password $(pfx_password)'
+    filePath: 'RemoveCert.ps1'
+    arguments: '-thumb $(app_pfx_thumbprint)'
   condition: always()