From 164eebd3e624d29966cf5bd184b39a828d29632f Mon Sep 17 00:00:00 2001 From: Sandeep Somavarapu Date: Tue, 3 Sep 2024 11:07:07 +0200 Subject: [PATCH] add verify-signature command. Fixes #1044 (#1045) --- src/main.ts | 10 +++++++++- src/package.ts | 13 +++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/src/main.ts b/src/main.ts index db16380a..a08c467d 100644 --- a/src/main.ts +++ b/src/main.ts @@ -1,6 +1,6 @@ import program from 'commander'; import leven from 'leven'; -import { packageCommand, ls, Targets, generateManifest } from './package'; +import { packageCommand, ls, Targets, generateManifest, verifySignature } from './package'; import { publish, unpublish } from './publish'; import { show } from './show'; import { search } from './search'; @@ -317,6 +317,14 @@ module.exports = function (argv: string[]): void { .option('-o, --out ', 'Output the extension manifest to location (defaults to .manifest)') .action(({ packagePath, out }) => main(generateManifest(packagePath, out))); + program + .command('verify-signature') + .description('Verifies the provided signature file against the provided VSIX package and manifest.') + .requiredOption('-i, --packagePath ', 'Path to the VSIX package') + .requiredOption('-m, --manifestPath ', 'Path to the Manifest file') + .requiredOption('-s, --signaturePath ', 'Path to the Signature file') + .action(({ packagePath, manifestPath, signaturePath }) => main(verifySignature(packagePath, manifestPath, signaturePath))); + program .command('ls-publishers') .description('Lists all known publishers') diff --git a/src/package.ts b/src/package.ts index 83de1a3b..3abe9e5b 100644 --- a/src/package.ts +++ b/src/package.ts @@ -1885,6 +1885,19 @@ export function generateManifest(packageFile: string, outputFile?: string): Prom return vsceSign.generateManifest(packageFile, outputFile); } +export async function verifySignature(packageFile: string, manifestFile: string, signatureFile: string): Promise { + const sigzipPath = await createSignatureArchive(manifestFile, signatureFile); + try { + const result = await vsceSign.verify(packageFile, sigzipPath, true); + console.log(`Signature verification result: ${result.code}`); + if (result.output) { + console.log(result.output) + } + } finally { + await fs.promises.unlink(sigzipPath); + } +} + // Create a signature zip file containing the manifest and signature file export async function createSignatureArchive(manifestFile: string, signatureFile: string, outputFile?: string): Promise { return vsceSign.zip(manifestFile, signatureFile, outputFile)