code-server/build/azure-pipelines/win32/sign.ps1

function Create-TmpJson($Obj) {
	$FileName = [System.IO.Path]::GetTempFileName()
	ConvertTo-Json -Depth 100 $Obj | Out-File -Encoding UTF8 $FileName
	return $FileName
}

$Auth = Create-TmpJson @{
	Version = "1.0.0"
	AuthenticationType = "AAD_CERT"
	ClientId = $env:ESRPClientId
	AuthCert = @{
		SubjectName = $env:ESRPAuthCertificateSubjectName
		StoreLocation = "LocalMachine"
		StoreName = "My"
		SendX5c = "true"
	}
	RequestSigningCert = @{
		SubjectName = $env:ESRPCertificateSubjectName
		StoreLocation = "LocalMachine"
		StoreName = "My"
	}
}

$Policy = Create-TmpJson @{
	Version = "1.0.0"
}

$Input = Create-TmpJson @{
	Version = "1.0.0"
	SignBatches = @(
		@{
			SourceLocationType = "UNC"
			SignRequestFiles = @(
				@{
					SourceLocation = $args[0]
				}
			)
			SigningInfo = @{
				Operations = @(
					@{
						KeyCode = "CP-230012"
						OperationCode = "SigntoolSign"
						Parameters = @{
							OpusName = "VS Code"
							OpusInfo = "https://code.visualstudio.com/"
							Append = "/as"
							FileDigest = "/fd `"SHA256`""
							PageHash = "/NPH"
							TimeStamp = "/tr `"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer`" /td sha256"
						}
						ToolName = "sign"
						ToolVersion = "1.0"
					},
					@{
						KeyCode = "CP-230012"
						OperationCode = "SigntoolVerify"
						Parameters = @{
							VerifyAll = "/all"
						}
						ToolName = "sign"
						ToolVersion = "1.0"
					}
				)
			}
		}
	)
}

$Output = [System.IO.Path]::GetTempFileName()
$ScriptPath = Split-Path -Path $MyInvocation.MyCommand.Definition -Parent
& "$ScriptPath\ESRPClient\packages\Microsoft.ESRPClient.*\tools\ESRPClient.exe" Sign -a $Auth -p $Policy -i $Input -o $Output
Squashed 'lib/vscode/' content from commit e5a624b788 git-subtree-dir: lib/vscode git-subtree-split: e5a624b788d92b8d34d1392e4c4d9789406efe8f 2020-12-15 22:52:33 +00:00			`function Create-TmpJson($Obj) {`
			`$FileName = [System.IO.Path]::GetTempFileName()`
			`ConvertTo-Json -Depth 100 $Obj \| Out-File -Encoding UTF8 $FileName`
			`return $FileName`
			`}`

			`$Auth = Create-TmpJson @{`
			`Version = "1.0.0"`
			`AuthenticationType = "AAD_CERT"`
			`ClientId = $env:ESRPClientId`
			`AuthCert = @{`
			`SubjectName = $env:ESRPAuthCertificateSubjectName`
			`StoreLocation = "LocalMachine"`
			`StoreName = "My"`
			`SendX5c = "true"`
			`}`
			`RequestSigningCert = @{`
			`SubjectName = $env:ESRPCertificateSubjectName`
			`StoreLocation = "LocalMachine"`
			`StoreName = "My"`
			`}`
			`}`

			`$Policy = Create-TmpJson @{`
			`Version = "1.0.0"`
			`}`

			`$Input = Create-TmpJson @{`
			`Version = "1.0.0"`
			`SignBatches = @(`
			`@{`
			`SourceLocationType = "UNC"`
			`SignRequestFiles = @(`
			`@{`
			`SourceLocation = $args[0]`
			`}`
			`)`
			`SigningInfo = @{`
			`Operations = @(`
			`@{`
			`KeyCode = "CP-230012"`
			`OperationCode = "SigntoolSign"`
			`Parameters = @{`
			`OpusName = "VS Code"`
			`OpusInfo = "https://code.visualstudio.com/"`
			`Append = "/as"`
			FileDigest = "/fd `"SHA256`""
			`PageHash = "/NPH"`
			TimeStamp = "/tr `"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer`" /td sha256"
			`}`
			`ToolName = "sign"`
			`ToolVersion = "1.0"`
			`},`
			`@{`
			`KeyCode = "CP-230012"`
			`OperationCode = "SigntoolVerify"`
			`Parameters = @{`
			`VerifyAll = "/all"`
			`}`
			`ToolName = "sign"`
			`ToolVersion = "1.0"`
			`}`
			`)`
			`}`
			`}`
			`)`
			`}`

			`$Output = [System.IO.Path]::GetTempFileName()`
			`$ScriptPath = Split-Path -Path $MyInvocation.MyCommand.Definition -Parent`
			`& "$ScriptPath\ESRPClient\packages\Microsoft.ESRPClient.*\tools\ESRPClient.exe" Sign -a $Auth -p $Policy -i $Input -o $Output`