TimeTrack/Sign-TimeTrack.ps1 at master · ozzygit/TimeTrack · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# Sign-TimeTrack.ps1
# Code signing script for TimeTrack v2

param(
    [Parameter(Mandatory=$false)]
    [string]$CertificateThumbprint,

    [Parameter(Mandatory=$false)]
    [string]$TimestampServer = "http://timestamp.digicert.com"
)

$exePath = "bin\Release\net8.0-windows\win-x64\publish\TimeTrack.exe"

if (-not (Test-Path $exePath)) {
    Write-Host "? Executable not found at: $exePath" -ForegroundColor Red
    Write-Host "Run 'dotnet publish -c Release' first" -ForegroundColor Yellow
    exit 1
}

# If no certificate specified, try to find one in the user's certificate store
if ([string]::IsNullOrEmpty($CertificateThumbprint)) {
    Write-Host "?? Looking for code signing certificates..." -ForegroundColor Yellow

    $certs = Get-ChildItem -Path Cert:\CurrentUser\My -CodeSigningCert

    if ($certs.Count -eq 0) {
        Write-Host "? No code signing certificates found" -ForegroundColor Red
        Write-Host "`nTo sign the application, you need:" -ForegroundColor Yellow
        Write-Host "1. A code signing certificate from your organization" -ForegroundColor White
        Write-Host "2. Or a self-signed certificate for testing:" -ForegroundColor White
        Write-Host "   New-SelfSignedCertificate -Type CodeSigningCert -Subject 'CN=TimeTrack Dev' -CertStoreLocation Cert:\CurrentUser\My" -ForegroundColor Gray
        exit 1
    }

    Write-Host "?? Available certificates:" -ForegroundColor Green
    $certs | ForEach-Object { Write-Host "  - $($_.Subject) [$($_.Thumbprint)]" -ForegroundColor White }

    if ($certs.Count -eq 1) {
        $cert = $certs[0]
        Write-Host "`n? Using: $($cert.Subject)" -ForegroundColor Green
    } else {
        Write-Host "`n?? Multiple certificates found. Specify thumbprint with -CertificateThumbprint" -ForegroundColor Yellow
        exit 1
    }
} else {
    $cert = Get-Item "Cert:\CurrentUser\My\$CertificateThumbprint" -ErrorAction SilentlyContinue
    if (-not $cert) {
        Write-Host "? Certificate not found: $CertificateThumbprint" -ForegroundColor Red
        exit 1
    }
}

# Sign the executable
Write-Host "`n?? Signing TimeTrack.exe..." -ForegroundColor Cyan
try {
    Set-AuthenticodeSignature -FilePath $exePath -Certificate $cert -TimestampServer $TimestampServer -HashAlgorithm SHA256

    Write-Host "? Application signed successfully!" -ForegroundColor Green

    # Verify signature
    $signature = Get-AuthenticodeSignature -FilePath $exePath
    Write-Host "`n?? Signature details:" -ForegroundColor Cyan
    Write-Host "  Status: $($signature.Status)" -ForegroundColor White
    Write-Host "  Signer: $($signature.SignerCertificate.Subject)" -ForegroundColor White
    Write-Host "  Timestamp: $($signature.TimeStamperCertificate.Subject)" -ForegroundColor White

} catch {
    Write-Host "? Signing failed: $_" -ForegroundColor Red
    exit 1
}