Fix signing

nohwnd · Apr 5, 2023 · 8a3fabe · 8a3fabe
1 parent c1180a0
commit 8a3fabe
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/scripts/verify-sign.ps1 b/scripts/verify-sign.ps1
@@ -54,9 +54,16 @@ function Verify-Assemblies
                 if ($signature.SignerCertificate.Subject -eq "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US") {
                     Write-Debug "Valid ($($signature.SignerCertificate.Thumbprint)): $Path"
                 }
+                elseif ($signature.SignerCertificate.Subject -eq "CN=.NET, O=Microsoft Corporation, L=Redmond, S=Washington, C=US") {
+                    Write-Debug "Valid ($($signature.SignerCertificate.Thumbprint)): $Path"
+                }
                 elseif ($signature.SignerCertificate.Subject -eq "CN=Microsoft 3rd Party Application Component, O=Microsoft Corporation, L=Redmond, S=Washington, C=US") {
                     Write-Debug "Valid ($($signature.SignerCertificate.Thumbprint)): $Path [3rd Party]"
                 }
+                elseif ($signature.SignerCertificate.Subject -eq "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US") {
+                    # We see this on server only, review what is the actual signature on the dlls we ship.
+                    Write-Debug "Valid ($($signature.SignerCertificate.Thumbprint)): $Path [???]"
+                }
                 else {
                     # For legacy components, sign certificate is always "prod" signature. Skip such binaries.
                     if ($signature.SignerCertificate.Thumbprint -eq "98ED99A67886D020C564923B7DF25E9AC019DF26") {
@@ -78,6 +85,10 @@ function Verify-Assemblies
                     elseif ($signature.SignerCertificate.Thumbprint -eq "62009AAABDAE749FD47D19150958329BF6FF4B34") {
                         Write-Debug "Valid ($($signature.SignerCertificate.Thumbprint)): $Path [Prod Signed]"
                     }
+                    # For some dlls sign certificate is different signature. Skip such binaries.
+                    elseif ($signature.SignerCertificate.Thumbprint -eq "F9A36937C16D0A69A43981DACB6B5686FAD84543") {
+                        Write-Debug "Valid ($($signature.SignerCertificate.Thumbprint)): $Path [Prod Signed]"
+                    }
                     # Microsoft 3rd Party Authenticode Signature
                     elseif ($signature.SignerCertificate.Thumbprint -eq "899FA016DEE8E665FF2A315A1151C43FB96C430B") {
                         Write-Debug "Valid ($($signature.SignerCertificate.Thumbprint)): $Path [Prod Signed]"
@@ -178,4 +189,4 @@ Verify-NugetPackages
 if ($script:ErrorCount -gt 0) {
     # Write-ToCI -message "Verification failed, $($script:ErrorCount) errors found!" -type "task.logissue type=error" -vso
     Write-ToCI -message "Verification failed, $($script:ErrorCount) errors found!" -type "task.complete result=Failed;" -vso
-}
+}