[common] Add VM-Assert-Signature

`VM-Assert-Signature` will allows us to install packages checking their signatures instead of their hash. Useful for Microsoft tools like sysinternals that use URLs without version. Co-authored-by: Genwei Jiang <[email protected]>
mandiant · Jan 11, 2024 · 4b95a74 · 4b95a74
1 parent f9b8229
commit 4b95a74
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 1 deletion.
diff --git a/packages/common.vm/common.vm.nuspec b/packages/common.vm/common.vm.nuspec
@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>common.vm</id>
-    <version>0.0.0.20240105</version>
+    <version>0.0.0.20240111</version>
     <description>Common libraries for VM-packages</description>
     <authors>Mandiant</authors>
   </metadata>

diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1
@@ -128,6 +128,23 @@ function VM-Assert-Path {
     }
 }
 
+# Raise an exception if the Signature of $file_path is invalid
+function VM-Assert-Signature {
+    [CmdletBinding()]
+    Param(
+        [Parameter(Mandatory=$true)]
+        [String] $file_path
+    )
+    $signature_status = (Get-AuthenticodeSignature -FilePath $file_path).Status
+    if ($signature_status -eq 'Valid') {
+        VM-Write-Log "INFO" "Valid signature: $file_path"
+    } else {
+        $err_msg = "Invalid signature: $file_path"
+        VM-Write-Log "ERROR" $err_msg
+        throw $err_msg
+    }
+}
+
 function VM-Get-DiskSize {
     $diskdrive = "${Env:SystemDrive}"
     $driveName = $diskdrive.substring(0, $diskdrive.length-1)