From da7c7c64902bdebc0c065c0c971ab96ef653fc66 Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Thu, 21 May 2026 09:46:00 -0400 Subject: [PATCH] Fix lintng error --- .../cli-installer/windows-signature.test.ts | 22 +++++++++---------- .../cli-installer/windows-signature.ts | 6 ++--- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/src/op-cli-installer/github-action/cli-installer/windows-signature.test.ts b/src/op-cli-installer/github-action/cli-installer/windows-signature.test.ts index 4a327cd..800a41e 100644 --- a/src/op-cli-installer/github-action/cli-installer/windows-signature.test.ts +++ b/src/op-cli-installer/github-action/cli-installer/windows-signature.test.ts @@ -1,6 +1,6 @@ import { verifyWindowsBinarySignature, - WINDOWS_ISSUER_CN, + WINDOWS_ISSUER_CN_PREFIX, WINDOWS_PUBLISHER_EKU, WINDOWS_SIGNER_SUBJECT_CN, } from "./windows-signature"; @@ -11,7 +11,7 @@ describe("verifyWindowsBinarySignature", () => { const buildAuthenticodeOutput = ({ status = "Valid", subject = `CN=${WINDOWS_SIGNER_SUBJECT_CN}, O=Agilebits, L=Toronto, S=Ontario, C=CA`, - issuer = `CN=${WINDOWS_ISSUER_CN}, O=Microsoft Corporation, C=US`, + issuer = `CN=${WINDOWS_ISSUER_CN_PREFIX} 03, O=Microsoft Corporation, C=US`, ekus = [ "1.3.6.1.4.1.311.97.1.0", "1.3.6.1.5.5.7.3.3", @@ -46,9 +46,9 @@ describe("verifyWindowsBinarySignature", () => { subject: "CN=Attacker, O=Attacker, C=US", }), ); - await expect( - verifyWindowsBinarySignature(OP_EXE, runner), - ).rejects.toThrow(/does not contain CN=Agilebits/); + await expect(verifyWindowsBinarySignature(OP_EXE, runner)).rejects.toThrow( + /does not contain CN=Agilebits/, + ); }); it("throws if the Issuer is not the expected Microsoft CA", async () => { @@ -57,9 +57,9 @@ describe("verifyWindowsBinarySignature", () => { issuer: "CN=Some Other CA, O=Someone, C=US", }), ); - await expect( - verifyWindowsBinarySignature(OP_EXE, runner), - ).rejects.toThrow(/does not contain CN=Microsoft ID Verified/); + await expect(verifyWindowsBinarySignature(OP_EXE, runner)).rejects.toThrow( + /does not contain CN=Microsoft ID Verified/, + ); }); it("throws if the publisher EKU is missing", async () => { @@ -68,8 +68,8 @@ describe("verifyWindowsBinarySignature", () => { ekus: ["1.3.6.1.4.1.311.97.1.0", "1.3.6.1.5.5.7.3.3"], }), ); - await expect( - verifyWindowsBinarySignature(OP_EXE, runner), - ).rejects.toThrow(/expected publisher EKU.*not found/); + await expect(verifyWindowsBinarySignature(OP_EXE, runner)).rejects.toThrow( + /expected publisher EKU.*not found/, + ); }); }); diff --git a/src/op-cli-installer/github-action/cli-installer/windows-signature.ts b/src/op-cli-installer/github-action/cli-installer/windows-signature.ts index 0fcf457..f275d2c 100644 --- a/src/op-cli-installer/github-action/cli-installer/windows-signature.ts +++ b/src/op-cli-installer/github-action/cli-installer/windows-signature.ts @@ -6,7 +6,7 @@ const execFileAsync = promisify(execFile); // Identifying fields of 1Password's Authenticode signing cert for op.exe. // See https://www.1password.dev/cli/verify. export const WINDOWS_SIGNER_SUBJECT_CN = "Agilebits"; -export const WINDOWS_ISSUER_CN = "Microsoft ID Verified CS AOC CA 02"; +export const WINDOWS_ISSUER_CN_PREFIX = "Microsoft ID Verified CS AOC CA"; export const WINDOWS_PUBLISHER_EKU = "1.3.6.1.4.1.311.97.661420558.769123285.207353056.500447802"; @@ -65,9 +65,9 @@ export const verifyWindowsBinarySignature = async ( // Confirm the cert was issued by Microsoft's expected code signing CA. const issuer = fieldValue("Issuer=") ?? ""; - if (!issuer.includes(`CN=${WINDOWS_ISSUER_CN},`)) { + if (!issuer.includes(`CN=${WINDOWS_ISSUER_CN_PREFIX}`)) { throw new Error( - `1Password CLI signature verification failed: issuer (${issuer}) does not contain CN=${WINDOWS_ISSUER_CN}.`, + `1Password CLI signature verification failed: issuer (${issuer}) does not contain CN=${WINDOWS_ISSUER_CN_PREFIX}.`, ); }