1Password/load-secrets-action
1
0
Fork 0
mirror of https://github.com/1Password/load-secrets-action.git synced 2026-06-21 06:23:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix lintng error

Browse Source
This commit is contained in:
Jill Regan
2026-05-21 09:46:00 -04:00
parent d367634d5e
commit da7c7c6490
2 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/op-cli-installer/github-action/cli-installer/windows-signature.test.ts
+11 -11
View File
@@ -1,6 +1,6 @@
import {
verifyWindowsBinarySignature,
WINDOWS_ISSUER_CN,
WINDOWS_ISSUER_CN_PREFIX,
WINDOWS_PUBLISHER_EKU,
WINDOWS_SIGNER_SUBJECT_CN,
} from "./windows-signature";
@@ -11,7 +11,7 @@ describe("verifyWindowsBinarySignature", () => {
const buildAuthenticodeOutput = ({
status = "Valid",
subject = `CN=${WINDOWS_SIGNER_SUBJECT_CN}, O=Agilebits, L=Toronto, S=Ontario, C=CA`,
issuer = `CN=${WINDOWS_ISSUER_CN}, O=Microsoft Corporation, C=US`,
issuer = `CN=${WINDOWS_ISSUER_CN_PREFIX} 03, O=Microsoft Corporation, C=US`,
ekus = [
"1.3.6.1.4.1.311.97.1.0",
"1.3.6.1.5.5.7.3.3",
@@ -46,9 +46,9 @@ describe("verifyWindowsBinarySignature", () => {
subject: "CN=Attacker, O=Attacker, C=US",
}),
);
await expect(
verifyWindowsBinarySignature(OP_EXE, runner),
).rejects.toThrow(/does not contain CN=Agilebits/);
await expect(verifyWindowsBinarySignature(OP_EXE, runner)).rejects.toThrow(
/does not contain CN=Agilebits/,
);
});
it("throws if the Issuer is not the expected Microsoft CA", async () => {
@@ -57,9 +57,9 @@ describe("verifyWindowsBinarySignature", () => {
issuer: "CN=Some Other CA, O=Someone, C=US",
}),
);
await expect(
verifyWindowsBinarySignature(OP_EXE, runner),
).rejects.toThrow(/does not contain CN=Microsoft ID Verified/);
await expect(verifyWindowsBinarySignature(OP_EXE, runner)).rejects.toThrow(
/does not contain CN=Microsoft ID Verified/,
);
});
it("throws if the publisher EKU is missing", async () => {
@@ -68,8 +68,8 @@ describe("verifyWindowsBinarySignature", () => {
ekus: ["1.3.6.1.4.1.311.97.1.0", "1.3.6.1.5.5.7.3.3"],
}),
);
await expect(
verifyWindowsBinarySignature(OP_EXE, runner),
).rejects.toThrow(/expected publisher EKU.*not found/);
await expect(verifyWindowsBinarySignature(OP_EXE, runner)).rejects.toThrow(
/expected publisher EKU.*not found/,
);
});
});
src/op-cli-installer/github-action/cli-installer/windows-signature.ts
+3 -3
View File
@@ -6,7 +6,7 @@ const execFileAsync = promisify(execFile);
// Identifying fields of 1Password's Authenticode signing cert for op.exe.
// See https://www.1password.dev/cli/verify.
export const WINDOWS_SIGNER_SUBJECT_CN = "Agilebits";
export const WINDOWS_ISSUER_CN = "Microsoft ID Verified CS AOC CA 02";
export const WINDOWS_ISSUER_CN_PREFIX = "Microsoft ID Verified CS AOC CA";
export const WINDOWS_PUBLISHER_EKU =
"1.3.6.1.4.1.311.97.661420558.769123285.207353056.500447802";
@@ -65,9 +65,9 @@ export const verifyWindowsBinarySignature = async (
// Confirm the cert was issued by Microsoft's expected code signing CA.
const issuer = fieldValue("Issuer=") ?? "";
if (!issuer.includes(`CN=${WINDOWS_ISSUER_CN},`)) {
if (!issuer.includes(`CN=${WINDOWS_ISSUER_CN_PREFIX}`)) {
throw new Error(
`1Password CLI signature verification failed: issuer (${issuer}) does not contain CN=${WINDOWS_ISSUER_CN}.`,
`1Password CLI signature verification failed: issuer (${issuer}) does not contain CN=${WINDOWS_ISSUER_CN_PREFIX}.`,
);
}