From bb41bf61dc6b15e67bb54895f68d19a88173f53d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Moreno?= Date: Fri, 22 Nov 2024 09:57:54 +0100 Subject: [PATCH] update esrp params --- build/azure-pipelines/common/sign.js | 11 ++++++++++- build/azure-pipelines/common/sign.ts | 13 ++++++++++++- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/build/azure-pipelines/common/sign.js b/build/azure-pipelines/common/sign.js index 9c1c2493c6467..7b4b620d1fad8 100644 --- a/build/azure-pipelines/common/sign.js +++ b/build/azure-pipelines/common/sign.js @@ -126,6 +126,14 @@ function getParams(type) { function main([esrpCliPath, type, folderPath, pattern]) { const tmp = new Temp(); process.on('exit', () => tmp.dispose()); + const key = crypto.randomBytes(32); + const iv = crypto.randomBytes(16); + const encryptionDetailsPath = tmp.tmpNameSync(); + fs.writeFileSync(encryptionDetailsPath, JSON.stringify({ key: key.toString('hex'), iv: iv.toString('hex') })); + const cipher = crypto.createCipheriv('aes-256-cbc', key, iv); + const encryptedToken = cipher.update(process.env['SYSTEM_ACCESSTOKEN'].trim(), 'utf8', 'hex') + cipher.final('hex'); + const encryptedTokenPath = tmp.tmpNameSync(); + fs.writeFileSync(encryptedTokenPath, encryptedToken); const patternPath = tmp.tmpNameSync(); fs.writeFileSync(patternPath, pattern); const paramsPath = tmp.tmpNameSync(); @@ -142,7 +150,8 @@ function main([esrpCliPath, type, folderPath, pattern]) { managedIdentityTenantId: process.env['VSCODE_ESRP_TENANT_ID'], serviceConnectionId: process.env['VSCODE_ESRP_SERVICE_CONNECTION_ID'], tempDirectory: os.tmpdir(), - systemAccessToken: process.env['SYSTEM_ACCESSTOKEN'] + systemAccessToken: encryptedTokenPath, + encryptionKey: encryptionDetailsPath }; const args = [ esrpCliPath, diff --git a/build/azure-pipelines/common/sign.ts b/build/azure-pipelines/common/sign.ts index b40f3cb61071e..df8e26ff9218c 100644 --- a/build/azure-pipelines/common/sign.ts +++ b/build/azure-pipelines/common/sign.ts @@ -138,6 +138,16 @@ export function main([esrpCliPath, type, folderPath, pattern]: string[]) { const tmp = new Temp(); process.on('exit', () => tmp.dispose()); + const key = crypto.randomBytes(32); + const iv = crypto.randomBytes(16); + const encryptionDetailsPath = tmp.tmpNameSync(); + fs.writeFileSync(encryptionDetailsPath, JSON.stringify({ key: key.toString('hex'), iv: iv.toString('hex') })); + + const cipher = crypto.createCipheriv('aes-256-cbc', key, iv); + const encryptedToken = cipher.update(process.env['SYSTEM_ACCESSTOKEN']!.trim(), 'utf8', 'hex') + cipher.final('hex'); + const encryptedTokenPath = tmp.tmpNameSync(); + fs.writeFileSync(encryptedTokenPath, encryptedToken); + const patternPath = tmp.tmpNameSync(); fs.writeFileSync(patternPath, pattern); @@ -157,7 +167,8 @@ export function main([esrpCliPath, type, folderPath, pattern]: string[]) { managedIdentityTenantId: process.env['VSCODE_ESRP_TENANT_ID'], serviceConnectionId: process.env['VSCODE_ESRP_SERVICE_CONNECTION_ID'], tempDirectory: os.tmpdir(), - systemAccessToken: process.env['SYSTEM_ACCESSTOKEN'] + systemAccessToken: encryptedTokenPath, + encryptionKey: encryptionDetailsPath }; const args = [