in utils/run_sample_ci.py [0:0]
def make_windows_pfx_file(certificate_file_path, private_key_path, pfx_file_path):
global pfx_certificate_store_location
global pfx_password
if sys.platform == "win32" or sys.platform == "cygwin":
if os.path.isfile(certificate_file_path) != True:
print (certificate_file_path)
print("ERROR: Certificate file not found!")
return 1
if os.path.isfile(private_key_path) != True:
print("ERROR: Private key file not found!")
return 1
# Delete old PFX file if it exists
if os.path.isfile(pfx_file_path):
os.remove(pfx_file_path)
# Make a key copy
copy_path = os.path.splitext(certificate_file_path)
with open(copy_path[0] + ".key", 'w') as file:
key_file = open(private_key_path)
file.write(key_file.read())
key_file.close()
# Make a PFX file
arguments = ["certutil", "-mergePFX", certificate_file_path, pfx_file_path]
certutil_run = subprocess.run(args=arguments, shell=True, input=f"{pfx_password}\n{pfx_password}", encoding='ascii')
if (certutil_run.returncode != 0):
print ("ERROR: Could not make PFX file")
return 1
else:
print ("PFX file created successfully")
# Remove the temporary key copy
if os.path.isfile(copy_path[0] + ".key"):
os.remove(copy_path[0] + ".key")
# Import the PFX into the Windows Certificate Store
# (Passing '$mypwd' is required even though it is empty and our certificate has no password. It fails CI otherwise)
import_pfx_arguments = [
"powershell.exe",
# Powershell 7.3 introduced an issue where launching powershell from cmd would not set PSModulePath correctly.
# As a workaround, we set `PSModulePath` to empty so powershell would automatically reset the PSModulePath to default.
# More details: https://github.com/PowerShell/PowerShell/issues/18530
"$env:PSModulePath = '';",
"Import-PfxCertificate",
"-FilePath", pfx_file_path,
"-CertStoreLocation",
"Cert:\\" + pfx_certificate_store_location,
"-Password",
"$mypwd"]
import_pfx_run = subprocess.run(args=import_pfx_arguments, shell=True, stdout=subprocess.PIPE)
if (import_pfx_run.returncode != 0):
print ("ERROR: Could not import PFX certificate into Windows store!")
return 1
else:
print ("Certificate imported to Windows Certificate Store successfully")
# Get the certificate thumbprint from the output:
import_pfx_output = str(import_pfx_run.stdout)
# We know the Thumbprint will always be 40 characters long, so we can find it using that
# TODO: Extract this using a better method
thumbprint = ""
current_str = ""
# The input comes as a string with some special characters still included, so we need to remove them!
import_pfx_output = import_pfx_output.replace("\\r", " ")
import_pfx_output = import_pfx_output.replace("\\n", "\n")
for i in range(0, len(import_pfx_output)):
if (import_pfx_output[i] == " " or import_pfx_output[i] == "\n"):
if (len(current_str) == 40):
thumbprint = current_str
break
current_str = ""
else:
current_str += import_pfx_output[i]
# Did we get a thumbprint?
if (thumbprint == ""):
print ("ERROR: Could not find certificate thumbprint")
return 1
# Construct the certificate path
print ("PFX certificate created and imported successfully!")
return pfx_certificate_store_location + "\\" + thumbprint
else:
print("ERROR - Windows PFX file can only be created on a Windows platform!")
return 1