Validate authenticode signature using the certificate Subject (#12474)

* Use cerificate subject to verify authenticode signature * Use function instead of script variables * Switch all places to using Get-MicrosoftPublisher * Remove SignatureThumbprint * Use common subject for the Edge driver
2026-01-08 11:30:49 +08:00 · 2025-06-30 21:33:57 -04:00
parent 0790ef6e2a
commit 7eede67cd0
25 changed files with 72 additions and 103 deletions
--- a/images/windows/scripts/build/Install-EdgeDriver.ps1
+++ b/images/windows/scripts/build/Install-EdgeDriver.ps1
@@ -27,13 +27,7 @@ Write-Host "Expand Microsoft Edge WebDriver archive..."
 Expand-7ZipArchive -Path $archivePath -DestinationPath $edgeDriverPath

 #Validate the EdgeDriver signature
-$signatureThumbprint = @(
-                         "7920AC8FB05E0FFFE21E8FF4B4F03093BA6AC16E",
-                         "0BD8C56733FDCC06F8CB919FF5A200E39B1ACF71",
-                         "F6EECCC7FF116889C2D5466AE7243D7AA7698689",
-                         "6ACE61BAE3F09F4DD2697806D73E022CBFE70EB4"
-                        )
-Test-FileSignature -Path "$edgeDriverPath\msedgedriver.exe" -ExpectedThumbprint $signatureThumbprint
+Test-FileSignature -Path "$edgeDriverPath\msedgedriver.exe" -ExpectedSubject $(Get-MicrosoftPublisher)

 Write-Host "Setting the environment variables..."
 [Environment]::SetEnvironmentVariable("EdgeWebDriver", $EdgeDriverPath, "Machine")