Navcontainerhelper: Code signing (Sign-NavContainerApp) does not work with a SAS URL

Created on 26 Apr 2021  路  2Comments  路  Source: microsoft/navcontainerhelper

Describe the issue
Code signing does not work with a SAS url provided by an Azure Storage Account. It only works if the file name of the code signing certificate is present in the url.

Full output of scripts

BcContainerHelper version 2.0.11
Exception calling "DownloadFile" with "2" argument(s): "An exception occurred during a WebClient request."
at <ScriptBlock>, <No file>: line 6
bei Invoke-ScriptInBcContainer, C:\Program Files\WindowsPowerShell\Modules\BcContainerHelper\2.0.11\ContainerHandling\Invoke-ScriptInNavContainer.ps1: Zeile 44
bei Sign-BcContainerApp, C:\Program Files\WindowsPowerShell\Modules\BcContainerHelper\2.0.11\AppHandling\Sign-NavContainerApp.ps1: Zeile 56
bei <ScriptBlock>, C:\agent\_work\38\s\Pipeline\Sign-App.ps1: Zeile 34
bei <ScriptBlock>, C:\agent\_work\38\s\Pipeline\Sign-App.ps1: Zeile 33
bei <ScriptBlock>, C:\agent\_work\38\s\Pipeline\Sign-App.ps1: Zeile 31
bei <ScriptBlock>, C:\agent\_work\_temp\979a65a6-8e23-43ff-8ab5-4adf132d81f8.ps1: Zeile 3
bei <ScriptBlock>, <Keine Datei>: Zeile 1
##[error]Get-ChildItem : Exception calling "DownloadFile" with "2" argument(s): "An exception occurred during a WebClient 
request."
In C:\agent\_work\38\s\Pipeline\Sign-App.ps1:33 Zeichen:5
+     Get-ChildItem -Path (Join-Path $buildArtifactFolder $_) -Filter " ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (Exception calli...lient request.":String) [Get-ChildItem], RuntimeExc 
   eption
    + FullyQualifiedErrorId : Exception calling "DownloadFile" with "2" argument(s): "An exception occurred during a W 
   ebClient request.",Microsoft.PowerShell.Commands.GetChildItemCommand
##[error]PowerShell wurde beendet mit dem Code "1".

Additional context
I reproduced the error using the code from line 58 to 64 from Sign-NavContainerApp and got the same error. Here is the code that I used to reproduce the issue:

# $url = "https://example.blob.core.windows.net/example/codesigningcert.pfx"
$url = "https://example.blob.core.windows.net/example/codesigningcert.pfx?sp=r&st=2021-04-01T00:00:01Z&se=2021-04-30T23:59:59Z&spr=https&sv=2020-02-10&sr=b&sig=aaaaaaaaaaaaaaaaaaaa%2Faaaa%2Faa%2Faaaaaaaaaaaaa%3D"
$fileName = ([System.Uri]::UnescapeDataString([System.IO.Path]::GetFileName($url).split("?")[0]))
$path = "C:\Users\niehus\" + $fileName
(New-Object System.Net.WebClient).DownloadFile($url, $path)

And here is the output:

Ausnahme beim Aufrufen von "DownloadFile" mit 2 Argument(en):  "Ausnahmefehler w盲hrend einer WebClient-Anforderung."
In Zeile:5 Zeichen:1
+ (New-Object System.Net.WebClient).DownloadFile($url, $path)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : WebException


PS C:\Users\niehus> $path
C:\Users\niehus\59Z&spr=https&sv=2020-02-10&sr=b&sig=aaaaaaaaaaaaaaaaaaaa/aaaa/aa/aaaaaaaaaaaaa=

(sorry the output is in German, but it's the same error as in the output of my script above)

It seems that the file name of the file in the URL is not correctly parsed using ([System.Uri]::UnescapeDataString([System.IO.Path]::GetFileName($url).split("?")[0]))

bug Fix Ready Ships in a future version

All 2 comments

Yeah - looks like a parantheses was wrongly placed there.

Shipped in 2.0.12

Was this page helpful?
0 / 5 - 0 ratings