search

Azure / trusted-signing-action

MIT License
21 stars 8 forks source link

Error information: "Error: SignerSign() failed." (-2147467259/0x80004005) #13

Closed mauroporras closed 2 months ago

mauroporras commented 2 months ago

Hello there, I'm trying to sign an MSI file but it won't go past this point:

Azure Code Signing

Version: 1.0.52

"Metadata": {
  "Endpoint": "https://eus.codesigning.azure.net/",
  "CodeSigningAccountName": "zea-sync",
  "CertificateProfileName": "zea-sync-cert",
  "ExcludeCredentials": [
    "InteractiveBrowserCredential"
  ]
}

Submitting digest for signing...
Unhandled managed exception
Azure.RequestFailedException: Service request failed.
Status: 403 (Forbidden)

Headers:
Date: Mon, 06 May 2024 22:28:01 GMT
Connection: keep-alive
Strict-Transport-Security: REDACTED
x-azure-ref: REDACTED
X-Cache: REDACTED
Content-Length: 0
SignTool Error: An unexpected internal error has occurred.

   at Azure.CodeSigning.CertificateProfileRestClient.SignAsync(String codeSigningAccountName, String certificateProfileName, SignRequest body, String xCorrelationId, String clientVersion, CancellationToken cancellationToken)
   at Azure.CodeSigning.CertificateProfileClient.StartSignAsync(String codeSigningAccountName, String certificateProfileName, SignRequest body, String xCorrelationId, String clientVersion, CancellationToken cancellationToken)
   at Azure.CodeSigning.Dlib.Core.DigestSigner.SignAsync(UInt32 algorithm, Byte[] digest, SafeFileHandle safeFileHandle, CancellationToken cancellationToken)
   at Azure.CodeSigning.Dlib.Core.DigestSigner.Sign(UInt32 algorithm, Byte[] digest, SafeFileHandle safeFileHandle)
   at AuthenticodeDigestSignExWithFileHandleManaged(_CRYPTOAPI_BLOB* pMetadataBlob, UInt32 digestAlgId, Byte* pbToBeSignedDigest, UInt32 cbToBeSignedDigest, Void* hFile, _CRYPTOAPI_BLOB* pSignedDigest, _CERT_CONTEXT** ppSignerCert, Void* hCertChainStore)

Error information: "Error: SignerSign() failed." (-2147467259/0x80004005)

This is what my "Certificate profiles" page looks like:

Screenshot 2024-05-06 at 17 41 44

Any help would be much appreciated. Thank you.

dlemstra commented 2 months ago

You are getting Status: 403 (Forbidden). This looks like an authentication issue? Did you assign the correct role here: https://dlemstra.github.io/github-stories/2023/imagemagick-now-uses-azure-code-signing/#create-and-authorize-app-registration?

japarson commented 2 months ago

Hi @mauroporras, what form of authentication are you attempting to use?

mauroporras commented 2 months ago

@dlemstra, @japarson, thank you very much guys. I got it working using the ImageMagick guide

I'm using azure-client-secret auth.