search

vcsjones / AzureSignTool

SignTool Library and Azure Key Vault Support
MIT License
272 stars 85 forks source link

Value cannot be null. (Parameter 'uriString') #207

Closed Thykof closed 9 months ago

Thykof commented 11 months ago

Hi, I am getting an error when trying to sign a .msi file:

AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v "my-file.msi"
Unhandled exception. System.ArgumentNullException: Value cannot be null. (Parameter 'uriString')
   at System.Uri..ctor(String uriString)
   at Azure.Security.KeyVault.Certificates.KeyVaultCertificate.get_KeyId()
   at AzureSignTool.KeyVaultConfigurationDiscoverer.Materialize(AzureKeyVaultSignConfigurationSet configuration) in /_/src/AzureSignTool/KeyVaultConfigurationDiscoverer.cs:line 57
   at AzureSignTool.SignCommand.OnExecuteAsync(CommandLineApplication app, IConsole console) in /_/src/AzureSignTool/SignCommand.cs:line 258
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.InvokeAsync(MethodInfo method, Object instance, Object[] arguments)
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.OnExecute(ConventionContext context, CancellationToken cancellationToken)
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.<>c__DisplayClass0_0.<<Apply>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync(String[] args, CancellationToken cancellationToken)
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.Execute(String[] args)
   at AzureSignTool.Program.Main(String[] args) in /_/src/AzureSignTool/Program.cs:line 26

Looks like the error is here

https://github.com/vcsjones/AzureSignTool/blob/main/src/AzureSignTool/KeyVaultConfigurationDiscoverer.cs#L57

https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/keyvault/Azure.Security.KeyVault.Certificates/src/KeyVaultCertificate.cs#L41

It seems like the _keyId property is null, which cause the constructor of System.Uri to fail.

Questions:

  1. Should I use a previous version of AzureSignTool? I'm currently using v4.0.1.
  2. Do you think that Azure key vault is wrongly configured?
vcsjones commented 9 months ago

Sorry for the (very) late reply here.

Should I use a previous version of AzureSignTool? I'm currently using v4.0.1.

I don't think that would solve your problem.

Do you think that Azure key vault is wrongly configured?

I believe your certificate in Azure Key Vault does not have an associated private key and it is just a public certificate.

I made a code change to more gracefully handle this scenario.