add verify-signature command. Fixes #1044 (#1045)

Author: sandy081

src/main.ts

@@ -1,6 +1,6 @@
 import program from 'commander';
 import leven from 'leven';
-import { packageCommand, ls, Targets, generateManifest } from './package';
+import { packageCommand, ls, Targets, generateManifest, verifySignature } from './package';
 import { publish, unpublish } from './publish';
 import { show } from './show';
 import { search } from './search';
@@ -317,6 +317,14 @@ module.exports = function (argv: string[]): void {
 		.option('-o, --out <path>', 'Output the extension manifest to <path> location (defaults to <packagename>.manifest)')
 		.action(({ packagePath, out }) => main(generateManifest(packagePath, out)));
 
+	program
+		.command('verify-signature')
+		.description('Verifies the provided signature file against the provided VSIX package and manifest.')
+		.requiredOption('-i, --packagePath <path>', 'Path to the VSIX package')
+		.requiredOption('-m, --manifestPath <path>', 'Path to the Manifest file')
+		.requiredOption('-s, --signaturePath <path>', 'Path to the Signature file')
+		.action(({ packagePath, manifestPath, signaturePath }) => main(verifySignature(packagePath, manifestPath, signaturePath)));
+
 	program
 		.command('ls-publishers')
 		.description('Lists all known publishers')

src/package.ts

@@ -1885,6 +1885,19 @@ export function generateManifest(packageFile: string, outputFile?: string): Prom
 	return vsceSign.generateManifest(packageFile, outputFile);
 }
 
+export async function verifySignature(packageFile: string, manifestFile: string, signatureFile: string): Promise<void> {
+	const sigzipPath = await createSignatureArchive(manifestFile, signatureFile);
+	try {
+		const result = await vsceSign.verify(packageFile, sigzipPath, true);
+		console.log(`Signature verification result: ${result.code}`);
+		if (result.output) {
+			console.log(result.output)
+		}
+	} finally {
+		await fs.promises.unlink(sigzipPath);
+	}
+}
+
 // Create a signature zip file containing the manifest and signature file
 export async function createSignatureArchive(manifestFile: string, signatureFile: string, outputFile?: string): Promise<string> {
 	return vsceSign.zip(manifestFile, signatureFile, outputFile)