UNPKG

electron-builder-lib/out/windowsCodeSign.js

Version:

12.2 kBJavaScriptView Raw

1"use strict";
2
3Object.defineProperty(exports, "__esModule", {
4  value: true
5});
6exports.getSignVendorPath = getSignVendorPath;
7exports.isOldWin6 = isOldWin6;
8exports.getCertificateFromStoreInfo = exports.sign = void 0;
9
10function _bluebirdLst() {
11  const data = require("bluebird-lst");
12
13  _bluebirdLst = function () {
14    return data;
15  };
16
17  return data;
18}
19
20function _builderUtil() {
21  const data = require("builder-util");
22
23  _builderUtil = function () {
24    return data;
25  };
26
27  return data;
28}
29
30function _binDownload() {
31  const data = require("builder-util/out/binDownload");
32
33  _binDownload = function () {
34    return data;
35  };
36
37  return data;
38}
39
40function _bundledTool() {
41  const data = require("builder-util/out/bundledTool");
42
43  _bundledTool = function () {
44    return data;
45  };
46
47  return data;
48}
49
50function _fsExtraP() {
51  const data = require("fs-extra-p");
52
53  _fsExtraP = function () {
54    return data;
55  };
56
57  return data;
58}
59
60function _isCi() {
61  const data = _interopRequireDefault(require("is-ci"));
62
63  _isCi = function () {
64    return data;
65  };
66
67  return data;
68}
69
70function os() {
71  const data = _interopRequireWildcard(require("os"));
72
73  os = function () {
74    return data;
75  };
76
77  return data;
78}
79
80var path = _interopRequireWildcard(require("path"));
81
82function _platformPackager() {
83  const data = require("./platformPackager");
84
85  _platformPackager = function () {
86    return data;
87  };
88
89  return data;
90}
91
92function _flags() {
93  const data = require("./util/flags");
94
95  _flags = function () {
96    return data;
97  };
98
99  return data;
100}
101
102function _vm() {
103  const data = require("./vm/vm");
104
105  _vm = function () {
106    return data;
107  };
108
109  return data;
110}
111
112let doSign = (() => {
113  var _ref3 = (0, _bluebirdLst().coroutine)(function* (configuration, packager) {
114    // https://github.com/electron-userland/electron-builder/pull/1944
115    const timeout = parseInt(process.env.SIGNTOOL_TIMEOUT, 10) || 10 * 60 * 1000;
116    let tool;
117    let args;
118    let env = process.env;
119    let vm;
120
121    if (configuration.path.endsWith(".appx") || !("file" in configuration.cscInfo)
122    /* certificateSubjectName and other such options */
123    ) {
124        vm = yield packager.vm.value;
125        tool = getWinSignTool((yield getSignVendorPath()));
126        args = computeSignToolArgs(configuration, true, vm);
127      } else {
128      vm = new (_vm().VmManager)();
129      const toolInfo = yield getToolPath();
130      tool = toolInfo.path;
131      args = configuration.computeSignToolArgs(process.platform === "win32");
132
133      if (toolInfo.env != null) {
134        env = toolInfo.env;
135      }
136    }
137
138    try {
139      yield vm.exec(tool, args, {
140        timeout,
141        env
142      });
143    } catch (e) {
144      if (e.message.includes("The file is being used by another process")) {
145        yield new Promise((resolve, reject) => {
146          setTimeout(() => {
147            vm.exec(tool, args, {
148              timeout,
149              env
150            }).then(resolve).catch(reject);
151          }, 2000);
152        });
153      }
154
155      throw e;
156    }
157  });
158
159  return function doSign(_x5, _x6) {
160    return _ref3.apply(this, arguments);
161  };
162})(); // on windows be aware of http://stackoverflow.com/a/32640183/1910191
163
164
165let getToolPath = (() => {
166  var _ref4 = (0, _bluebirdLst().coroutine)(function* () {
167    if ((0, _flags().isUseSystemSigncode)()) {
168      return {
169        path: "osslsigncode"
170      };
171    }
172
173    const result = process.env.SIGNTOOL_PATH;
174
175    if (result) {
176      return {
177        path: result
178      };
179    }
180
181    const vendorPath = yield getSignVendorPath();
182
183    if (process.platform === "win32") {
184      // use modern signtool on Windows Server 2012 R2 to be able to sign AppX
185      return {
186        path: getWinSignTool(vendorPath)
187      };
188    } else if (process.platform === "darwin") {
189      let suffix = null;
190
191      try {
192        if (yield (0, _builderUtil().isMacOsSierra)()) {
193          const toolDirPath = path.join(vendorPath, process.platform, "10.12");
194          return {
195            path: path.join(toolDirPath, "osslsigncode"),
196            env: (0, _bundledTool().computeToolEnv)([path.join(toolDirPath, "lib")])
197          };
198        } else if (_isCi().default) {
199          // not clear for what we do this instead of using version detection
200          suffix = "ci";
201        }
202      } catch (e) {
203        _builderUtil().log.warn(`${e.stack || e}`);
204      }
205
206      return {
207        path: path.join(vendorPath, process.platform, `${suffix == null ? "" : `${suffix}/`}osslsigncode`)
208      };
209    } else {
210      return {
211        path: path.join(vendorPath, process.platform, "osslsigncode")
212      };
213    }
214  });
215
216  return function getToolPath() {
217    return _ref4.apply(this, arguments);
218  };
219})(); function _interopRequireWildcard(obj) { if (obj && obj.__esModule) { return obj; } else { var newObj = {}; if (obj != null) { for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) { var desc = Object.defineProperty && Object.getOwnPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : {}; if (desc.get || desc.set) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } } newObj.default = obj; return newObj; } }
220
221function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
222
223function getSignVendorPath() {
224  //noinspection SpellCheckingInspection
225  return (0, _binDownload().getBinFromGithub)("winCodeSign", "2.2.0", "qgm7bMtb/F9et2vxbb3XP4P4qnMcK7vmesx0A7djQUOvHkpIf5HlXcMz3VLGhXHqvBrqA9PKL8lcc7oEy0noaw==");
226}
227
228let sign = (() => {
229  var _ref = (0, _bluebirdLst().coroutine)(function* (options, packager) {
230    let hashes = options.options.signingHashAlgorithms; // msi does not support dual-signing
231
232    if (options.path.endsWith(".msi")) {
233      hashes = [hashes != null && !hashes.includes("sha1") ? "sha256" : "sha1"];
234    } else if (options.path.endsWith(".appx")) {
235      hashes = ["sha256"];
236    } else if (hashes == null) {
237      hashes = ["sha1", "sha256"];
238    } else {
239      hashes = Array.isArray(hashes) ? hashes : [hashes];
240    }
241
242    function defaultExecutor(configuration) {
243      return doSign(configuration, packager);
244    }
245
246    const executor = (0, _platformPackager().resolveFunction)(options.options.sign, "sign") || defaultExecutor;
247    let isNest = false;
248
249    for (const hash of hashes) {
250      const taskConfiguration = Object.assign({}, options, {
251        hash,
252        isNest
253      });
254      yield executor(Object.assign({}, taskConfiguration, {
255        computeSignToolArgs: isWin => computeSignToolArgs(taskConfiguration, isWin)
256      }));
257      isNest = true;
258
259      if (taskConfiguration.resultOutputPath != null) {
260        yield (0, _fsExtraP().rename)(taskConfiguration.resultOutputPath, options.path);
261      }
262    }
263  });
264
265  return function sign(_x, _x2) {
266    return _ref.apply(this, arguments);
267  };
268})();
269
270exports.sign = sign;
271
272let getCertificateFromStoreInfo = (() => {
273  var _ref2 = (0, _bluebirdLst().coroutine)(function* (options, vm) {
274    const certificateSubjectName = options.certificateSubjectName;
275    const certificateSha1 = options.certificateSha1; // ExcludeProperty doesn't work, so, we cannot exclude RawData, it is ok
276    // powershell can return object if the only item
277
278    const rawResult = yield vm.exec("powershell.exe", ["Get-ChildItem -Recurse Cert: -CodeSigningCert | Select-Object -Property Subject,PSParentPath,Thumbprint | ConvertTo-Json -Compress"]);
279    const certList = rawResult.length === 0 ? [] : (0, _builderUtil().asArray)(JSON.parse(rawResult));
280
281    for (const certInfo of certList) {
282      if (certificateSubjectName != null) {
283        if (!certInfo.Subject.includes(certificateSubjectName)) {
284          continue;
285        }
286      } else if (certInfo.Thumbprint !== certificateSha1) {
287        continue;
288      }
289
290      const parentPath = certInfo.PSParentPath;
291      const store = parentPath.substring(parentPath.lastIndexOf("\\") + 1);
292
293      _builderUtil().log.debug({
294        store,
295        PSParentPath: parentPath
296      }, "auto-detect certificate store"); // https://github.com/electron-userland/electron-builder/issues/1717
297
298
299      const isLocalMachineStore = parentPath.includes("Certificate::LocalMachine");
300
301      _builderUtil().log.debug(null, "auto-detect using of LocalMachine store");
302
303      return {
304        thumbprint: certInfo.Thumbprint,
305        subject: certInfo.Subject,
306        store,
307        isLocalMachineStore
308      };
309    }
310
311    throw new Error(`Cannot find certificate ${certificateSubjectName || certificateSha1}, all certs: ${rawResult}`);
312  });
313
314  return function getCertificateFromStoreInfo(_x3, _x4) {
315    return _ref2.apply(this, arguments);
316  };
317})();
318
319exports.getCertificateFromStoreInfo = getCertificateFromStoreInfo;
320
321function computeSignToolArgs(options, isWin, vm = new (_vm().VmManager)()) {
322  const inputFile = vm.toVmFile(options.path);
323  const outputPath = isWin ? inputFile : getOutputPath(inputFile, options.hash);
324
325  if (!isWin) {
326    options.resultOutputPath = outputPath;
327  }
328
329  const args = isWin ? ["sign"] : ["-in", inputFile, "-out", outputPath];
330
331  if (process.env.ELECTRON_BUILDER_OFFLINE !== "true") {
332    const timestampingServiceUrl = options.options.timeStampServer || "http://timestamp.verisign.com/scripts/timstamp.dll";
333
334    if (isWin) {
335      args.push(options.isNest || options.hash === "sha256" ? "/tr" : "/t", options.isNest || options.hash === "sha256" ? options.options.rfc3161TimeStampServer || "http://sha256timestamp.ws.symantec.com/sha256/timestamp" : timestampingServiceUrl);
336    } else {
337      args.push("-t", timestampingServiceUrl);
338    }
339  }
340
341  const certificateFile = options.cscInfo.file;
342
343  if (certificateFile == null) {
344    const cscInfo = options.cscInfo;
345    const subjectName = cscInfo.thumbprint;
346
347    if (!isWin) {
348      throw new Error(`${subjectName == null ? "certificateSha1" : "certificateSubjectName"} supported only on Windows`);
349    }
350
351    args.push("/sha1", cscInfo.thumbprint);
352    args.push("/s", cscInfo.store);
353
354    if (cscInfo.isLocalMachineStore) {
355      args.push("/sm");
356    }
357  } else {
358    const certExtension = path.extname(certificateFile);
359
360    if (certExtension === ".p12" || certExtension === ".pfx") {
361      args.push(isWin ? "/f" : "-pkcs12", vm.toVmFile(certificateFile));
362    } else {
363      throw new Error(`Please specify pkcs12 (.p12/.pfx) file, ${certificateFile} is not correct`);
364    }
365  }
366
367  if (!isWin || options.hash !== "sha1") {
368    args.push(isWin ? "/fd" : "-h", options.hash);
369
370    if (isWin && process.env.ELECTRON_BUILDER_OFFLINE !== "true") {
371      args.push("/td", "sha256");
372    }
373  }
374
375  if (options.name) {
376    args.push(isWin ? "/d" : "-n", options.name);
377  }
378
379  if (options.site) {
380    args.push(isWin ? "/du" : "-i", options.site);
381  } // msi does not support dual-signing
382
383
384  if (options.isNest) {
385    args.push(isWin ? "/as" : "-nest");
386  }
387
388  const password = options.cscInfo == null ? null : options.cscInfo.password;
389
390  if (password) {
391    args.push(isWin ? "/p" : "-pass", password);
392  }
393
394  if (options.options.additionalCertificateFile) {
395    args.push(isWin ? "/ac" : "-ac", vm.toVmFile(options.options.additionalCertificateFile));
396  }
397
398  const httpsProxyFromEnv = process.env.HTTPS_PROXY;
399
400  if (!isWin && httpsProxyFromEnv != null && httpsProxyFromEnv.length) {
401    args.push("-p", httpsProxyFromEnv);
402  }
403
404  if (isWin) {
405    // https://github.com/electron-userland/electron-builder/issues/2875#issuecomment-387233610
406    args.push("/debug"); // must be last argument
407
408    args.push(inputFile);
409  }
410
411  return args;
412}
413
414function getOutputPath(inputPath, hash) {
415  const extension = path.extname(inputPath);
416  return path.join(path.dirname(inputPath), `${path.basename(inputPath, extension)}-signed-${hash}${extension}`);
417}
418/** @internal */
419
420
421function isOldWin6() {
422  const winVersion = os().release();
423  return winVersion.startsWith("6.") && !winVersion.startsWith("6.3");
424}
425
426function getWinSignTool(vendorPath) {
427  // use modern signtool on Windows Server 2012 R2 to be able to sign AppX
428  if (isOldWin6()) {
429    return path.join(vendorPath, "windows-6", "signtool.exe");
430  } else {
431    return path.join(vendorPath, "windows-10", process.arch, "signtool.exe");
432  }
433}
434//# sourceMappingURL=windowsCodeSign.js.map
\No newline at end of file

1	`"use strict";`
2
3	`Object.defineProperty(exports, "__esModule", {`
4	`value: true`
5	`});`
6	`exports.getSignVendorPath = getSignVendorPath;`
7	`exports.isOldWin6 = isOldWin6;`
8	`exports.getCertificateFromStoreInfo = exports.sign = void 0;`
9
10	`function _bluebirdLst() {`
11	`const data = require("bluebird-lst");`
12
13	`_bluebirdLst = function () {`
14	`return data;`
15	`};`
16
17	`return data;`
18	`}`
19
20	`function _builderUtil() {`
21	`const data = require("builder-util");`
22
23	`_builderUtil = function () {`
24	`return data;`
25	`};`
26
27	`return data;`
28	`}`
29
30	`function _binDownload() {`
31	`const data = require("builder-util/out/binDownload");`
32
33	`_binDownload = function () {`
34	`return data;`
35	`};`
36
37	`return data;`
38	`}`
39
40	`function _bundledTool() {`
41	`const data = require("builder-util/out/bundledTool");`
42
43	`_bundledTool = function () {`
44	`return data;`
45	`};`
46
47	`return data;`
48	`}`
49
50	`function _fsExtraP() {`
51	`const data = require("fs-extra-p");`
52
53	`_fsExtraP = function () {`
54	`return data;`
55	`};`
56
57	`return data;`
58	`}`
59
60	`function _isCi() {`
61	`const data = _interopRequireDefault(require("is-ci"));`
62
63	`_isCi = function () {`
64	`return data;`
65	`};`
66
67	`return data;`
68	`}`
69
70	`function os() {`
71	`const data = _interopRequireWildcard(require("os"));`
72
73	`os = function () {`
74	`return data;`
75	`};`
76
77	`return data;`
78	`}`
79
80	`var path = _interopRequireWildcard(require("path"));`
81
82	`function _platformPackager() {`
83	`const data = require("./platformPackager");`
84
85	`_platformPackager = function () {`
86	`return data;`
87	`};`
88
89	`return data;`
90	`}`
91
92	`function _flags() {`
93	`const data = require("./util/flags");`
94
95	`_flags = function () {`
96	`return data;`
97	`};`
98
99	`return data;`
100	`}`
101
102	`function _vm() {`
103	`const data = require("./vm/vm");`
104
105	`_vm = function () {`
106	`return data;`
107	`};`
108
109	`return data;`
110	`}`
111
112	`let doSign = (() => {`
113	`var _ref3 = (0, _bluebirdLst().coroutine)(function* (configuration, packager) {`
114	`// https://github.com/electron-userland/electron-builder/pull/1944`
115	`const timeout = parseInt(process.env.SIGNTOOL_TIMEOUT, 10) \|\| 10 * 60 * 1000;`
116	`let tool;`
117	`let args;`
118	`let env = process.env;`
119	`let vm;`
120
121	`if (configuration.path.endsWith(".appx") \|\| !("file" in configuration.cscInfo)`
122	`/* certificateSubjectName and other such options */`
123	`) {`
124	`vm = yield packager.vm.value;`
125	`tool = getWinSignTool((yield getSignVendorPath()));`
126	`args = computeSignToolArgs(configuration, true, vm);`
127	`} else {`
128	`vm = new (_vm().VmManager)();`
129	`const toolInfo = yield getToolPath();`
130	`tool = toolInfo.path;`
131	`args = configuration.computeSignToolArgs(process.platform === "win32");`
132
133	`if (toolInfo.env != null) {`
134	`env = toolInfo.env;`
135	`}`
136	`}`
137
138	`try {`
139	`yield vm.exec(tool, args, {`
140	`timeout,`
141	`env`
142	`});`
143	`} catch (e) {`
144	`if (e.message.includes("The file is being used by another process")) {`
145	`yield new Promise((resolve, reject) => {`
146	`setTimeout(() => {`
147	`vm.exec(tool, args, {`
148	`timeout,`
149	`env`
150	`}).then(resolve).catch(reject);`
151	`}, 2000);`
152	`});`
153	`}`
154
155	`throw e;`
156	`}`
157	`});`
158
159	`return function doSign(_x5, _x6) {`
160	`return _ref3.apply(this, arguments);`
161	`};`
162	`})(); // on windows be aware of http://stackoverflow.com/a/32640183/1910191`
163
164
165	`let getToolPath = (() => {`
166	`var _ref4 = (0, _bluebirdLst().coroutine)(function* () {`
167	`if ((0, _flags().isUseSystemSigncode)()) {`
168	`return {`
169	`path: "osslsigncode"`
170	`};`
171	`}`
172
173	`const result = process.env.SIGNTOOL_PATH;`
174
175	`if (result) {`
176	`return {`
177	`path: result`
178	`};`
179	`}`
180
181	`const vendorPath = yield getSignVendorPath();`
182
183	`if (process.platform === "win32") {`
184	`// use modern signtool on Windows Server 2012 R2 to be able to sign AppX`
185	`return {`
186	`path: getWinSignTool(vendorPath)`
187	`};`
188	`} else if (process.platform === "darwin") {`
189	`let suffix = null;`
190
191	`try {`
192	`if (yield (0, _builderUtil().isMacOsSierra)()) {`
193	`const toolDirPath = path.join(vendorPath, process.platform, "10.12");`
194	`return {`
195	`path: path.join(toolDirPath, "osslsigncode"),`
196	`env: (0, _bundledTool().computeToolEnv)([path.join(toolDirPath, "lib")])`
197	`};`
198	`} else if (_isCi().default) {`
199	`// not clear for what we do this instead of using version detection`
200	`suffix = "ci";`
201	`}`
202	`} catch (e) {`
203	_builderUtil().log.warn(`${e.stack \|\| e}`);
204	`}`
205
206	`return {`
207	path: path.join(vendorPath, process.platform, `${suffix == null ? "" : `${suffix}/`}osslsigncode`)
208	`};`
209	`} else {`
210	`return {`
211	`path: path.join(vendorPath, process.platform, "osslsigncode")`
212	`};`
213	`}`
214	`});`
215
216	`return function getToolPath() {`
217	`return _ref4.apply(this, arguments);`
218	`};`
219	`})(); function _interopRequireWildcard(obj) { if (obj && obj.__esModule) { return obj; } else { var newObj = {}; if (obj != null) { for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) { var desc = Object.defineProperty && Object.getOwnPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : {}; if (desc.get \|\| desc.set) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } } newObj.default = obj; return newObj; } }`
220
221	`function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }`
222
223	`function getSignVendorPath() {`
224	`//noinspection SpellCheckingInspection`
225	`return (0, _binDownload().getBinFromGithub)("winCodeSign", "2.2.0", "qgm7bMtb/F9et2vxbb3XP4P4qnMcK7vmesx0A7djQUOvHkpIf5HlXcMz3VLGhXHqvBrqA9PKL8lcc7oEy0noaw==");`
226	`}`
227
228	`let sign = (() => {`
229	`var _ref = (0, _bluebirdLst().coroutine)(function* (options, packager) {`
230	`let hashes = options.options.signingHashAlgorithms; // msi does not support dual-signing`
231
232	`if (options.path.endsWith(".msi")) {`
233	`hashes = [hashes != null && !hashes.includes("sha1") ? "sha256" : "sha1"];`
234	`} else if (options.path.endsWith(".appx")) {`
235	`hashes = ["sha256"];`
236	`} else if (hashes == null) {`
237	`hashes = ["sha1", "sha256"];`
238	`} else {`
239	`hashes = Array.isArray(hashes) ? hashes : [hashes];`
240	`}`
241
242	`function defaultExecutor(configuration) {`
243	`return doSign(configuration, packager);`
244	`}`
245
246	`const executor = (0, _platformPackager().resolveFunction)(options.options.sign, "sign") \|\| defaultExecutor;`
247	`let isNest = false;`
248
249	`for (const hash of hashes) {`
250	`const taskConfiguration = Object.assign({}, options, {`
251	`hash,`
252	`isNest`
253	`});`
254	`yield executor(Object.assign({}, taskConfiguration, {`
255	`computeSignToolArgs: isWin => computeSignToolArgs(taskConfiguration, isWin)`
256	`}));`
257	`isNest = true;`
258
259	`if (taskConfiguration.resultOutputPath != null) {`
260	`yield (0, _fsExtraP().rename)(taskConfiguration.resultOutputPath, options.path);`
261	`}`
262	`}`
263	`});`
264
265	`return function sign(_x, _x2) {`
266	`return _ref.apply(this, arguments);`
267	`};`
268	`})();`
269
270	`exports.sign = sign;`
271
272	`let getCertificateFromStoreInfo = (() => {`
273	`var _ref2 = (0, _bluebirdLst().coroutine)(function* (options, vm) {`
274	`const certificateSubjectName = options.certificateSubjectName;`
275	`const certificateSha1 = options.certificateSha1; // ExcludeProperty doesn't work, so, we cannot exclude RawData, it is ok`
276	`// powershell can return object if the only item`
277
278	`const rawResult = yield vm.exec("powershell.exe", ["Get-ChildItem -Recurse Cert: -CodeSigningCert \| Select-Object -Property Subject,PSParentPath,Thumbprint \| ConvertTo-Json -Compress"]);`
279	`const certList = rawResult.length === 0 ? [] : (0, _builderUtil().asArray)(JSON.parse(rawResult));`
280
281	`for (const certInfo of certList) {`
282	`if (certificateSubjectName != null) {`
283	`if (!certInfo.Subject.includes(certificateSubjectName)) {`
284	`continue;`
285	`}`
286	`} else if (certInfo.Thumbprint !== certificateSha1) {`
287	`continue;`
288	`}`
289
290	`const parentPath = certInfo.PSParentPath;`
291	`const store = parentPath.substring(parentPath.lastIndexOf("\\") + 1);`
292
293	`_builderUtil().log.debug({`
294	`store,`
295	`PSParentPath: parentPath`
296	`}, "auto-detect certificate store"); // https://github.com/electron-userland/electron-builder/issues/1717`
297
298
299	`const isLocalMachineStore = parentPath.includes("Certificate::LocalMachine");`
300
301	`_builderUtil().log.debug(null, "auto-detect using of LocalMachine store");`
302
303	`return {`
304	`thumbprint: certInfo.Thumbprint,`
305	`subject: certInfo.Subject,`
306	`store,`
307	`isLocalMachineStore`
308	`};`
309	`}`
310
311	throw new Error(`Cannot find certificate ${certificateSubjectName \|\| certificateSha1}, all certs: ${rawResult}`);
312	`});`
313
314	`return function getCertificateFromStoreInfo(_x3, _x4) {`
315	`return _ref2.apply(this, arguments);`
316	`};`
317	`})();`
318
319	`exports.getCertificateFromStoreInfo = getCertificateFromStoreInfo;`
320
321	`function computeSignToolArgs(options, isWin, vm = new (_vm().VmManager)()) {`
322	`const inputFile = vm.toVmFile(options.path);`
323	`const outputPath = isWin ? inputFile : getOutputPath(inputFile, options.hash);`
324
325	`if (!isWin) {`
326	`options.resultOutputPath = outputPath;`
327	`}`
328
329	`const args = isWin ? ["sign"] : ["-in", inputFile, "-out", outputPath];`
330
331	`if (process.env.ELECTRON_BUILDER_OFFLINE !== "true") {`
332	`const timestampingServiceUrl = options.options.timeStampServer \|\| "http://timestamp.verisign.com/scripts/timstamp.dll";`
333
334	`if (isWin) {`
335	`args.push(options.isNest \|\| options.hash === "sha256" ? "/tr" : "/t", options.isNest \|\| options.hash === "sha256" ? options.options.rfc3161TimeStampServer \|\| "http://sha256timestamp.ws.symantec.com/sha256/timestamp" : timestampingServiceUrl);`
336	`} else {`
337	`args.push("-t", timestampingServiceUrl);`
338	`}`
339	`}`
340
341	`const certificateFile = options.cscInfo.file;`
342
343	`if (certificateFile == null) {`
344	`const cscInfo = options.cscInfo;`
345	`const subjectName = cscInfo.thumbprint;`
346
347	`if (!isWin) {`
348	throw new Error(`${subjectName == null ? "certificateSha1" : "certificateSubjectName"} supported only on Windows`);
349	`}`
350
351	`args.push("/sha1", cscInfo.thumbprint);`
352	`args.push("/s", cscInfo.store);`
353
354	`if (cscInfo.isLocalMachineStore) {`
355	`args.push("/sm");`
356	`}`
357	`} else {`
358	`const certExtension = path.extname(certificateFile);`
359
360	`if (certExtension === ".p12" \|\| certExtension === ".pfx") {`
361	`args.push(isWin ? "/f" : "-pkcs12", vm.toVmFile(certificateFile));`
362	`} else {`
363	throw new Error(`Please specify pkcs12 (.p12/.pfx) file, ${certificateFile} is not correct`);
364	`}`
365	`}`
366
367	`if (!isWin \|\| options.hash !== "sha1") {`
368	`args.push(isWin ? "/fd" : "-h", options.hash);`
369
370	`if (isWin && process.env.ELECTRON_BUILDER_OFFLINE !== "true") {`
371	`args.push("/td", "sha256");`
372	`}`
373	`}`
374
375	`if (options.name) {`
376	`args.push(isWin ? "/d" : "-n", options.name);`
377	`}`
378
379	`if (options.site) {`
380	`args.push(isWin ? "/du" : "-i", options.site);`
381	`} // msi does not support dual-signing`
382
383
384	`if (options.isNest) {`
385	`args.push(isWin ? "/as" : "-nest");`
386	`}`
387
388	`const password = options.cscInfo == null ? null : options.cscInfo.password;`
389
390	`if (password) {`
391	`args.push(isWin ? "/p" : "-pass", password);`
392	`}`
393
394	`if (options.options.additionalCertificateFile) {`
395	`args.push(isWin ? "/ac" : "-ac", vm.toVmFile(options.options.additionalCertificateFile));`
396	`}`
397
398	`const httpsProxyFromEnv = process.env.HTTPS_PROXY;`
399
400	`if (!isWin && httpsProxyFromEnv != null && httpsProxyFromEnv.length) {`
401	`args.push("-p", httpsProxyFromEnv);`
402	`}`
403
404	`if (isWin) {`
405	`// https://github.com/electron-userland/electron-builder/issues/2875#issuecomment-387233610`
406	`args.push("/debug"); // must be last argument`
407
408	`args.push(inputFile);`
409	`}`
410
411	`return args;`
412	`}`
413
414	`function getOutputPath(inputPath, hash) {`
415	`const extension = path.extname(inputPath);`
416	return path.join(path.dirname(inputPath), `${path.basename(inputPath, extension)}-signed-${hash}${extension}`);
417	`}`
418	`/** @internal */`
419
420
421	`function isOldWin6() {`
422	`const winVersion = os().release();`
423	`return winVersion.startsWith("6.") && !winVersion.startsWith("6.3");`
424	`}`
425
426	`function getWinSignTool(vendorPath) {`
427	`// use modern signtool on Windows Server 2012 R2 to be able to sign AppX`
428	`if (isOldWin6()) {`
429	`return path.join(vendorPath, "windows-6", "signtool.exe");`
430	`} else {`
431	`return path.join(vendorPath, "windows-10", process.arch, "signtool.exe");`
432	`}`
433	`}`
434	`//# sourceMappingURL=windowsCodeSign.js.map`
\	No newline at end of file