| 1 | {"version":3,"sources":["../src/windowsCodeSign.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;AACA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;AACA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;AACA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;AACA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;AACA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;AACA;;AAEA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;AACA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;AACA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;;4CAiHA,WAAsB,aAAtB,EAAyE,QAAzE,EAA8F;AAC5F;AACA,UAAM,UAAU,SAAS,QAAQ,GAAR,CAAY,gBAArB,EAA8C,EAA9C,KAAqD,KAAK,EAAL,GAAU,IAA/E;AAEA,QAAI,IAAJ;AACA,QAAI,IAAJ;AACA,QAAI,MAAM,QAAQ,GAAlB;AACA,QAAI,EAAJ;;AACA,QAAI,cAAc,IAAd,CAAmB,QAAnB,CAA4B,OAA5B,KAAwC,EAAE,UAAU,cAAc,OAA1B;AAAqC;AAAjF,MAAsI;AACpI,aAAK,MAAM,SAAS,EAAT,CAAY,KAAvB;AACA,eAAO,gBAAe,MAAM,mBAArB,EAAP;AACA,eAAO,oBAAoB,aAApB,EAAmC,IAAnC,EAAyC,EAAzC,CAAP;AACD,OAJD,MAKK;AACH,WAAK,KAAI,eAAJ,GAAL;AACA,YAAM,WAAW,MAAM,aAAvB;AACA,aAAO,SAAS,IAAhB;AACA,aAAO,cAAc,mBAAd,CAAkC,QAAQ,QAAR,KAAqB,OAAvD,CAAP;;AACA,UAAI,SAAS,GAAT,IAAgB,IAApB,EAA0B;AACxB,cAAM,SAAS,GAAf;AACD;AACF;;AAED,QAAI;AACF,YAAM,GAAG,IAAH,CAAQ,IAAR,EAAc,IAAd,EAAoB;AAAC,eAAD;AAAU;AAAV,OAApB,CAAN;AACD,KAFD,CAGA,OAAO,CAAP,EAAU;AACR,UAAI,EAAE,OAAF,CAAU,QAAV,CAAmB,2CAAnB,CAAJ,EAAqE;AACnE,cAAM,IAAI,OAAJ,CAAY,CAAC,OAAD,EAAU,MAAV,KAAoB;AACpC,qBAAW,MAAK;AACd,eAAG,IAAH,CAAQ,IAAR,EAAc,IAAd,EAAoB;AAAC,qBAAD;AAAU;AAAV,aAApB,EACG,IADH,CACQ,OADR,EAEG,KAFH,CAES,MAFT;AAGD,WAJD,EAIG,IAJH;AAKD,SANK,CAAN;AAOD;;AACD,YAAM,CAAN;AACD;AACF,G;;kBAtCI,M;;;MA8CL;;;;4CA6GA,aAAK;AACH,QAAI,mCAAJ,EAA2B;AACzB,aAAO;AAAC,cAAM;AAAP,OAAP;AACD;;AAED,UAAM,SAAS,QAAQ,GAAR,CAAY,aAA3B;;AACA,QAAI,MAAJ,EAAY;AACV,aAAO;AAAC,cAAM;AAAP,OAAP;AACD;;AAED,UAAM,aAAa,MAAM,mBAAzB;;AACA,QAAI,QAAQ,QAAR,KAAqB,OAAzB,EAAkC;AAChC;AACA,aAAO;AAAC,cAAM,eAAe,UAAf;AAAP,OAAP;AACD,KAHD,MAIK,IAAI,QAAQ,QAAR,KAAqB,QAAzB,EAAmC;AACtC,UAAI,SAAwB,IAA5B;;AACA,UAAI;AACF,YAAI,MAAM,mCAAV,EAA2B;AACzB,gBAAM,cAAc,KAAK,IAAL,CAAU,UAAV,EAAsB,QAAQ,QAA9B,EAAwC,OAAxC,CAApB;AACA,iBAAO;AACL,kBAAM,KAAK,IAAL,CAAU,WAAV,EAAuB,cAAvB,CADD;AAEL,iBAAK,mCAAe,CAAC,KAAK,IAAL,CAAU,WAAV,EAAuB,KAAvB,CAAD,CAAf;AAFA,WAAP;AAID,SAND,MAOK,IAAI,eAAJ,EAAU;AACb;AACA,mBAAS,IAAT;AACD;AACF,OAZD,CAaA,OAAO,CAAP,EAAU;AACR,2BAAI,IAAJ,CAAS,GAAG,EAAE,KAAF,IAAW,CAAC,EAAxB;AACD;;AACD,aAAO;AAAC,cAAM,KAAK,IAAL,CAAU,UAAV,EAAsB,QAAQ,QAA9B,EAAwC,GAAG,UAAU,IAAV,GAAiB,EAAjB,GAAsB,GAAG,MAAM,GAAG,cAA7E;AAAP,OAAP;AACD,KAnBI,MAoBA;AACH,aAAO;AAAC,cAAM,KAAK,IAAL,CAAU,UAAV,EAAsB,QAAQ,QAA9B,EAAwC,cAAxC;AAAP,OAAP;AACD;AACF,G;;kBAtCI,W;;;;;;;;;;AAzQC,SAAA,iBAAA,GAAA;AACJ;AACA,SAAO,qCAAiB,aAAjB,EAAgC,OAAhC,EAAyC,0FAAzC,CAAP;AACD;;;2CA0BM,WAAoB,OAApB,EAAiD,QAAjD,EAAsE;AAC3E,QAAI,SAAS,QAAQ,OAAR,CAAgB,qBAA7B,CAD2E,CAE3E;;AACA,QAAI,QAAQ,IAAR,CAAa,QAAb,CAAsB,MAAtB,CAAJ,EAAmC;AACjC,eAAS,CAAC,UAAU,IAAV,IAAkB,CAAC,OAAO,QAAP,CAAgB,MAAhB,CAAnB,GAA6C,QAA7C,GAAwD,MAAzD,CAAT;AACD,KAFD,MAGK,IAAI,QAAQ,IAAR,CAAa,QAAb,CAAsB,OAAtB,CAAJ,EAAoC;AACvC,eAAS,CAAC,QAAD,CAAT;AACD,KAFI,MAGA,IAAI,UAAU,IAAd,EAAoB;AACvB,eAAS,CAAC,MAAD,EAAS,QAAT,CAAT;AACD,KAFI,MAGA;AACH,eAAS,MAAM,OAAN,CAAc,MAAd,IAAwB,MAAxB,GAAiC,CAAC,MAAD,CAA1C;AACD;;AAED,aAAA,eAAA,CAAyB,aAAzB,EAA0E;AACxE,aAAO,OAAO,aAAP,EAAsB,QAAtB,CAAP;AACD;;AAED,UAAM,WAAW,yCAAgB,QAAQ,OAAR,CAAgB,IAAhC,EAAsC,MAAtC,KAAiD,eAAlE;AACA,QAAI,SAAS,KAAb;;AACA,SAAK,MAAM,IAAX,IAAmB,MAAnB,EAA2B;AACzB,YAAM,oBAAiB,OAAA,MAAA,CAAA,EAAA,EAAqC,OAArC,EAA4C;AAAE,YAAF;AAAQ;AAAR,OAA5C,CAAvB;AACA,YAAM,SAAQ,OAAA,MAAA,CAAA,EAAA,EACT,iBADS,EACQ;AACpB,6BAAqB,SAAS,oBAAoB,iBAApB,EAAuC,KAAvC;AADV,OADR,CAAR,CAAN;AAIA,eAAS,IAAT;;AACA,UAAI,kBAAkB,gBAAlB,IAAsC,IAA1C,EAAgD;AAC9C,cAAM,wBAAO,kBAAkB,gBAAzB,EAA2C,QAAQ,IAAnD,CAAN;AACD;AACF;AACF,G;;kBAjCW,I;;;;;;;;4CA+CL,WAA2C,OAA3C,EAA0E,EAA1E,EAAuF;AAC5F,UAAM,yBAAyB,QAAQ,sBAAvC;AACA,UAAM,kBAAkB,QAAQ,eAAhC,CAF4F,CAG5F;AACA;;AACA,UAAM,YAAY,MAAM,GAAG,IAAH,CAAQ,gBAAR,EAA0B,CAAC,oIAAD,CAA1B,CAAxB;AACA,UAAM,WAAW,UAAU,MAAV,KAAqB,CAArB,GAAyB,EAAzB,GAA8B,4BAAkB,KAAK,KAAL,CAAW,SAAX,CAAlB,CAA/C;;AACA,SAAK,MAAM,QAAX,IAAuB,QAAvB,EAAiC;AAC/B,UAAI,0BAA0B,IAA9B,EAAoC;AAClC,YAAI,CAAC,SAAS,OAAT,CAAiB,QAAjB,CAA0B,sBAA1B,CAAL,EAAwD;AACtD;AACD;AACF,OAJD,MAKK,IAAI,SAAS,UAAT,KAAwB,eAA5B,EAA6C;AAChD;AACD;;AAED,YAAM,aAAa,SAAS,YAA5B;AACA,YAAM,QAAQ,WAAW,SAAX,CAAqB,WAAW,WAAX,CAAuB,IAAvB,IAA+B,CAApD,CAAd;;AACA,yBAAI,KAAJ,CAAU;AAAC,aAAD;AAAQ,sBAAc;AAAtB,OAAV,EAA6C,+BAA7C,EAZ+B,CAa/B;;;AACA,YAAM,sBAAuB,WAAW,QAAX,CAAoB,2BAApB,CAA7B;;AACA,yBAAI,KAAJ,CAAU,IAAV,EAAgB,yCAAhB;;AACA,aAAO;AACL,oBAAY,SAAS,UADhB;AAEL,iBAAS,SAAS,OAFb;AAGL,aAHK;AAIL;AAJK,OAAP;AAMD;;AAED,UAAM,IAAI,KAAJ,CAAU,2BAA2B,0BAA0B,eAAe,gBAAgB,SAAS,EAAvG,CAAN;AACD,G;;kBAhCW,2B;;;;;;;AAiFZ,SAAA,mBAAA,CAA6B,OAA7B,EAAoE,KAApE,EAAoF,KAAgB,KAAI,eAAJ,GAApG,EAAmH;AACjH,QAAM,YAAY,GAAG,QAAH,CAAY,QAAQ,IAApB,CAAlB;AACA,QAAM,aAAa,QAAQ,SAAR,GAAoB,cAAc,SAAd,EAAyB,QAAQ,IAAjC,CAAvC;;AACA,MAAI,CAAC,KAAL,EAAY;AACV,YAAQ,gBAAR,GAA2B,UAA3B;AACD;;AAED,QAAM,OAAO,QAAQ,CAAC,MAAD,CAAR,GAAmB,CAAC,KAAD,EAAQ,SAAR,EAAmB,MAAnB,EAA2B,UAA3B,CAAhC;;AAEA,MAAI,QAAQ,GAAR,CAAY,wBAAZ,KAAyC,MAA7C,EAAqD;AACnD,UAAM,yBAAyB,QAAQ,OAAR,CAAgB,eAAhB,IAAmC,oDAAlE;;AACA,QAAI,KAAJ,EAAW;AACT,WAAK,IAAL,CAAU,QAAQ,MAAR,IAAkB,QAAQ,IAAR,KAAiB,QAAnC,GAA8C,KAA9C,GAAsD,IAAhE,EAAsE,QAAQ,MAAR,IAAkB,QAAQ,IAAR,KAAiB,QAAnC,GAA+C,QAAQ,OAAR,CAAgB,sBAAhB,IAA0C,yDAAzF,GAAsJ,sBAA5N;AACD,KAFD,MAGK;AACH,WAAK,IAAL,CAAU,IAAV,EAAgB,sBAAhB;AACD;AACF;;AAED,QAAM,kBAAmB,QAAQ,OAAR,CAAwC,IAAjE;;AACA,MAAI,mBAAmB,IAAvB,EAA6B;AAC3B,UAAM,UAAW,QAAQ,OAAzB;AACA,UAAM,cAAc,QAAQ,UAA5B;;AACA,QAAI,CAAC,KAAL,EAAY;AACV,YAAM,IAAI,KAAJ,CAAU,GAAG,eAAe,IAAf,GAAsB,iBAAtB,GAA0C,wBAAwB,4BAA/E,CAAN;AACD;;AAED,SAAK,IAAL,CAAU,OAAV,EAAmB,QAAQ,UAA3B;AACA,SAAK,IAAL,CAAU,IAAV,EAAgB,QAAQ,KAAxB;;AACA,QAAI,QAAQ,mBAAZ,EAAiC;AAC/B,WAAK,IAAL,CAAU,KAAV;AACD;AACF,GAZD,MAaK;AACH,UAAM,gBAAgB,KAAK,OAAL,CAAa,eAAb,CAAtB;;AACA,QAAI,kBAAkB,MAAlB,IAA4B,kBAAkB,MAAlD,EAA0D;AACxD,WAAK,IAAL,CAAU,QAAQ,IAAR,GAAe,SAAzB,EAAoC,GAAG,QAAH,CAAY,eAAZ,CAApC;AACD,KAFD,MAGK;AACH,YAAM,IAAI,KAAJ,CAAU,2CAA2C,eAAe,iBAApE,CAAN;AACD;AACF;;AAED,MAAI,CAAC,KAAD,IAAU,QAAQ,IAAR,KAAiB,MAA/B,EAAuC;AACrC,SAAK,IAAL,CAAU,QAAQ,KAAR,GAAgB,IAA1B,EAAgC,QAAQ,IAAxC;;AACA,QAAI,SAAS,QAAQ,GAAR,CAAY,wBAAZ,KAAyC,MAAtD,EAA8D;AAC5D,WAAK,IAAL,CAAU,KAAV,EAAiB,QAAjB;AACD;AACF;;AAED,MAAI,QAAQ,IAAZ,EAAkB;AAChB,SAAK,IAAL,CAAU,QAAQ,IAAR,GAAe,IAAzB,EAA+B,QAAQ,IAAvC;AACD;;AAED,MAAI,QAAQ,IAAZ,EAAkB;AAChB,SAAK,IAAL,CAAU,QAAQ,KAAR,GAAgB,IAA1B,EAAgC,QAAQ,IAAxC;AACD,GAxDgH,CA0DjH;;;AACA,MAAI,QAAQ,MAAZ,EAAoB;AAClB,SAAK,IAAL,CAAU,QAAQ,KAAR,GAAgB,OAA1B;AACD;;AAED,QAAM,WAAW,QAAQ,OAAR,IAAmB,IAAnB,GAA0B,IAA1B,GAAkC,QAAQ,OAAR,CAAwC,QAA3F;;AACA,MAAI,QAAJ,EAAc;AACZ,SAAK,IAAL,CAAU,QAAQ,IAAR,GAAe,OAAzB,EAAkC,QAAlC;AACD;;AAED,MAAI,QAAQ,OAAR,CAAgB,yBAApB,EAA+C;AAC7C,SAAK,IAAL,CAAU,QAAQ,KAAR,GAAgB,KAA1B,EAAiC,GAAG,QAAH,CAAY,QAAQ,OAAR,CAAgB,yBAA5B,CAAjC;AACD;;AAED,QAAM,oBAAoB,QAAQ,GAAR,CAAY,WAAtC;;AACA,MAAI,CAAC,KAAD,IAAU,qBAAqB,IAA/B,IAAuC,kBAAkB,MAA7D,EAAqE;AACnE,SAAK,IAAL,CAAU,IAAV,EAAgB,iBAAhB;AACD;;AAED,MAAI,KAAJ,EAAW;AACT;AACA,SAAK,IAAL,CAAU,QAAV,EAFS,CAGT;;AACA,SAAK,IAAL,CAAU,SAAV;AACD;;AAED,SAAO,IAAP;AACD;;AAED,SAAA,aAAA,CAAuB,SAAvB,EAA0C,IAA1C,EAAsD;AACpD,QAAM,YAAY,KAAK,OAAL,CAAa,SAAb,CAAlB;AACA,SAAO,KAAK,IAAL,CAAU,KAAK,OAAL,CAAa,SAAb,CAAV,EAAmC,GAAG,KAAK,QAAL,CAAc,SAAd,EAAyB,SAAzB,CAAmC,WAAW,IAAI,GAAG,SAAS,EAApG,CAAP;AACD;AAED;;;AACM,SAAA,SAAA,GAAA;AACJ,QAAM,aAAa,KAAG,OAAH,EAAnB;AACA,SAAO,WAAW,UAAX,CAAsB,IAAtB,KAA+B,CAAC,WAAW,UAAX,CAAsB,KAAtB,CAAvC;AACD;;AAED,SAAA,cAAA,CAAwB,UAAxB,EAA0C;AACxC;AACA,MAAI,WAAJ,EAAiB;AACf,WAAO,KAAK,IAAL,CAAU,UAAV,EAAsB,WAAtB,EAAmC,cAAnC,CAAP;AACD,GAFD,MAGK;AACH,WAAO,KAAK,IAAL,CAAU,UAAV,EAAsB,YAAtB,EAAoC,QAAQ,IAA5C,EAAkD,cAAlD,CAAP;AACD;AACF","sourcesContent":["import { asArray, isMacOsSierra, log } from \"builder-util\"\nimport { getBinFromGithub } from \"builder-util/out/binDownload\"\nimport { computeToolEnv, ToolInfo } from \"builder-util/out/bundledTool\"\nimport { rename } from \"fs-extra-p\"\nimport isCi from \"is-ci\"\nimport * as os from \"os\"\nimport * as path from \"path\"\nimport { WindowsConfiguration } from \"./options/winOptions\"\nimport { resolveFunction } from \"./platformPackager\"\nimport { isUseSystemSigncode } from \"./util/flags\"\nimport { VmManager } from \"./vm/vm\"\nimport { WinPackager } from \"./winPackager\"\n\nexport function getSignVendorPath() {\n //noinspection SpellCheckingInspection\n return getBinFromGithub(\"winCodeSign\", \"2.2.0\", \"qgm7bMtb/F9et2vxbb3XP4P4qnMcK7vmesx0A7djQUOvHkpIf5HlXcMz3VLGhXHqvBrqA9PKL8lcc7oEy0noaw==\")\n}\n\nexport type CustomWindowsSign = (configuration: CustomWindowsSignTaskConfiguration) => Promise<any>\n\nexport interface WindowsSignOptions {\n readonly path: string\n\n readonly name?: string | null\n readonly cscInfo?: FileCodeSigningInfo | CertificateFromStoreInfo | null\n readonly site?: string | null\n\n readonly options: WindowsConfiguration\n}\n\nexport interface WindowsSignTaskConfiguration extends WindowsSignOptions {\n // set if output path differs from input (e.g. osslsigncode cannot sign file inplace)\n resultOutputPath?: string\n\n hash: string\n isNest: boolean\n}\n\nexport interface CustomWindowsSignTaskConfiguration extends WindowsSignTaskConfiguration {\n computeSignToolArgs(isWin: boolean): Array<string>\n}\n\nexport async function sign(options: WindowsSignOptions, packager: WinPackager) {\n let hashes = options.options.signingHashAlgorithms\n // msi does not support dual-signing\n if (options.path.endsWith(\".msi\")) {\n hashes = [hashes != null && !hashes.includes(\"sha1\") ? \"sha256\" : \"sha1\"]\n }\n else if (options.path.endsWith(\".appx\")) {\n hashes = [\"sha256\"]\n }\n else if (hashes == null) {\n hashes = [\"sha1\", \"sha256\"]\n }\n else {\n hashes = Array.isArray(hashes) ? hashes : [hashes]\n }\n\n function defaultExecutor(configuration: CustomWindowsSignTaskConfiguration) {\n return doSign(configuration, packager)\n }\n\n const executor = resolveFunction(options.options.sign, \"sign\") || defaultExecutor\n let isNest = false\n for (const hash of hashes) {\n const taskConfiguration: WindowsSignTaskConfiguration = {...options, hash, isNest}\n await executor({\n ...taskConfiguration,\n computeSignToolArgs: isWin => computeSignToolArgs(taskConfiguration, isWin)\n })\n isNest = true\n if (taskConfiguration.resultOutputPath != null) {\n await rename(taskConfiguration.resultOutputPath, options.path)\n }\n }\n}\n\nexport interface FileCodeSigningInfo {\n readonly file: string\n readonly password: string | null\n}\n\nexport interface CertificateFromStoreInfo {\n thumbprint: string\n subject: string\n store: string\n isLocalMachineStore: boolean\n}\n\nexport async function getCertificateFromStoreInfo(options: WindowsConfiguration, vm: VmManager): Promise<CertificateFromStoreInfo> {\n const certificateSubjectName = options.certificateSubjectName\n const certificateSha1 = options.certificateSha1\n // ExcludeProperty doesn't work, so, we cannot exclude RawData, it is ok\n // powershell can return object if the only item\n const rawResult = await vm.exec(\"powershell.exe\", [\"Get-ChildItem -Recurse Cert: -CodeSigningCert | Select-Object -Property Subject,PSParentPath,Thumbprint | ConvertTo-Json -Compress\"])\n const certList = rawResult.length === 0 ? [] : asArray<CertInfo>(JSON.parse(rawResult))\n for (const certInfo of certList) {\n if (certificateSubjectName != null) {\n if (!certInfo.Subject.includes(certificateSubjectName)) {\n continue\n }\n }\n else if (certInfo.Thumbprint !== certificateSha1) {\n continue\n }\n\n const parentPath = certInfo.PSParentPath\n const store = parentPath.substring(parentPath.lastIndexOf(\"\\\\\") + 1)\n log.debug({store, PSParentPath: parentPath}, \"auto-detect certificate store\")\n // https://github.com/electron-userland/electron-builder/issues/1717\n const isLocalMachineStore = (parentPath.includes(\"Certificate::LocalMachine\"))\n log.debug(null, \"auto-detect using of LocalMachine store\")\n return {\n thumbprint: certInfo.Thumbprint,\n subject: certInfo.Subject,\n store,\n isLocalMachineStore\n }\n }\n\n throw new Error(`Cannot find certificate ${certificateSubjectName || certificateSha1}, all certs: ${rawResult}`)\n}\n\nasync function doSign(configuration: CustomWindowsSignTaskConfiguration, packager: WinPackager) {\n // https://github.com/electron-userland/electron-builder/pull/1944\n const timeout = parseInt(process.env.SIGNTOOL_TIMEOUT as any, 10) || 10 * 60 * 1000\n\n let tool: string\n let args: Array<string>\n let env = process.env\n let vm: VmManager\n if (configuration.path.endsWith(\".appx\") || !(\"file\" in configuration.cscInfo!!) /* certificateSubjectName and other such options */) {\n vm = await packager.vm.value\n tool = getWinSignTool(await getSignVendorPath())\n args = computeSignToolArgs(configuration, true, vm)\n }\n else {\n vm = new VmManager()\n const toolInfo = await getToolPath()\n tool = toolInfo.path\n args = configuration.computeSignToolArgs(process.platform === \"win32\")\n if (toolInfo.env != null) {\n env = toolInfo.env\n }\n }\n\n try {\n await vm.exec(tool, args, {timeout, env})\n }\n catch (e) {\n if (e.message.includes(\"The file is being used by another process\")) {\n await new Promise((resolve, reject) => {\n setTimeout(() => {\n vm.exec(tool, args, {timeout, env})\n .then(resolve)\n .catch(reject)\n }, 2000)\n })\n }\n throw e\n }\n}\n\ninterface CertInfo {\n Subject: string\n Thumbprint: string\n PSParentPath: string\n}\n\n// on windows be aware of http://stackoverflow.com/a/32640183/1910191\nfunction computeSignToolArgs(options: WindowsSignTaskConfiguration, isWin: boolean, vm: VmManager = new VmManager()): Array<string> {\n const inputFile = vm.toVmFile(options.path)\n const outputPath = isWin ? inputFile : getOutputPath(inputFile, options.hash)\n if (!isWin) {\n options.resultOutputPath = outputPath\n }\n\n const args = isWin ? [\"sign\"] : [\"-in\", inputFile, \"-out\", outputPath]\n\n if (process.env.ELECTRON_BUILDER_OFFLINE !== \"true\") {\n const timestampingServiceUrl = options.options.timeStampServer || \"http://timestamp.verisign.com/scripts/timstamp.dll\"\n if (isWin) {\n args.push(options.isNest || options.hash === \"sha256\" ? \"/tr\" : \"/t\", options.isNest || options.hash === \"sha256\" ? (options.options.rfc3161TimeStampServer || \"http://sha256timestamp.ws.symantec.com/sha256/timestamp\") : timestampingServiceUrl)\n }\n else {\n args.push(\"-t\", timestampingServiceUrl)\n }\n }\n\n const certificateFile = (options.cscInfo as FileCodeSigningInfo).file\n if (certificateFile == null) {\n const cscInfo = (options.cscInfo as CertificateFromStoreInfo)\n const subjectName = cscInfo.thumbprint\n if (!isWin) {\n throw new Error(`${subjectName == null ? \"certificateSha1\" : \"certificateSubjectName\"} supported only on Windows`)\n }\n\n args.push(\"/sha1\", cscInfo.thumbprint)\n args.push(\"/s\", cscInfo.store)\n if (cscInfo.isLocalMachineStore) {\n args.push(\"/sm\")\n }\n }\n else {\n const certExtension = path.extname(certificateFile)\n if (certExtension === \".p12\" || certExtension === \".pfx\") {\n args.push(isWin ? \"/f\" : \"-pkcs12\", vm.toVmFile(certificateFile))\n }\n else {\n throw new Error(`Please specify pkcs12 (.p12/.pfx) file, ${certificateFile} is not correct`)\n }\n }\n\n if (!isWin || options.hash !== \"sha1\") {\n args.push(isWin ? \"/fd\" : \"-h\", options.hash)\n if (isWin && process.env.ELECTRON_BUILDER_OFFLINE !== \"true\") {\n args.push(\"/td\", \"sha256\")\n }\n }\n\n if (options.name) {\n args.push(isWin ? \"/d\" : \"-n\", options.name)\n }\n\n if (options.site) {\n args.push(isWin ? \"/du\" : \"-i\", options.site)\n }\n\n // msi does not support dual-signing\n if (options.isNest) {\n args.push(isWin ? \"/as\" : \"-nest\")\n }\n\n const password = options.cscInfo == null ? null : (options.cscInfo as FileCodeSigningInfo).password\n if (password) {\n args.push(isWin ? \"/p\" : \"-pass\", password)\n }\n\n if (options.options.additionalCertificateFile) {\n args.push(isWin ? \"/ac\" : \"-ac\", vm.toVmFile(options.options.additionalCertificateFile))\n }\n\n const httpsProxyFromEnv = process.env.HTTPS_PROXY\n if (!isWin && httpsProxyFromEnv != null && httpsProxyFromEnv.length) {\n args.push(\"-p\", httpsProxyFromEnv)\n }\n\n if (isWin) {\n // https://github.com/electron-userland/electron-builder/issues/2875#issuecomment-387233610\n args.push(\"/debug\")\n // must be last argument\n args.push(inputFile)\n }\n\n return args\n}\n\nfunction getOutputPath(inputPath: string, hash: string) {\n const extension = path.extname(inputPath)\n return path.join(path.dirname(inputPath), `${path.basename(inputPath, extension)}-signed-${hash}${extension}`)\n}\n\n/** @internal */\nexport function isOldWin6() {\n const winVersion = os.release()\n return winVersion.startsWith(\"6.\") && !winVersion.startsWith(\"6.3\")\n}\n\nfunction getWinSignTool(vendorPath: string): string {\n // use modern signtool on Windows Server 2012 R2 to be able to sign AppX\n if (isOldWin6()) {\n return path.join(vendorPath, \"windows-6\", \"signtool.exe\")\n }\n else {\n return path.join(vendorPath, \"windows-10\", process.arch, \"signtool.exe\")\n }\n}\n\nasync function getToolPath(): Promise<ToolInfo> {\n if (isUseSystemSigncode()) {\n return {path: \"osslsigncode\"}\n }\n\n const result = process.env.SIGNTOOL_PATH\n if (result) {\n return {path: result}\n }\n\n const vendorPath = await getSignVendorPath()\n if (process.platform === \"win32\") {\n // use modern signtool on Windows Server 2012 R2 to be able to sign AppX\n return {path: getWinSignTool(vendorPath)}\n }\n else if (process.platform === \"darwin\") {\n let suffix: string | null = null\n try {\n if (await isMacOsSierra()) {\n const toolDirPath = path.join(vendorPath, process.platform, \"10.12\")\n return {\n path: path.join(toolDirPath, \"osslsigncode\"),\n env: computeToolEnv([path.join(toolDirPath, \"lib\")]),\n }\n }\n else if (isCi) {\n // not clear for what we do this instead of using version detection\n suffix = \"ci\"\n }\n }\n catch (e) {\n log.warn(`${e.stack || e}`)\n }\n return {path: path.join(vendorPath, process.platform, `${suffix == null ? \"\" : `${suffix}/`}osslsigncode`)}\n }\n else {\n return {path: path.join(vendorPath, process.platform, \"osslsigncode\")}\n }\n}\n"],"sourceRoot":""}
|