1 | "use strict";
|
2 |
|
3 | Object.defineProperty(exports, "__esModule", {
|
4 | value: true
|
5 | });
|
6 | exports.verifySignature = verifySignature;
|
7 |
|
8 | function _builderUtilRuntime() {
|
9 | const data = require("builder-util-runtime");
|
10 |
|
11 | _builderUtilRuntime = function () {
|
12 | return data;
|
13 | };
|
14 |
|
15 | return data;
|
16 | }
|
17 |
|
18 | function _child_process() {
|
19 | const data = require("child_process");
|
20 |
|
21 | _child_process = function () {
|
22 | return data;
|
23 | };
|
24 |
|
25 | return data;
|
26 | }
|
27 |
|
28 | function os() {
|
29 | const data = _interopRequireWildcard(require("os"));
|
30 |
|
31 | os = function () {
|
32 | return data;
|
33 | };
|
34 |
|
35 | return data;
|
36 | }
|
37 |
|
38 | function _getRequireWildcardCache() { if (typeof WeakMap !== "function") return null; var cache = new WeakMap(); _getRequireWildcardCache = function () { return cache; }; return cache; }
|
39 |
|
40 | function _interopRequireWildcard(obj) { if (obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
|
41 |
|
42 |
|
43 |
|
44 |
|
45 | function verifySignature(publisherNames, tempUpdateFile, logger) {
|
46 | return new Promise(resolve => {
|
47 |
|
48 |
|
49 | (0, _child_process().execFile)("powershell.exe", ["-NoProfile", "-NonInteractive", "-InputFormat", "None", "-Command", `Get-AuthenticodeSignature '${tempUpdateFile}' | ConvertTo-Json -Compress`], {
|
50 | timeout: 20 * 1000
|
51 | }, (error, stdout, stderr) => {
|
52 | try {
|
53 | if (error != null || stderr) {
|
54 | handleError(logger, error, stderr);
|
55 | resolve(null);
|
56 | return;
|
57 | }
|
58 |
|
59 | const data = parseOut(stdout);
|
60 |
|
61 | if (data.Status === 0) {
|
62 | const name = (0, _builderUtilRuntime().parseDn)(data.SignerCertificate.Subject).get("CN");
|
63 |
|
64 | if (publisherNames.includes(name)) {
|
65 | resolve(null);
|
66 | return;
|
67 | }
|
68 | }
|
69 |
|
70 | const result = `publisherNames: ${publisherNames.join(" | ")}, raw info: ` + JSON.stringify(data, (name, value) => name === "RawData" ? undefined : value, 2);
|
71 | logger.warn(`Sign verification failed, installer signed with incorrect certificate: ${result}`);
|
72 | resolve(result);
|
73 | } catch (e) {
|
74 | logger.warn(`Cannot execute Get-AuthenticodeSignature: ${error}. Ignoring signature validation due to unknown error.`);
|
75 | resolve(null);
|
76 | return;
|
77 | }
|
78 | });
|
79 | });
|
80 | }
|
81 |
|
82 | function parseOut(out) {
|
83 | const data = JSON.parse(out);
|
84 | delete data.PrivateKey;
|
85 | delete data.IsOSBinary;
|
86 | delete data.SignatureType;
|
87 | const signerCertificate = data.SignerCertificate;
|
88 |
|
89 | if (signerCertificate != null) {
|
90 | delete signerCertificate.Archived;
|
91 | delete signerCertificate.Extensions;
|
92 | delete signerCertificate.Handle;
|
93 | delete signerCertificate.HasPrivateKey;
|
94 |
|
95 | delete signerCertificate.SubjectName;
|
96 | }
|
97 |
|
98 | delete data.Path;
|
99 | return data;
|
100 | }
|
101 |
|
102 | function handleError(logger, error, stderr) {
|
103 | if (isOldWin6()) {
|
104 | logger.warn(`Cannot execute Get-AuthenticodeSignature: ${error || stderr}. Ignoring signature validation due to unsupported powershell version. Please upgrade to powershell 3 or higher.`);
|
105 | return;
|
106 | }
|
107 |
|
108 | try {
|
109 | (0, _child_process().execFileSync)("powershell.exe", ["-NoProfile", "-NonInteractive", "-Command", "ConvertTo-Json test"], {
|
110 | timeout: 10 * 1000
|
111 | });
|
112 | } catch (testError) {
|
113 | logger.warn(`Cannot execute ConvertTo-Json: ${testError.message}. Ignoring signature validation due to unsupported powershell version. Please upgrade to powershell 3 or higher.`);
|
114 | return;
|
115 | }
|
116 |
|
117 | if (error != null) {
|
118 | throw error;
|
119 | }
|
120 |
|
121 | if (stderr) {
|
122 | logger.warn(`Cannot execute Get-AuthenticodeSignature, stderr: ${stderr}. Ignoring signature validation due to unknown stderr.`);
|
123 | return;
|
124 | }
|
125 | }
|
126 |
|
127 | function isOldWin6() {
|
128 | const winVersion = os().release();
|
129 | return winVersion.startsWith("6.") && !winVersion.startsWith("6.3");
|
130 | }
|
131 |
|
132 |
|
\ | No newline at end of file |