UNPKG

electron-updater/out/windowsExecutableCodeSignatureVerifier.js

Version:

4.87 kBJavaScriptView Raw

1"use strict";
2
3Object.defineProperty(exports, "__esModule", {
4  value: true
5});
6exports.verifySignature = verifySignature;
7
8function _builderUtilRuntime() {
9  const data = require("builder-util-runtime");
10
11  _builderUtilRuntime = function () {
12    return data;
13  };
14
15  return data;
16}
17
18function _child_process() {
19  const data = require("child_process");
20
21  _child_process = function () {
22    return data;
23  };
24
25  return data;
26}
27
28function os() {
29  const data = _interopRequireWildcard(require("os"));
30
31  os = function () {
32    return data;
33  };
34
35  return data;
36}
37
38function _getRequireWildcardCache() { if (typeof WeakMap !== "function") return null; var cache = new WeakMap(); _getRequireWildcardCache = function () { return cache; }; return cache; }
39
40function _interopRequireWildcard(obj) { if (obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
41
42// $certificateInfo = (Get-AuthenticodeSignature 'xxx\yyy.exe'
43// | where {$_.Status.Equals([System.Management.Automation.SignatureStatus]::Valid) -and $_.SignerCertificate.Subject.Contains("CN=siemens.com")})
44// | Out-String ; if ($certificateInfo) { exit 0 } else { exit 1 }
45function verifySignature(publisherNames, tempUpdateFile, logger) {
46  return new Promise(resolve => {
47    // https://github.com/electron-userland/electron-builder/issues/2421
48    // https://github.com/electron-userland/electron-builder/issues/2535
49    (0, _child_process().execFile)("powershell.exe", ["-NoProfile", "-NonInteractive", "-InputFormat", "None", "-Command", `Get-AuthenticodeSignature '${tempUpdateFile}' | ConvertTo-Json -Compress`], {
50      timeout: 20 * 1000
51    }, (error, stdout, stderr) => {
52      try {
53        if (error != null || stderr) {
54          handleError(logger, error, stderr);
55          resolve(null);
56          return;
57        }
58
59        const data = parseOut(stdout);
60
61        if (data.Status === 0) {
62          const name = (0, _builderUtilRuntime().parseDn)(data.SignerCertificate.Subject).get("CN");
63
64          if (publisherNames.includes(name)) {
65            resolve(null);
66            return;
67          }
68        }
69
70        const result = `publisherNames: ${publisherNames.join(" | ")}, raw info: ` + JSON.stringify(data, (name, value) => name === "RawData" ? undefined : value, 2);
71        logger.warn(`Sign verification failed, installer signed with incorrect certificate: ${result}`);
72        resolve(result);
73      } catch (e) {
74        logger.warn(`Cannot execute Get-AuthenticodeSignature: ${error}. Ignoring signature validation due to unknown error.`);
75        resolve(null);
76        return;
77      }
78    });
79  });
80}
81
82function parseOut(out) {
83  const data = JSON.parse(out);
84  delete data.PrivateKey;
85  delete data.IsOSBinary;
86  delete data.SignatureType;
87  const signerCertificate = data.SignerCertificate;
88
89  if (signerCertificate != null) {
90    delete signerCertificate.Archived;
91    delete signerCertificate.Extensions;
92    delete signerCertificate.Handle;
93    delete signerCertificate.HasPrivateKey; // duplicates data.SignerCertificate (contains RawData)
94
95    delete signerCertificate.SubjectName;
96  }
97
98  delete data.Path;
99  return data;
100}
101
102function handleError(logger, error, stderr) {
103  if (isOldWin6()) {
104    logger.warn(`Cannot execute Get-AuthenticodeSignature: ${error || stderr}. Ignoring signature validation due to unsupported powershell version. Please upgrade to powershell 3 or higher.`);
105    return;
106  }
107
108  try {
109    (0, _child_process().execFileSync)("powershell.exe", ["-NoProfile", "-NonInteractive", "-Command", "ConvertTo-Json test"], {
110      timeout: 10 * 1000
111    });
112  } catch (testError) {
113    logger.warn(`Cannot execute ConvertTo-Json: ${testError.message}. Ignoring signature validation due to unsupported powershell version. Please upgrade to powershell 3 or higher.`);
114    return;
115  }
116
117  if (error != null) {
118    throw error;
119  }
120
121  if (stderr) {
122    logger.warn(`Cannot execute Get-AuthenticodeSignature, stderr: ${stderr}. Ignoring signature validation due to unknown stderr.`);
123    return;
124  }
125}
126
127function isOldWin6() {
128  const winVersion = os().release();
129  return winVersion.startsWith("6.") && !winVersion.startsWith("6.3");
130} 
131// __ts-babel@6.0.4
132//# sourceMappingURL=windowsExecutableCodeSignatureVerifier.js.map
\No newline at end of file

1	`"use strict";`
2
3	`Object.defineProperty(exports, "__esModule", {`
4	`value: true`
5	`});`
6	`exports.verifySignature = verifySignature;`
7
8	`function _builderUtilRuntime() {`
9	`const data = require("builder-util-runtime");`
10
11	`_builderUtilRuntime = function () {`
12	`return data;`
13	`};`
14
15	`return data;`
16	`}`
17
18	`function _child_process() {`
19	`const data = require("child_process");`
20
21	`_child_process = function () {`
22	`return data;`
23	`};`
24
25	`return data;`
26	`}`
27
28	`function os() {`
29	`const data = _interopRequireWildcard(require("os"));`
30
31	`os = function () {`
32	`return data;`
33	`};`
34
35	`return data;`
36	`}`
37
38	`function _getRequireWildcardCache() { if (typeof WeakMap !== "function") return null; var cache = new WeakMap(); _getRequireWildcardCache = function () { return cache; }; return cache; }`
39
40	function _interopRequireWildcard(obj) { if (obj && obj.__esModule) { return obj; } if (obj === null \|\| typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get \|\| desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
41
42	`// $certificateInfo = (Get-AuthenticodeSignature 'xxx\yyy.exe'`
43	`// \| where {$_.Status.Equals([System.Management.Automation.SignatureStatus]::Valid) -and $_.SignerCertificate.Subject.Contains("CN=siemens.com")})`
44	`// \| Out-String ; if ($certificateInfo) { exit 0 } else { exit 1 }`
45	`function verifySignature(publisherNames, tempUpdateFile, logger) {`
46	`return new Promise(resolve => {`
47	`// https://github.com/electron-userland/electron-builder/issues/2421`
48	`// https://github.com/electron-userland/electron-builder/issues/2535`
49	(0, _child_process().execFile)("powershell.exe", ["-NoProfile", "-NonInteractive", "-InputFormat", "None", "-Command", `Get-AuthenticodeSignature '${tempUpdateFile}' \| ConvertTo-Json -Compress`], {
50	`timeout: 20 * 1000`
51	`}, (error, stdout, stderr) => {`
52	`try {`
53	`if (error != null \|\| stderr) {`
54	`handleError(logger, error, stderr);`
55	`resolve(null);`
56	`return;`
57	`}`
58
59	`const data = parseOut(stdout);`
60
61	`if (data.Status === 0) {`
62	`const name = (0, _builderUtilRuntime().parseDn)(data.SignerCertificate.Subject).get("CN");`
63
64	`if (publisherNames.includes(name)) {`
65	`resolve(null);`
66	`return;`
67	`}`
68	`}`
69
70	const result = `publisherNames: ${publisherNames.join(" \| ")}, raw info: ` + JSON.stringify(data, (name, value) => name === "RawData" ? undefined : value, 2);
71	logger.warn(`Sign verification failed, installer signed with incorrect certificate: ${result}`);
72	`resolve(result);`
73	`} catch (e) {`
74	logger.warn(`Cannot execute Get-AuthenticodeSignature: ${error}. Ignoring signature validation due to unknown error.`);
75	`resolve(null);`
76	`return;`
77	`}`
78	`});`
79	`});`
80	`}`
81
82	`function parseOut(out) {`
83	`const data = JSON.parse(out);`
84	`delete data.PrivateKey;`
85	`delete data.IsOSBinary;`
86	`delete data.SignatureType;`
87	`const signerCertificate = data.SignerCertificate;`
88
89	`if (signerCertificate != null) {`
90	`delete signerCertificate.Archived;`
91	`delete signerCertificate.Extensions;`
92	`delete signerCertificate.Handle;`
93	`delete signerCertificate.HasPrivateKey; // duplicates data.SignerCertificate (contains RawData)`
94
95	`delete signerCertificate.SubjectName;`
96	`}`
97
98	`delete data.Path;`
99	`return data;`
100	`}`
101
102	`function handleError(logger, error, stderr) {`
103	`if (isOldWin6()) {`
104	logger.warn(`Cannot execute Get-AuthenticodeSignature: ${error \|\| stderr}. Ignoring signature validation due to unsupported powershell version. Please upgrade to powershell 3 or higher.`);
105	`return;`
106	`}`
107
108	`try {`
109	`(0, _child_process().execFileSync)("powershell.exe", ["-NoProfile", "-NonInteractive", "-Command", "ConvertTo-Json test"], {`
110	`timeout: 10 * 1000`
111	`});`
112	`} catch (testError) {`
113	logger.warn(`Cannot execute ConvertTo-Json: ${testError.message}. Ignoring signature validation due to unsupported powershell version. Please upgrade to powershell 3 or higher.`);
114	`return;`
115	`}`
116
117	`if (error != null) {`
118	`throw error;`
119	`}`
120
121	`if (stderr) {`
122	logger.warn(`Cannot execute Get-AuthenticodeSignature, stderr: ${stderr}. Ignoring signature validation due to unknown stderr.`);
123	`return;`
124	`}`
125	`}`
126
127	`function isOldWin6() {`
128	`const winVersion = os().release();`
129	`return winVersion.startsWith("6.") && !winVersion.startsWith("6.3");`
130	`}`
131	`// __ts-babel@6.0.4`
132	`//# sourceMappingURL=windowsExecutableCodeSignatureVerifier.js.map`
\	No newline at end of file