| 1 | {"version":3,"sources":["../src/windowsExecutableCodeSignatureVerifier.ts"],"names":[],"mappings":";;;;;;;AAAA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;AACA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;AACA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;;;;;AAGA;AACA;AACA;AACM,SAAU,eAAV,CAA0B,cAA1B,EAAyD,cAAzD,EAAiF,MAAjF,EAA+F;AACnG,SAAO,IAAI,OAAJ,CAA2B,OAAO,IAAG;AAC1C;AACA;AACA,mCAAS,gBAAT,EAA2B,CAAC,YAAD,EAAe,iBAAf,EAAkC,cAAlC,EAAkD,MAAlD,EAA0D,UAA1D,EAAsE,8BAA8B,cAAc,8BAAlH,CAA3B,EAA8K;AAC5K,MAAA,OAAO,EAAE,KAAK;AAD8J,KAA9K,EAEG,CAAC,KAAD,EAAQ,MAAR,EAAgB,MAAhB,KAA0B;AAC3B,UAAI;AACF,YAAI,KAAK,IAAI,IAAT,IAAiB,MAArB,EAA6B;AAC3B,UAAA,WAAW,CAAC,MAAD,EAAS,KAAT,EAAgB,MAAhB,CAAX;AACA,UAAA,OAAO,CAAC,IAAD,CAAP;AACA;AACD;;AAED,cAAM,IAAI,GAAG,QAAQ,CAAC,MAAD,CAArB;;AACA,YAAI,IAAI,CAAC,MAAL,KAAgB,CAApB,EAAuB;AACrB,gBAAM,IAAI,GAAG,mCAAQ,IAAI,CAAC,iBAAL,CAAuB,OAA/B,EAAwC,GAAxC,CAA4C,IAA5C,CAAb;;AACA,cAAI,cAAc,CAAC,QAAf,CAAwB,IAAxB,CAAJ,EAAmC;AACjC,YAAA,OAAO,CAAC,IAAD,CAAP;AACA;AACD;AACF;;AAED,cAAM,MAAM,GAAG,mBAAmB,cAAc,CAAC,IAAf,CAAoB,KAApB,CAA0B,cAA7C,GAA8D,IAAI,CAAC,SAAL,CAAe,IAAf,EAAqB,CAAC,IAAD,EAAO,KAAP,KAAiB,IAAI,KAAK,SAAT,GAAqB,SAArB,GAAiC,KAAvE,EAA8E,CAA9E,CAA7E;AACA,QAAA,MAAM,CAAC,IAAP,CAAY,0EAA0E,MAAM,EAA5F;AACA,QAAA,OAAO,CAAC,MAAD,CAAP;AACD,OAnBD,CAoBA,OAAO,CAAP,EAAU;AACR,QAAA,MAAM,CAAC,IAAP,CAAY,6CAA6C,KAAK,uDAA9D;AACA,QAAA,OAAO,CAAC,IAAD,CAAP;AACA;AACD;AACF,KA5BD;AA6BD,GAhCM,CAAP;AAiCD;;AAED,SAAS,QAAT,CAAkB,GAAlB,EAA6B;AAC3B,QAAM,IAAI,GAAG,IAAI,CAAC,KAAL,CAAW,GAAX,CAAb;AACA,SAAO,IAAI,CAAC,UAAZ;AACA,SAAO,IAAI,CAAC,UAAZ;AACA,SAAO,IAAI,CAAC,aAAZ;AACA,QAAM,iBAAiB,GAAG,IAAI,CAAC,iBAA/B;;AACA,MAAI,iBAAiB,IAAI,IAAzB,EAA+B;AAC7B,WAAO,iBAAiB,CAAC,QAAzB;AACA,WAAO,iBAAiB,CAAC,UAAzB;AACA,WAAO,iBAAiB,CAAC,MAAzB;AACA,WAAO,iBAAiB,CAAC,aAAzB,CAJ6B,CAK7B;;AACA,WAAO,iBAAiB,CAAC,WAAzB;AACD;;AACD,SAAO,IAAI,CAAC,IAAZ;AACA,SAAO,IAAP;AACD;;AAED,SAAS,WAAT,CAAqB,MAArB,EAAqC,KAArC,EAA0D,MAA1D,EAA+E;AAC7E,MAAI,SAAS,EAAb,EAAiB;AACf,IAAA,MAAM,CAAC,IAAP,CAAY,6CAA6C,KAAK,IAAI,MAAM,kHAAxE;AACA;AACD;;AAED,MAAI;AACF,uCAAa,gBAAb,EAA+B,CAAC,YAAD,EAAe,iBAAf,EAAkC,UAAlC,EAA8C,qBAA9C,CAA/B,EAAqG;AAAC,MAAA,OAAO,EAAE,KAAK;AAAf,KAArG;AACD,GAFD,CAGA,OAAO,SAAP,EAAkB;AAChB,IAAA,MAAM,CAAC,IAAP,CAAY,kCAAkC,SAAS,CAAC,OAAO,kHAA/D;AACA;AACD;;AAED,MAAI,KAAK,IAAI,IAAb,EAAmB;AACjB,UAAM,KAAN;AACD;;AAED,MAAI,MAAJ,EAAY;AACV,IAAA,MAAM,CAAC,IAAP,CAAY,qDAAqD,MAAM,wDAAvE;AACA;AACD;AACF;;AAED,SAAS,SAAT,GAAkB;AAChB,QAAM,UAAU,GAAG,EAAE,GAAC,OAAH,EAAnB;AACA,SAAO,UAAU,CAAC,UAAX,CAAsB,IAAtB,KAA+B,CAAC,UAAU,CAAC,UAAX,CAAsB,KAAtB,CAAvC;AACD,C","sourcesContent":["import { parseDn } from \"builder-util-runtime\"\nimport { execFile, execFileSync } from \"child_process\"\nimport * as os from \"os\"\nimport { Logger } from \"./main\"\n\n// $certificateInfo = (Get-AuthenticodeSignature 'xxx\\yyy.exe'\n// | where {$_.Status.Equals([System.Management.Automation.SignatureStatus]::Valid) -and $_.SignerCertificate.Subject.Contains(\"CN=siemens.com\")})\n// | Out-String ; if ($certificateInfo) { exit 0 } else { exit 1 }\nexport function verifySignature(publisherNames: Array<string>, tempUpdateFile: string, logger: Logger): Promise<string | null> {\n return new Promise<string | null>(resolve => {\n // https://github.com/electron-userland/electron-builder/issues/2421\n // https://github.com/electron-userland/electron-builder/issues/2535\n execFile(\"powershell.exe\", [\"-NoProfile\", \"-NonInteractive\", \"-InputFormat\", \"None\", \"-Command\", `Get-AuthenticodeSignature '${tempUpdateFile}' | ConvertTo-Json -Compress`], {\n timeout: 20 * 1000\n }, (error, stdout, stderr) => {\n try {\n if (error != null || stderr) {\n handleError(logger, error, stderr)\n resolve(null)\n return\n }\n\n const data = parseOut(stdout)\n if (data.Status === 0) {\n const name = parseDn(data.SignerCertificate.Subject).get(\"CN\")!\n if (publisherNames.includes(name)) {\n resolve(null)\n return\n }\n }\n\n const result = `publisherNames: ${publisherNames.join(\" | \")}, raw info: ` + JSON.stringify(data, (name, value) => name === \"RawData\" ? undefined : value, 2)\n logger.warn(`Sign verification failed, installer signed with incorrect certificate: ${result}`)\n resolve(result)\n }\n catch (e) {\n logger.warn(`Cannot execute Get-AuthenticodeSignature: ${error}. Ignoring signature validation due to unknown error.`)\n resolve(null)\n return\n }\n })\n })\n}\n\nfunction parseOut(out: string): any {\n const data = JSON.parse(out)\n delete data.PrivateKey\n delete data.IsOSBinary\n delete data.SignatureType\n const signerCertificate = data.SignerCertificate\n if (signerCertificate != null) {\n delete signerCertificate.Archived\n delete signerCertificate.Extensions\n delete signerCertificate.Handle\n delete signerCertificate.HasPrivateKey\n // duplicates data.SignerCertificate (contains RawData)\n delete signerCertificate.SubjectName\n }\n delete data.Path\n return data\n}\n\nfunction handleError(logger: Logger, error: Error | null, stderr: string | null): void {\n if (isOldWin6()) {\n logger.warn(`Cannot execute Get-AuthenticodeSignature: ${error || stderr}. Ignoring signature validation due to unsupported powershell version. Please upgrade to powershell 3 or higher.`)\n return\n }\n\n try {\n execFileSync(\"powershell.exe\", [\"-NoProfile\", \"-NonInteractive\", \"-Command\", \"ConvertTo-Json test\"], {timeout: 10 * 1000})\n }\n catch (testError) {\n logger.warn(`Cannot execute ConvertTo-Json: ${testError.message}. Ignoring signature validation due to unsupported powershell version. Please upgrade to powershell 3 or higher.`)\n return\n }\n\n if (error != null) {\n throw error\n }\n\n if (stderr) {\n logger.warn(`Cannot execute Get-AuthenticodeSignature, stderr: ${stderr}. Ignoring signature validation due to unknown stderr.`)\n return\n }\n}\n\nfunction isOldWin6(): boolean {\n const winVersion = os.release()\n return winVersion.startsWith(\"6.\") && !winVersion.startsWith(\"6.3\")\n}"],"sourceRoot":""}
|