init

mc_test/node_modules/app-builder-lib/out/codeSign/codesign.d.ts

@@ -0,0 +1,3 @@
+import { TmpDir } from "temp-file";
+/** @private */
+export declare function importCertificate(cscLink: string, tmpDir: TmpDir, currentDir: string): Promise<string>;

mc_test/node_modules/app-builder-lib/out/codeSign/codesign.js

@@ -0,0 +1,51 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.importCertificate = void 0;
+const fs_extra_1 = require("fs-extra");
+const os_1 = require("os");
+const path = require("path");
+const builder_util_1 = require("builder-util");
+const fs_1 = require("builder-util/out/fs");
+const binDownload_1 = require("../binDownload");
+/** @private */
+async function importCertificate(cscLink, tmpDir, currentDir) {
+    var _a, _b;
+    cscLink = cscLink.trim();
+    let file = null;
+    if ((cscLink.length > 3 && cscLink[1] === ":") || cscLink.startsWith("/") || cscLink.startsWith(".")) {
+        file = cscLink;
+    }
+    else if (cscLink.startsWith("file://")) {
+        file = cscLink.substring("file://".length);
+    }
+    else if (cscLink.startsWith("~/")) {
+        file = path.join((0, os_1.homedir)(), cscLink.substring("~/".length));
+    }
+    else if (cscLink.startsWith("https://")) {
+        const tempFile = await tmpDir.getTempFile({ suffix: ".p12" });
+        await (0, binDownload_1.download)(cscLink, tempFile);
+        return tempFile;
+    }
+    else {
+        const mimeType = (_a = /data:.*;base64,/.exec(cscLink)) === null || _a === void 0 ? void 0 : _a[0];
+        if (mimeType || cscLink.length > 2048 || cscLink.endsWith("=")) {
+            const tempFile = await tmpDir.getTempFile({ suffix: ".p12" });
+            await (0, fs_extra_1.outputFile)(tempFile, Buffer.from(cscLink.substring((_b = mimeType === null || mimeType === void 0 ? void 0 : mimeType.length) !== null && _b !== void 0 ? _b : 0), "base64"));
+            return tempFile;
+        }
+        file = cscLink;
+    }
+    file = path.resolve(currentDir, file);
+    const stat = await (0, fs_1.statOrNull)(file);
+    if (stat == null) {
+        throw new builder_util_1.InvalidConfigurationError(`${file} doesn't exist`);
+    }
+    else if (!stat.isFile()) {
+        throw new builder_util_1.InvalidConfigurationError(`${file} not a file`);
+    }
+    else {
+        return file;
+    }
+}
+exports.importCertificate = importCertificate;
+//# sourceMappingURL=codesign.js.map

mc_test/node_modules/app-builder-lib/out/codeSign/codesign.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"codesign.js","sourceRoot":"","sources":["../../src/codeSign/codesign.ts"],"names":[],"mappings":";;;AAAA,uCAAqC;AACrC,2BAA4B;AAC5B,6BAA4B;AAE5B,+CAAwD;AACxD,4CAAgD;AAChD,gDAAyC;AAEzC,eAAe;AACR,KAAK,UAAU,iBAAiB,CAAC,OAAe,EAAE,MAAc,EAAE,UAAkB;;IACzF,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAA;IAExB,IAAI,IAAI,GAAkB,IAAI,CAAA;IAC9B,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrG,IAAI,GAAG,OAAO,CAAA;IAChB,CAAC;SAAM,IAAI,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACzC,IAAI,GAAG,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;IAC5C,CAAC;SAAM,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACpC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAA,YAAO,GAAE,EAAE,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAA;IAC7D,CAAC;SAAM,IAAI,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC1C,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;QAC7D,MAAM,IAAA,sBAAQ,EAAC,OAAO,EAAE,QAAQ,CAAC,CAAA;QACjC,OAAO,QAAQ,CAAA;IACjB,CAAC;SAAM,CAAC;QACN,MAAM,QAAQ,GAAG,MAAA,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,0CAAG,CAAC,CAAC,CAAA;QACrD,IAAI,QAAQ,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/D,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;YAC7D,MAAM,IAAA,qBAAU,EAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAA;YAC3F,OAAO,QAAQ,CAAA;QACjB,CAAC;QACD,IAAI,GAAG,OAAO,CAAA;IAChB,CAAC;IAED,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,IAAI,CAAC,CAAA;IACrC,MAAM,IAAI,GAAG,MAAM,IAAA,eAAU,EAAC,IAAI,CAAC,CAAA;IACnC,IAAI,IAAI,IAAI,IAAI,EAAE,CAAC;QACjB,MAAM,IAAI,wCAAyB,CAAC,GAAG,IAAI,gBAAgB,CAAC,CAAA;IAC9D,CAAC;SAAM,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;QAC1B,MAAM,IAAI,wCAAyB,CAAC,GAAG,IAAI,aAAa,CAAC,CAAA;IAC3D,CAAC;SAAM,CAAC;QACN,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAjCD,8CAiCC","sourcesContent":["import { outputFile } from \"fs-extra\"\nimport { homedir } from \"os\"\nimport * as path from \"path\"\nimport { TmpDir } from \"temp-file\"\nimport { InvalidConfigurationError } from \"builder-util\"\nimport { statOrNull } from \"builder-util/out/fs\"\nimport { download } from \"../binDownload\"\n\n/** @private */\nexport async function importCertificate(cscLink: string, tmpDir: TmpDir, currentDir: string): Promise<string> {\n  cscLink = cscLink.trim()\n\n  let file: string | null = null\n  if ((cscLink.length > 3 && cscLink[1] === \":\") || cscLink.startsWith(\"/\") || cscLink.startsWith(\".\")) {\n    file = cscLink\n  } else if (cscLink.startsWith(\"file://\")) {\n    file = cscLink.substring(\"file://\".length)\n  } else if (cscLink.startsWith(\"~/\")) {\n    file = path.join(homedir(), cscLink.substring(\"~/\".length))\n  } else if (cscLink.startsWith(\"https://\")) {\n    const tempFile = await tmpDir.getTempFile({ suffix: \".p12\" })\n    await download(cscLink, tempFile)\n    return tempFile\n  } else {\n    const mimeType = /data:.*;base64,/.exec(cscLink)?.[0]\n    if (mimeType || cscLink.length > 2048 || cscLink.endsWith(\"=\")) {\n      const tempFile = await tmpDir.getTempFile({ suffix: \".p12\" })\n      await outputFile(tempFile, Buffer.from(cscLink.substring(mimeType?.length ?? 0), \"base64\"))\n      return tempFile\n    }\n    file = cscLink\n  }\n\n  file = path.resolve(currentDir, file)\n  const stat = await statOrNull(file)\n  if (stat == null) {\n    throw new InvalidConfigurationError(`${file} doesn't exist`)\n  } else if (!stat.isFile()) {\n    throw new InvalidConfigurationError(`${file} not a file`)\n  } else {\n    return file\n  }\n}\n"]}

mc_test/node_modules/app-builder-lib/out/codeSign/macCodeSign.d.ts

@@ -0,0 +1,27 @@
+import { TmpDir } from "builder-util/out/util";
+export declare const appleCertificatePrefixes: string[];
+export type CertType = "Developer ID Application" | "Developer ID Installer" | "3rd Party Mac Developer Application" | "3rd Party Mac Developer Installer" | "Mac Developer" | "Apple Development" | "Apple Distribution";
+export interface CodeSigningInfo {
+    keychainFile?: string | null;
+}
+export declare function isSignAllowed(isPrintWarn?: boolean): boolean;
+export declare function reportError(isMas: boolean, certificateTypes: CertType[], qualifier: string | null | undefined, keychainFile: string | null | undefined, isForceCodeSigning: boolean): Promise<void>;
+export interface CreateKeychainOptions {
+    tmpDir: TmpDir;
+    cscLink: string;
+    cscKeyPassword: string;
+    cscILink?: string | null;
+    cscIKeyPassword?: string | null;
+    currentDir: string;
+}
+export declare function removeKeychain(keychainFile: string, printWarn?: boolean): Promise<any>;
+export declare function createKeychain({ tmpDir, cscLink, cscKeyPassword, cscILink, cscIKeyPassword, currentDir }: CreateKeychainOptions): Promise<CodeSigningInfo>;
+/** @private */
+export declare function sign(path: string, name: string, keychain: string): Promise<any>;
+export declare let findIdentityRawResult: Promise<Array<string>> | null;
+export declare class Identity {
+    readonly name: string;
+    readonly hash?: string;
+    constructor(name: string, hash?: string);
+}
+export declare function findIdentity(certType: CertType, qualifier?: string | null, keychain?: string | null): Promise<Identity | null>;

mc_test/node_modules/app-builder-lib/out/codeSign/macCodeSign.js

@@ -0,0 +1,280 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.findIdentity = exports.findIdentityRawResult = exports.sign = exports.createKeychain = exports.removeKeychain = exports.reportError = exports.isSignAllowed = exports.appleCertificatePrefixes = void 0;
+const bluebird_lst_1 = require("bluebird-lst");
+const util_1 = require("builder-util/out/util");
+const fs_1 = require("builder-util/out/fs");
+const log_1 = require("builder-util/out/log");
+const crypto_1 = require("crypto");
+const promises_1 = require("fs/promises");
+const lazy_val_1 = require("lazy-val");
+const os_1 = require("os");
+const path = require("path");
+const temp_file_1 = require("temp-file");
+const flags_1 = require("../util/flags");
+const codesign_1 = require("./codesign");
+const util_identities_1 = require("@electron/osx-sign/dist/cjs/util-identities");
+exports.appleCertificatePrefixes = ["Developer ID Application:", "Developer ID Installer:", "3rd Party Mac Developer Application:", "3rd Party Mac Developer Installer:"];
+function isSignAllowed(isPrintWarn = true) {
+    if (process.platform !== "darwin") {
+        if (isPrintWarn) {
+            util_1.log.warn({ reason: "supported only on macOS" }, "skipped macOS application code signing");
+        }
+        return false;
+    }
+    const buildForPrWarning = "There are serious security concerns with CSC_FOR_PULL_REQUEST=true (see the  CircleCI documentation (https://circleci.com/docs/1.0/fork-pr-builds/) for details)" +
+        "\nIf you have SSH keys, sensitive env vars or AWS credentials stored in your project settings and untrusted forks can make pull requests against your repo, then this option isn't for you.";
+    if ((0, util_1.isPullRequest)()) {
+        if ((0, util_1.isEnvTrue)(process.env.CSC_FOR_PULL_REQUEST)) {
+            if (isPrintWarn) {
+                util_1.log.warn(buildForPrWarning);
+            }
+        }
+        else {
+            if (isPrintWarn) {
+                // https://github.com/electron-userland/electron-builder/issues/1524
+                util_1.log.warn("Current build is a part of pull request, code signing will be skipped." + "\nSet env CSC_FOR_PULL_REQUEST to true to force code signing." + `\n${buildForPrWarning}`);
+            }
+            return false;
+        }
+    }
+    return true;
+}
+exports.isSignAllowed = isSignAllowed;
+async function reportError(isMas, certificateTypes, qualifier, keychainFile, isForceCodeSigning) {
+    const logFields = {};
+    if (qualifier == null) {
+        logFields.reason = "";
+        if ((0, flags_1.isAutoDiscoveryCodeSignIdentity)()) {
+            logFields.reason += `cannot find valid "${certificateTypes.join(", ")}" identity${isMas ? "" : ` or custom non-Apple code signing certificate, it could cause some undefined behaviour, e.g. macOS localized description not visible`}`;
+        }
+        logFields.reason += ", see https://electron.build/code-signing";
+        if (!(0, flags_1.isAutoDiscoveryCodeSignIdentity)()) {
+            logFields.CSC_IDENTITY_AUTO_DISCOVERY = false;
+        }
+    }
+    else {
+        logFields.reason = "Identity name is specified, but no valid identity with this name in the keychain";
+        logFields.identity = qualifier;
+    }
+    const args = ["find-identity"];
+    if (keychainFile != null) {
+        args.push(keychainFile);
+    }
+    if (qualifier != null || (0, flags_1.isAutoDiscoveryCodeSignIdentity)()) {
+        logFields.allIdentities = (await (0, util_1.exec)("/usr/bin/security", args))
+            .trim()
+            .split("\n")
+            .filter(it => !(it.includes("Policy: X.509 Basic") || it.includes("Matching identities")))
+            .join("\n");
+    }
+    if (isMas || isForceCodeSigning) {
+        throw new Error(log_1.Logger.createMessage("skipped macOS application code signing", logFields, "error", it => it));
+    }
+    else {
+        util_1.log.warn(logFields, "skipped macOS application code signing");
+    }
+}
+exports.reportError = reportError;
+// "Note that filename will not be searched to resolve the signing identity's certificate chain unless it is also on the user's keychain search list."
+// but "security list-keychains" doesn't support add - we should 1) get current list 2) set new list - it is very bad http://stackoverflow.com/questions/10538942/add-a-keychain-to-search-list
+// "overly complicated and introduces a race condition."
+// https://github.com/electron-userland/electron-builder/issues/398
+const bundledCertKeychainAdded = new lazy_val_1.Lazy(async () => {
+    // copy to temp and then atomic rename to final path
+    const cacheDir = getCacheDirectory();
+    const tmpKeychainPath = path.join(cacheDir, (0, temp_file_1.getTempName)("electron-builder-root-certs"));
+    const keychainPath = path.join(cacheDir, "electron-builder-root-certs.keychain");
+    const results = await Promise.all([
+        listUserKeychains(),
+        (0, fs_1.copyFile)(path.join(__dirname, "..", "..", "certs", "root_certs.keychain"), tmpKeychainPath).then(() => (0, promises_1.rename)(tmpKeychainPath, keychainPath)),
+    ]);
+    const list = results[0];
+    if (!list.includes(keychainPath)) {
+        await (0, util_1.exec)("/usr/bin/security", ["list-keychains", "-d", "user", "-s", keychainPath].concat(list));
+    }
+});
+function getCacheDirectory() {
+    const env = process.env.ELECTRON_BUILDER_CACHE;
+    return (0, util_1.isEmptyOrSpaces)(env) ? path.join((0, os_1.homedir)(), "Library", "Caches", "electron-builder") : path.resolve(env);
+}
+function listUserKeychains() {
+    return (0, util_1.exec)("/usr/bin/security", ["list-keychains", "-d", "user"]).then(it => it
+        .split("\n")
+        .map(it => {
+        const r = it.trim();
+        return r.substring(1, r.length - 1);
+    })
+        .filter(it => it.length > 0));
+}
+function removeKeychain(keychainFile, printWarn = true) {
+    return (0, util_1.exec)("/usr/bin/security", ["delete-keychain", keychainFile]).catch((e) => {
+        if (printWarn) {
+            util_1.log.warn({ file: keychainFile, error: e.stack || e }, "cannot delete keychain");
+        }
+        return (0, fs_1.unlinkIfExists)(keychainFile);
+    });
+}
+exports.removeKeychain = removeKeychain;
+async function createKeychain({ tmpDir, cscLink, cscKeyPassword, cscILink, cscIKeyPassword, currentDir }) {
+    // travis has correct AppleWWDRCA cert
+    if (process.env.TRAVIS !== "true") {
+        await bundledCertKeychainAdded.value;
+    }
+    // https://github.com/electron-userland/electron-builder/issues/3685
+    // use constant file
+    const keychainFile = path.join(process.env.APP_BUILDER_TMP_DIR || (0, os_1.tmpdir)(), `${(0, crypto_1.createHash)("sha256").update(currentDir).update("app-builder").digest("hex")}.keychain`);
+    // noinspection JSUnusedLocalSymbols
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    await removeKeychain(keychainFile, false).catch(_ => {
+        /* ignore*/
+    });
+    const certLinks = [cscLink];
+    if (cscILink != null) {
+        certLinks.push(cscILink);
+    }
+    const certPaths = new Array(certLinks.length);
+    const keychainPassword = (0, crypto_1.randomBytes)(32).toString("base64");
+    const securityCommands = [
+        ["create-keychain", "-p", keychainPassword, keychainFile],
+        ["unlock-keychain", "-p", keychainPassword, keychainFile],
+        ["set-keychain-settings", keychainFile],
+    ];
+    // https://stackoverflow.com/questions/42484678/codesign-keychain-gets-ignored
+    // https://github.com/electron-userland/electron-builder/issues/1457
+    const list = await listUserKeychains();
+    if (!list.includes(keychainFile)) {
+        securityCommands.push(["list-keychains", "-d", "user", "-s", keychainFile].concat(list));
+    }
+    await Promise.all([
+        // we do not clear downloaded files - will be removed on tmpDir cleanup automatically. not a security issue since in any case data is available as env variables and protected by password.
+        bluebird_lst_1.default.map(certLinks, (link, i) => (0, codesign_1.importCertificate)(link, tmpDir, currentDir).then(it => (certPaths[i] = it))),
+        bluebird_lst_1.default.mapSeries(securityCommands, it => (0, util_1.exec)("/usr/bin/security", it)),
+    ]);
+    return await importCerts(keychainFile, certPaths, [cscKeyPassword, cscIKeyPassword].filter(it => it != null));
+}
+exports.createKeychain = createKeychain;
+async function importCerts(keychainFile, paths, keyPasswords) {
+    for (let i = 0; i < paths.length; i++) {
+        const password = keyPasswords[i];
+        await (0, util_1.exec)("/usr/bin/security", ["import", paths[i], "-k", keychainFile, "-T", "/usr/bin/codesign", "-T", "/usr/bin/productbuild", "-P", password]);
+        // https://stackoverflow.com/questions/39868578/security-codesign-in-sierra-keychain-ignores-access-control-settings-and-ui-p
+        // https://github.com/electron-userland/electron-packager/issues/701#issuecomment-322315996
+        await (0, util_1.exec)("/usr/bin/security", ["set-key-partition-list", "-S", "apple-tool:,apple:", "-s", "-k", password, keychainFile]);
+    }
+    return {
+        keychainFile,
+    };
+}
+/** @private */
+function sign(path, name, keychain) {
+    const args = ["--deep", "--force", "--sign", name, path];
+    if (keychain != null) {
+        args.push("--keychain", keychain);
+    }
+    return (0, util_1.exec)("/usr/bin/codesign", args);
+}
+exports.sign = sign;
+exports.findIdentityRawResult = null;
+async function getValidIdentities(keychain) {
+    function addKeychain(args) {
+        if (keychain != null) {
+            args.push(keychain);
+        }
+        return args;
+    }
+    let result = exports.findIdentityRawResult;
+    if (result == null || keychain != null) {
+        // https://github.com/electron-userland/electron-builder/issues/481
+        // https://github.com/electron-userland/electron-builder/issues/535
+        result = Promise.all([
+            (0, util_1.exec)("/usr/bin/security", addKeychain(["find-identity", "-v"])).then(it => it
+                .trim()
+                .split("\n")
+                .filter(it => {
+                for (const prefix of exports.appleCertificatePrefixes) {
+                    if (it.includes(prefix)) {
+                        return true;
+                    }
+                }
+                return false;
+            })),
+            (0, util_1.exec)("/usr/bin/security", addKeychain(["find-identity", "-v", "-p", "codesigning"])).then(it => it.trim().split("\n")),
+        ]).then(it => {
+            const array = it[0]
+                .concat(it[1])
+                .filter(it => !it.includes("(Missing required extension)") && !it.includes("valid identities found") && !it.includes("iPhone ") && !it.includes("com.apple.idms.appleid.prd."))
+                // remove 1)
+                .map(it => it.substring(it.indexOf(")") + 1).trim());
+            return Array.from(new Set(array));
+        });
+        if (keychain == null) {
+            exports.findIdentityRawResult = result;
+        }
+    }
+    return result;
+}
+async function _findIdentity(type, qualifier, keychain) {
+    // https://github.com/electron-userland/electron-builder/issues/484
+    //noinspection SpellCheckingInspection
+    const lines = await getValidIdentities(keychain);
+    const namePrefix = `${type}:`;
+    for (const line of lines) {
+        if (qualifier != null && !line.includes(qualifier)) {
+            continue;
+        }
+        if (line.includes(namePrefix)) {
+            return parseIdentity(line);
+        }
+    }
+    if (type === "Developer ID Application") {
+        // find non-Apple certificate
+        // https://github.com/electron-userland/electron-builder/issues/458
+        l: for (const line of lines) {
+            if (qualifier != null && !line.includes(qualifier)) {
+                continue;
+            }
+            if (line.includes("Mac Developer:")) {
+                continue;
+            }
+            for (const prefix of exports.appleCertificatePrefixes) {
+                if (line.includes(prefix)) {
+                    continue l;
+                }
+            }
+            return parseIdentity(line);
+        }
+    }
+    return null;
+}
+function parseIdentity(line) {
+    const firstQuoteIndex = line.indexOf('"');
+    const name = line.substring(firstQuoteIndex + 1, line.lastIndexOf('"'));
+    const hash = line.substring(0, firstQuoteIndex - 1);
+    return new util_identities_1.Identity(name, hash);
+}
+function findIdentity(certType, qualifier, keychain) {
+    let identity = qualifier || process.env.CSC_NAME;
+    if ((0, util_1.isEmptyOrSpaces)(identity)) {
+        if ((0, flags_1.isAutoDiscoveryCodeSignIdentity)()) {
+            return _findIdentity(certType, null, keychain);
+        }
+        else {
+            return Promise.resolve(null);
+        }
+    }
+    else {
+        identity = identity.trim();
+        for (const prefix of exports.appleCertificatePrefixes) {
+            checkPrefix(identity, prefix);
+        }
+        return _findIdentity(certType, identity, keychain);
+    }
+}
+exports.findIdentity = findIdentity;
+function checkPrefix(name, prefix) {
+    if (name.startsWith(prefix)) {
+        throw new util_1.InvalidConfigurationError(`Please remove prefix "${prefix}" from the specified name — appropriate certificate will be chosen automatically`);
+    }
+}
+//# sourceMappingURL=macCodeSign.js.map

mc_test/node_modules/app-builder-lib/out/codeSign/windowsCodeSign.d.ts

@@ -0,0 +1,38 @@
+import { WindowsConfiguration } from "../options/winOptions";
+import { VmManager } from "../vm/vm";
+import { WinPackager } from "../winPackager";
+export declare function getSignVendorPath(): Promise<string>;
+export type CustomWindowsSign = (configuration: CustomWindowsSignTaskConfiguration, packager?: WinPackager) => Promise<any>;
+export interface WindowsSignOptions {
+    readonly path: string;
+    readonly name?: string | null;
+    readonly cscInfo?: FileCodeSigningInfo | CertificateFromStoreInfo | null;
+    readonly site?: string | null;
+    readonly options: WindowsConfiguration;
+}
+export interface WindowsSignTaskConfiguration extends WindowsSignOptions {
+    resultOutputPath?: string;
+    hash: string;
+    isNest: boolean;
+}
+export interface CustomWindowsSignTaskConfiguration extends WindowsSignTaskConfiguration {
+    computeSignToolArgs(isWin: boolean): Array<string>;
+}
+export declare function sign(options: WindowsSignOptions, packager: WinPackager): Promise<boolean>;
+export interface FileCodeSigningInfo {
+    readonly file: string;
+    readonly password: string | null;
+}
+export declare function getCertInfo(file: string, password: string): Promise<CertificateInfo>;
+export interface CertificateInfo {
+    readonly commonName: string;
+    readonly bloodyMicrosoftSubjectDn: string;
+}
+export interface CertificateFromStoreInfo {
+    thumbprint: string;
+    subject: string;
+    store: string;
+    isLocalMachineStore: boolean;
+}
+export declare function getCertificateFromStoreInfo(options: WindowsConfiguration, vm: VmManager): Promise<CertificateFromStoreInfo>;
+export declare function doSign(configuration: CustomWindowsSignTaskConfiguration, packager: WinPackager): Promise<void>;

mc_test/node_modules/app-builder-lib/out/codeSign/windowsCodeSign.js

@@ -0,0 +1,253 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isOldWin6 = exports.doSign = exports.getCertificateFromStoreInfo = exports.getCertInfo = exports.sign = exports.getSignVendorPath = void 0;
+const util_1 = require("builder-util/out/util");
+const binDownload_1 = require("../binDownload");
+const appBuilder_1 = require("../util/appBuilder");
+const bundledTool_1 = require("../util/bundledTool");
+const fs_extra_1 = require("fs-extra");
+const os = require("os");
+const path = require("path");
+const platformPackager_1 = require("../platformPackager");
+const flags_1 = require("../util/flags");
+const vm_1 = require("../vm/vm");
+function getSignVendorPath() {
+    return (0, binDownload_1.getBin)("winCodeSign");
+}
+exports.getSignVendorPath = getSignVendorPath;
+async function sign(options, packager) {
+    let hashes = options.options.signingHashAlgorithms;
+    // msi does not support dual-signing
+    if (options.path.endsWith(".msi")) {
+        hashes = [hashes != null && !hashes.includes("sha1") ? "sha256" : "sha1"];
+    }
+    else if (options.path.endsWith(".appx")) {
+        hashes = ["sha256"];
+    }
+    else if (hashes == null) {
+        hashes = ["sha1", "sha256"];
+    }
+    else {
+        hashes = Array.isArray(hashes) ? hashes : [hashes];
+    }
+    const executor = (await (0, platformPackager_1.resolveFunction)(packager.appInfo.type, options.options.sign, "sign")) || doSign;
+    let isNest = false;
+    for (const hash of hashes) {
+        const taskConfiguration = { ...options, hash, isNest };
+        await Promise.resolve(executor({
+            ...taskConfiguration,
+            computeSignToolArgs: isWin => computeSignToolArgs(taskConfiguration, isWin),
+        }, packager));
+        isNest = true;
+        if (taskConfiguration.resultOutputPath != null) {
+            await (0, fs_extra_1.rename)(taskConfiguration.resultOutputPath, options.path);
+        }
+    }
+    return true;
+}
+exports.sign = sign;
+async function getCertInfo(file, password) {
+    let result = null;
+    const errorMessagePrefix = "Cannot extract publisher name from code signing certificate. As workaround, set win.publisherName. Error: ";
+    try {
+        result = await (0, appBuilder_1.executeAppBuilderAsJson)(["certificate-info", "--input", file, "--password", password]);
+    }
+    catch (e) {
+        throw new Error(`${errorMessagePrefix}${e.stack || e}`);
+    }
+    if (result.error != null) {
+        // noinspection ExceptionCaughtLocallyJS
+        throw new util_1.InvalidConfigurationError(`${errorMessagePrefix}${result.error}`);
+    }
+    return result;
+}
+exports.getCertInfo = getCertInfo;
+async function getCertificateFromStoreInfo(options, vm) {
+    const certificateSubjectName = options.certificateSubjectName;
+    const certificateSha1 = options.certificateSha1 ? options.certificateSha1.toUpperCase() : options.certificateSha1;
+    // ExcludeProperty doesn't work, so, we cannot exclude RawData, it is ok
+    // powershell can return object if the only item
+    const rawResult = await vm.exec("powershell.exe", [
+        "-NoProfile",
+        "-NonInteractive",
+        "-Command",
+        "Get-ChildItem -Recurse Cert: -CodeSigningCert | Select-Object -Property Subject,PSParentPath,Thumbprint | ConvertTo-Json -Compress",
+    ]);
+    const certList = rawResult.length === 0 ? [] : (0, util_1.asArray)(JSON.parse(rawResult));
+    for (const certInfo of certList) {
+        if ((certificateSubjectName != null && !certInfo.Subject.includes(certificateSubjectName)) ||
+            (certificateSha1 != null && certInfo.Thumbprint.toUpperCase() !== certificateSha1)) {
+            continue;
+        }
+        const parentPath = certInfo.PSParentPath;
+        const store = parentPath.substring(parentPath.lastIndexOf("\\") + 1);
+        util_1.log.debug({ store, PSParentPath: parentPath }, "auto-detect certificate store");
+        // https://github.com/electron-userland/electron-builder/issues/1717
+        const isLocalMachineStore = parentPath.includes("Certificate::LocalMachine");
+        util_1.log.debug(null, "auto-detect using of LocalMachine store");
+        return {
+            thumbprint: certInfo.Thumbprint,
+            subject: certInfo.Subject,
+            store,
+            isLocalMachineStore,
+        };
+    }
+    throw new Error(`Cannot find certificate ${certificateSubjectName || certificateSha1}, all certs: ${rawResult}`);
+}
+exports.getCertificateFromStoreInfo = getCertificateFromStoreInfo;
+async function doSign(configuration, packager) {
+    // https://github.com/electron-userland/electron-builder/pull/1944
+    const timeout = parseInt(process.env.SIGNTOOL_TIMEOUT, 10) || 10 * 60 * 1000;
+    // decide runtime argument by cases
+    let args;
+    let env = process.env;
+    let vm;
+    const vmRequired = configuration.path.endsWith(".appx") || !("file" in configuration.cscInfo); /* certificateSubjectName and other such options */
+    const isWin = process.platform === "win32" || vmRequired;
+    const toolInfo = await getToolPath(isWin);
+    const tool = toolInfo.path;
+    if (vmRequired) {
+        vm = await packager.vm.value;
+        args = computeSignToolArgs(configuration, isWin, vm);
+    }
+    else {
+        vm = new vm_1.VmManager();
+        args = configuration.computeSignToolArgs(isWin);
+        if (toolInfo.env != null) {
+            env = toolInfo.env;
+        }
+    }
+    try {
+        await vm.exec(tool, args, { timeout, env });
+    }
+    catch (e) {
+        if (e.message.includes("The file is being used by another process") || e.message.includes("The specified timestamp server either could not be reached")) {
+            util_1.log.warn(`First attempt to code sign failed, another attempt will be made in 15 seconds: ${e.message}`);
+            await new Promise((resolve, reject) => {
+                setTimeout(() => {
+                    vm.exec(tool, args, { timeout, env }).then(resolve).catch(reject);
+                }, 15000);
+            });
+        }
+        throw e;
+    }
+}
+exports.doSign = doSign;
+// on windows be aware of http://stackoverflow.com/a/32640183/1910191
+function computeSignToolArgs(options, isWin, vm = new vm_1.VmManager()) {
+    const inputFile = vm.toVmFile(options.path);
+    const outputPath = isWin ? inputFile : getOutputPath(inputFile, options.hash);
+    if (!isWin) {
+        options.resultOutputPath = outputPath;
+    }
+    const args = isWin ? ["sign"] : ["-in", inputFile, "-out", outputPath];
+    if (process.env.ELECTRON_BUILDER_OFFLINE !== "true") {
+        const timestampingServiceUrl = options.options.timeStampServer || "http://timestamp.digicert.com";
+        if (isWin) {
+            args.push(options.isNest || options.hash === "sha256" ? "/tr" : "/t", options.isNest || options.hash === "sha256" ? options.options.rfc3161TimeStampServer || "http://timestamp.digicert.com" : timestampingServiceUrl);
+        }
+        else {
+            args.push("-t", timestampingServiceUrl);
+        }
+    }
+    const certificateFile = options.cscInfo.file;
+    if (certificateFile == null) {
+        const cscInfo = options.cscInfo;
+        const subjectName = cscInfo.thumbprint;
+        if (!isWin) {
+            throw new Error(`${subjectName == null ? "certificateSha1" : "certificateSubjectName"} supported only on Windows`);
+        }
+        args.push("/sha1", cscInfo.thumbprint);
+        args.push("/s", cscInfo.store);
+        if (cscInfo.isLocalMachineStore) {
+            args.push("/sm");
+        }
+    }
+    else {
+        const certExtension = path.extname(certificateFile);
+        if (certExtension === ".p12" || certExtension === ".pfx") {
+            args.push(isWin ? "/f" : "-pkcs12", vm.toVmFile(certificateFile));
+        }
+        else {
+            throw new Error(`Please specify pkcs12 (.p12/.pfx) file, ${certificateFile} is not correct`);
+        }
+    }
+    if (!isWin || options.hash !== "sha1") {
+        args.push(isWin ? "/fd" : "-h", options.hash);
+        if (isWin && process.env.ELECTRON_BUILDER_OFFLINE !== "true") {
+            args.push("/td", "sha256");
+        }
+    }
+    if (options.name) {
+        args.push(isWin ? "/d" : "-n", options.name);
+    }
+    if (options.site) {
+        args.push(isWin ? "/du" : "-i", options.site);
+    }
+    // msi does not support dual-signing
+    if (options.isNest) {
+        args.push(isWin ? "/as" : "-nest");
+    }
+    const password = options.cscInfo == null ? null : options.cscInfo.password;
+    if (password) {
+        args.push(isWin ? "/p" : "-pass", password);
+    }
+    if (options.options.additionalCertificateFile) {
+        args.push(isWin ? "/ac" : "-ac", vm.toVmFile(options.options.additionalCertificateFile));
+    }
+    const httpsProxyFromEnv = process.env.HTTPS_PROXY;
+    if (!isWin && httpsProxyFromEnv != null && httpsProxyFromEnv.length) {
+        args.push("-p", httpsProxyFromEnv);
+    }
+    if (isWin) {
+        // https://github.com/electron-userland/electron-builder/issues/2875#issuecomment-387233610
+        args.push("/debug");
+        // must be last argument
+        args.push(inputFile);
+    }
+    return args;
+}
+function getOutputPath(inputPath, hash) {
+    const extension = path.extname(inputPath);
+    return path.join(path.dirname(inputPath), `${path.basename(inputPath, extension)}-signed-${hash}${extension}`);
+}
+/** @internal */
+function isOldWin6() {
+    const winVersion = os.release();
+    return winVersion.startsWith("6.") && !winVersion.startsWith("6.3");
+}
+exports.isOldWin6 = isOldWin6;
+function getWinSignTool(vendorPath) {
+    // use modern signtool on Windows Server 2012 R2 to be able to sign AppX
+    if (isOldWin6()) {
+        return path.join(vendorPath, "windows-6", "signtool.exe");
+    }
+    else {
+        return path.join(vendorPath, "windows-10", process.arch, "signtool.exe");
+    }
+}
+async function getToolPath(isWin = process.platform === "win32") {
+    if ((0, flags_1.isUseSystemSigncode)()) {
+        return { path: "osslsigncode" };
+    }
+    const result = process.env.SIGNTOOL_PATH;
+    if (result) {
+        return { path: result };
+    }
+    const vendorPath = await getSignVendorPath();
+    if (isWin) {
+        // use modern signtool on Windows Server 2012 R2 to be able to sign AppX
+        return { path: getWinSignTool(vendorPath) };
+    }
+    else if (process.platform === "darwin") {
+        const toolDirPath = path.join(vendorPath, process.platform, "10.12");
+        return {
+            path: path.join(toolDirPath, "osslsigncode"),
+            env: (0, bundledTool_1.computeToolEnv)([path.join(toolDirPath, "lib")]),
+        };
+    }
+    else {
+        return { path: path.join(vendorPath, process.platform, "osslsigncode") };
+    }
+}
+//# sourceMappingURL=windowsCodeSign.js.map