UNPKG

@minimaltech/electron-infra

Version:

Minimal Technology ElectronJS Infrastructure

github.com/phatnt199/electron-infra/wiki

phatnt199/electron-infra

58 lines 3.42 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
"use strict"; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; Object.defineProperty(exports, "__esModule", { value: true }); exports.verifySelfCodeSigningSignature = void 0; const common_1 = require("../common"); const node_infra_1 = require("@minimaltech/node-infra"); const verifySelfCodeSigningSignature = (opts) => __awaiter(void 0, void 0, void 0, function* () { var _a, _b, _c; const { autoUpdaterOptions } = opts; if (!(autoUpdaterOptions === null || autoUpdaterOptions === void 0 ? void 0 : autoUpdaterOptions.use)) { return null; } const { caType } = autoUpdaterOptions.verify; if (caType !== common_1.CASignTypes.SELF_SIGNED_CA) { return `Not allow custom verifySignature for non self-signed verification | caType: ${caType}`; } // Validate OS SignTool Result const { doVerifySignToolStatus = true, validSubjects = null } = autoUpdaterOptions.verify; const { signature } = opts; if (doVerifySignToolStatus && signature.Status !== 0) { return `Invalid signature status | status: ${signature.Status} - ${signature.StatusMessage}`; } // Validate Certificate Issuer const subject = ((_a = signature === null || signature === void 0 ? void 0 : signature.SignerCertificate) === null || _a === void 0 ? void 0 : _a.Subject) || ''; if (validSubjects === null || validSubjects === void 0 ? void 0 : validSubjects.length) { const validCNs = validSubjects.map(cn => `CN=${cn}`); const isValidCN = validCNs.findIndex(cn => subject.includes(cn)) > -1; if (!isValidCN) { return `Invalid certificate subject | expected: ${validCNs} | subject: ${subject}`; } } // Validate Certificate Period const certNotBefore = (_b = signature === null || signature === void 0 ? void 0 : signature.SignerCertificate) === null || _b === void 0 ? void 0 : _b.NotBefore; const certNotAfter = (_c = signature === null || signature === void 0 ? void 0 : signature.SignerCertificate) === null || _c === void 0 ? void 0 : _c.NotAfter; if (!certNotBefore || !certNotAfter) { return 'Missing certificate validity period (NotBefore or NotAfter)'; } const notBefore = parseInt(certNotBefore.replace(/[^0-9]/g, ''), 10); const notAfter = parseInt(certNotAfter.replace(/[^0-9]/g, ''), 10); const now = new Date().getTime(); if (now < notBefore) { return `Certificate is not valid yet. Valid from: ${(0, node_infra_1.dayjs)(notBefore).toISOString()}`; } if (now > notAfter) { return `Certificate has expired. Valid until: ${(0, node_infra_1.dayjs)(notAfter).toISOString()}`; } return null; }); exports.verifySelfCodeSigningSignature = verifySelfCodeSigningSignature; //# sourceMappingURL=self-code-siging.helper.js.map