windowsCodeSign.js.map 19.4 KB
{"version":3,"sources":["../src/windowsCodeSign.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;AACA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;AACA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;AACA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;AACA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;AACA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;AACA;;AAEA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;AACA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;AACA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;;4CAiHA,WAAsB,aAAtB,EAAyE,QAAzE,EAA8F;AAC5F;AACA,UAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAR,CAAY,gBAAb,EAAsC,EAAtC,CAAR,IAAqD,KAAK,EAAL,GAAU,IAA/E;AAEA,QAAI,IAAJ;AACA,QAAI,IAAJ;AACA,QAAI,GAAG,GAAG,OAAO,CAAC,GAAlB;AACA,QAAI,EAAJ;;AACA,QAAI,aAAa,CAAC,IAAd,CAAmB,QAAnB,CAA4B,OAA5B,KAAwC,EAAE,UAAU,aAAa,CAAC,OAA1B;AAAqC;AAAjF,MAAsI;AACpI,QAAA,EAAE,GAAG,MAAM,QAAQ,CAAC,EAAT,CAAY,KAAvB;AACA,QAAA,IAAI,GAAG,cAAc,EAAC,MAAM,iBAAiB,EAAxB,EAArB;AACA,QAAA,IAAI,GAAG,mBAAmB,CAAC,aAAD,EAAgB,IAAhB,EAAsB,EAAtB,CAA1B;AACD,OAJD,MAKK;AACH,MAAA,EAAE,GAAG,KAAI,eAAJ,GAAL;AACA,YAAM,QAAQ,GAAG,MAAM,WAAW,EAAlC;AACA,MAAA,IAAI,GAAG,QAAQ,CAAC,IAAhB;AACA,MAAA,IAAI,GAAG,aAAa,CAAC,mBAAd,CAAkC,OAAO,CAAC,QAAR,KAAqB,OAAvD,CAAP;;AACA,UAAI,QAAQ,CAAC,GAAT,IAAgB,IAApB,EAA0B;AACxB,QAAA,GAAG,GAAG,QAAQ,CAAC,GAAf;AACD;AACF;;AAED,QAAI;AACF,YAAM,EAAE,CAAC,IAAH,CAAQ,IAAR,EAAc,IAAd,EAAoB;AAAC,QAAA,OAAD;AAAU,QAAA;AAAV,OAApB,CAAN;AACD,KAFD,CAGA,OAAO,CAAP,EAAU;AACR,UAAI,CAAC,CAAC,OAAF,CAAU,QAAV,CAAmB,2CAAnB,CAAJ,EAAqE;AACnE,cAAM,IAAI,OAAJ,CAAY,CAAC,OAAD,EAAU,MAAV,KAAoB;AACpC,UAAA,UAAU,CAAC,MAAK;AACd,YAAA,EAAE,CAAC,IAAH,CAAQ,IAAR,EAAc,IAAd,EAAoB;AAAC,cAAA,OAAD;AAAU,cAAA;AAAV,aAApB,EACG,IADH,CACQ,OADR,EAEG,KAFH,CAES,MAFT;AAGD,WAJS,EAIP,IAJO,CAAV;AAKD,SANK,CAAN;AAOD;;AACD,YAAM,CAAN;AACD;AACF,G;;kBAtCc,M;;;MA8Cf;;;;4CA6GA,aAA0B;AACxB,QAAI,mCAAJ,EAA2B;AACzB,aAAO;AAAC,QAAA,IAAI,EAAE;AAAP,OAAP;AACD;;AAED,UAAM,MAAM,GAAG,OAAO,CAAC,GAAR,CAAY,aAA3B;;AACA,QAAI,MAAJ,EAAY;AACV,aAAO;AAAC,QAAA,IAAI,EAAE;AAAP,OAAP;AACD;;AAED,UAAM,UAAU,GAAG,MAAM,iBAAiB,EAA1C;;AACA,QAAI,OAAO,CAAC,QAAR,KAAqB,OAAzB,EAAkC;AAChC;AACA,aAAO;AAAC,QAAA,IAAI,EAAE,cAAc,CAAC,UAAD;AAArB,OAAP;AACD,KAHD,MAIK,IAAI,OAAO,CAAC,QAAR,KAAqB,QAAzB,EAAmC;AACtC,UAAI,MAAM,GAAkB,IAA5B;;AACA,UAAI;AACF,YAAI,MAAM,mCAAV,EAA2B;AACzB,gBAAM,WAAW,GAAG,IAAI,CAAC,IAAL,CAAU,UAAV,EAAsB,OAAO,CAAC,QAA9B,EAAwC,OAAxC,CAApB;AACA,iBAAO;AACL,YAAA,IAAI,EAAE,IAAI,CAAC,IAAL,CAAU,WAAV,EAAuB,cAAvB,CADD;AAEL,YAAA,GAAG,EAAE,mCAAe,CAAC,IAAI,CAAC,IAAL,CAAU,WAAV,EAAuB,KAAvB,CAAD,CAAf;AAFA,WAAP;AAID,SAND,MAOK,IAAI,eAAJ,EAAU;AACb;AACA,UAAA,MAAM,GAAG,IAAT;AACD;AACF,OAZD,CAaA,OAAO,CAAP,EAAU;AACR,2BAAI,IAAJ,CAAS,GAAG,CAAC,CAAC,KAAF,IAAW,CAAC,EAAxB;AACD;;AACD,aAAO;AAAC,QAAA,IAAI,EAAE,IAAI,CAAC,IAAL,CAAU,UAAV,EAAsB,OAAO,CAAC,QAA9B,EAAwC,GAAG,MAAM,IAAI,IAAV,GAAiB,EAAjB,GAAsB,GAAG,MAAM,GAAG,cAA7E;AAAP,OAAP;AACD,KAnBI,MAoBA;AACH,aAAO;AAAC,QAAA,IAAI,EAAE,IAAI,CAAC,IAAL,CAAU,UAAV,EAAsB,OAAO,CAAC,QAA9B,EAAwC,cAAxC;AAAP,OAAP;AACD;AACF,G;;kBAtCc,W;;;;;;;;;;AAzQT,SAAU,iBAAV,GAA2B;AAC/B;AACA,SAAO,qCAAiB,aAAjB,EAAgC,OAAhC,EAAyC,0FAAzC,CAAP;AACD;;;2CA0BM,WAAoB,OAApB,EAAiD,QAAjD,EAAsE;AAC3E,QAAI,MAAM,GAAG,OAAO,CAAC,OAAR,CAAgB,qBAA7B,CAD2E,CAE3E;;AACA,QAAI,OAAO,CAAC,IAAR,CAAa,QAAb,CAAsB,MAAtB,CAAJ,EAAmC;AACjC,MAAA,MAAM,GAAG,CAAC,MAAM,IAAI,IAAV,IAAkB,CAAC,MAAM,CAAC,QAAP,CAAgB,MAAhB,CAAnB,GAA6C,QAA7C,GAAwD,MAAzD,CAAT;AACD,KAFD,MAGK,IAAI,OAAO,CAAC,IAAR,CAAa,QAAb,CAAsB,OAAtB,CAAJ,EAAoC;AACvC,MAAA,MAAM,GAAG,CAAC,QAAD,CAAT;AACD,KAFI,MAGA,IAAI,MAAM,IAAI,IAAd,EAAoB;AACvB,MAAA,MAAM,GAAG,CAAC,MAAD,EAAS,QAAT,CAAT;AACD,KAFI,MAGA;AACH,MAAA,MAAM,GAAG,KAAK,CAAC,OAAN,CAAc,MAAd,IAAwB,MAAxB,GAAiC,CAAC,MAAD,CAA1C;AACD;;AAED,aAAS,eAAT,CAAyB,aAAzB,EAA0E;AACxE,aAAO,MAAM,CAAC,aAAD,EAAgB,QAAhB,CAAb;AACD;;AAED,UAAM,QAAQ,GAAG,yCAAgB,OAAO,CAAC,OAAR,CAAgB,IAAhC,EAAsC,MAAtC,KAAiD,eAAlE;AACA,QAAI,MAAM,GAAG,KAAb;;AACA,SAAK,MAAM,IAAX,IAAmB,MAAnB,EAA2B;AACzB,YAAM,iBAAiB,GAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EAAqC,OAArC,EAA4C;AAAE,QAAA,IAAF;AAAQ,QAAA;AAAR,OAA5C,CAAvB;AACA,YAAM,QAAQ,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EACT,iBADS,EACQ;AACpB,QAAA,mBAAmB,EAAE,KAAK,IAAI,mBAAmB,CAAC,iBAAD,EAAoB,KAApB;AAD7B,OADR,CAAA,CAAd;AAIA,MAAA,MAAM,GAAG,IAAT;;AACA,UAAI,iBAAiB,CAAC,gBAAlB,IAAsC,IAA1C,EAAgD;AAC9C,cAAM,wBAAO,iBAAiB,CAAC,gBAAzB,EAA2C,OAAO,CAAC,IAAnD,CAAN;AACD;AACF;AACF,G;;kBAjCqB,I;;;;;;;;4CA+Cf,WAA2C,OAA3C,EAA0E,EAA1E,EAAuF;AAC5F,UAAM,sBAAsB,GAAG,OAAO,CAAC,sBAAvC;AACA,UAAM,eAAe,GAAG,OAAO,CAAC,eAAhC,CAF4F,CAG5F;AACA;;AACA,UAAM,SAAS,GAAG,MAAM,EAAE,CAAC,IAAH,CAAQ,gBAAR,EAA0B,CAAC,oIAAD,CAA1B,CAAxB;AACA,UAAM,QAAQ,GAAG,SAAS,CAAC,MAAV,KAAqB,CAArB,GAAyB,EAAzB,GAA8B,4BAAkB,IAAI,CAAC,KAAL,CAAW,SAAX,CAAlB,CAA/C;;AACA,SAAK,MAAM,QAAX,IAAuB,QAAvB,EAAiC;AAC/B,UAAI,sBAAsB,IAAI,IAA9B,EAAoC;AAClC,YAAI,CAAC,QAAQ,CAAC,OAAT,CAAiB,QAAjB,CAA0B,sBAA1B,CAAL,EAAwD;AACtD;AACD;AACF,OAJD,MAKK,IAAI,QAAQ,CAAC,UAAT,KAAwB,eAA5B,EAA6C;AAChD;AACD;;AAED,YAAM,UAAU,GAAG,QAAQ,CAAC,YAA5B;AACA,YAAM,KAAK,GAAG,UAAU,CAAC,SAAX,CAAqB,UAAU,CAAC,WAAX,CAAuB,IAAvB,IAA+B,CAApD,CAAd;;AACA,yBAAI,KAAJ,CAAU;AAAC,QAAA,KAAD;AAAQ,QAAA,YAAY,EAAE;AAAtB,OAAV,EAA6C,+BAA7C,EAZ+B,CAa/B;;;AACA,YAAM,mBAAmB,GAAI,UAAU,CAAC,QAAX,CAAoB,2BAApB,CAA7B;;AACA,yBAAI,KAAJ,CAAU,IAAV,EAAgB,yCAAhB;;AACA,aAAO;AACL,QAAA,UAAU,EAAE,QAAQ,CAAC,UADhB;AAEL,QAAA,OAAO,EAAE,QAAQ,CAAC,OAFb;AAGL,QAAA,KAHK;AAIL,QAAA;AAJK,OAAP;AAMD;;AAED,UAAM,IAAI,KAAJ,CAAU,2BAA2B,sBAAsB,IAAI,eAAe,gBAAgB,SAAS,EAAvG,CAAN;AACD,G;;kBAhCqB,2B;;;;;;;AAiFtB,SAAS,mBAAT,CAA6B,OAA7B,EAAoE,KAApE,EAAoF,EAAA,GAAgB,KAAI,eAAJ,GAApG,EAAmH;AACjH,QAAM,SAAS,GAAG,EAAE,CAAC,QAAH,CAAY,OAAO,CAAC,IAApB,CAAlB;AACA,QAAM,UAAU,GAAG,KAAK,GAAG,SAAH,GAAe,aAAa,CAAC,SAAD,EAAY,OAAO,CAAC,IAApB,CAApD;;AACA,MAAI,CAAC,KAAL,EAAY;AACV,IAAA,OAAO,CAAC,gBAAR,GAA2B,UAA3B;AACD;;AAED,QAAM,IAAI,GAAG,KAAK,GAAG,CAAC,MAAD,CAAH,GAAc,CAAC,KAAD,EAAQ,SAAR,EAAmB,MAAnB,EAA2B,UAA3B,CAAhC;;AAEA,MAAI,OAAO,CAAC,GAAR,CAAY,wBAAZ,KAAyC,MAA7C,EAAqD;AACnD,UAAM,sBAAsB,GAAG,OAAO,CAAC,OAAR,CAAgB,eAAhB,IAAmC,oDAAlE;;AACA,QAAI,KAAJ,EAAW;AACT,MAAA,IAAI,CAAC,IAAL,CAAU,OAAO,CAAC,MAAR,IAAkB,OAAO,CAAC,IAAR,KAAiB,QAAnC,GAA8C,KAA9C,GAAsD,IAAhE,EAAsE,OAAO,CAAC,MAAR,IAAkB,OAAO,CAAC,IAAR,KAAiB,QAAnC,GAA+C,OAAO,CAAC,OAAR,CAAgB,sBAAhB,IAA0C,uCAAzF,GAAoI,sBAA1M;AACD,KAFD,MAGK;AACH,MAAA,IAAI,CAAC,IAAL,CAAU,IAAV,EAAgB,sBAAhB;AACD;AACF;;AAED,QAAM,eAAe,GAAI,OAAO,CAAC,OAAR,CAAwC,IAAjE;;AACA,MAAI,eAAe,IAAI,IAAvB,EAA6B;AAC3B,UAAM,OAAO,GAAI,OAAO,CAAC,OAAzB;AACA,UAAM,WAAW,GAAG,OAAO,CAAC,UAA5B;;AACA,QAAI,CAAC,KAAL,EAAY;AACV,YAAM,IAAI,KAAJ,CAAU,GAAG,WAAW,IAAI,IAAf,GAAsB,iBAAtB,GAA0C,wBAAwB,4BAA/E,CAAN;AACD;;AAED,IAAA,IAAI,CAAC,IAAL,CAAU,OAAV,EAAmB,OAAO,CAAC,UAA3B;AACA,IAAA,IAAI,CAAC,IAAL,CAAU,IAAV,EAAgB,OAAO,CAAC,KAAxB;;AACA,QAAI,OAAO,CAAC,mBAAZ,EAAiC;AAC/B,MAAA,IAAI,CAAC,IAAL,CAAU,KAAV;AACD;AACF,GAZD,MAaK;AACH,UAAM,aAAa,GAAG,IAAI,CAAC,OAAL,CAAa,eAAb,CAAtB;;AACA,QAAI,aAAa,KAAK,MAAlB,IAA4B,aAAa,KAAK,MAAlD,EAA0D;AACxD,MAAA,IAAI,CAAC,IAAL,CAAU,KAAK,GAAG,IAAH,GAAU,SAAzB,EAAoC,EAAE,CAAC,QAAH,CAAY,eAAZ,CAApC;AACD,KAFD,MAGK;AACH,YAAM,IAAI,KAAJ,CAAU,2CAA2C,eAAe,iBAApE,CAAN;AACD;AACF;;AAED,MAAI,CAAC,KAAD,IAAU,OAAO,CAAC,IAAR,KAAiB,MAA/B,EAAuC;AACrC,IAAA,IAAI,CAAC,IAAL,CAAU,KAAK,GAAG,KAAH,GAAW,IAA1B,EAAgC,OAAO,CAAC,IAAxC;;AACA,QAAI,KAAK,IAAI,OAAO,CAAC,GAAR,CAAY,wBAAZ,KAAyC,MAAtD,EAA8D;AAC5D,MAAA,IAAI,CAAC,IAAL,CAAU,KAAV,EAAiB,QAAjB;AACD;AACF;;AAED,MAAI,OAAO,CAAC,IAAZ,EAAkB;AAChB,IAAA,IAAI,CAAC,IAAL,CAAU,KAAK,GAAG,IAAH,GAAU,IAAzB,EAA+B,OAAO,CAAC,IAAvC;AACD;;AAED,MAAI,OAAO,CAAC,IAAZ,EAAkB;AAChB,IAAA,IAAI,CAAC,IAAL,CAAU,KAAK,GAAG,KAAH,GAAW,IAA1B,EAAgC,OAAO,CAAC,IAAxC;AACD,GAxDgH,CA0DjH;;;AACA,MAAI,OAAO,CAAC,MAAZ,EAAoB;AAClB,IAAA,IAAI,CAAC,IAAL,CAAU,KAAK,GAAG,KAAH,GAAW,OAA1B;AACD;;AAED,QAAM,QAAQ,GAAG,OAAO,CAAC,OAAR,IAAmB,IAAnB,GAA0B,IAA1B,GAAkC,OAAO,CAAC,OAAR,CAAwC,QAA3F;;AACA,MAAI,QAAJ,EAAc;AACZ,IAAA,IAAI,CAAC,IAAL,CAAU,KAAK,GAAG,IAAH,GAAU,OAAzB,EAAkC,QAAlC;AACD;;AAED,MAAI,OAAO,CAAC,OAAR,CAAgB,yBAApB,EAA+C;AAC7C,IAAA,IAAI,CAAC,IAAL,CAAU,KAAK,GAAG,KAAH,GAAW,KAA1B,EAAiC,EAAE,CAAC,QAAH,CAAY,OAAO,CAAC,OAAR,CAAgB,yBAA5B,CAAjC;AACD;;AAED,QAAM,iBAAiB,GAAG,OAAO,CAAC,GAAR,CAAY,WAAtC;;AACA,MAAI,CAAC,KAAD,IAAU,iBAAiB,IAAI,IAA/B,IAAuC,iBAAiB,CAAC,MAA7D,EAAqE;AACnE,IAAA,IAAI,CAAC,IAAL,CAAU,IAAV,EAAgB,iBAAhB;AACD;;AAED,MAAI,KAAJ,EAAW;AACT;AACA,IAAA,IAAI,CAAC,IAAL,CAAU,QAAV,EAFS,CAGT;;AACA,IAAA,IAAI,CAAC,IAAL,CAAU,SAAV;AACD;;AAED,SAAO,IAAP;AACD;;AAED,SAAS,aAAT,CAAuB,SAAvB,EAA0C,IAA1C,EAAsD;AACpD,QAAM,SAAS,GAAG,IAAI,CAAC,OAAL,CAAa,SAAb,CAAlB;AACA,SAAO,IAAI,CAAC,IAAL,CAAU,IAAI,CAAC,OAAL,CAAa,SAAb,CAAV,EAAmC,GAAG,IAAI,CAAC,QAAL,CAAc,SAAd,EAAyB,SAAzB,CAAmC,WAAW,IAAI,GAAG,SAAS,EAApG,CAAP;AACD;AAED;;;AACM,SAAU,SAAV,GAAmB;AACvB,QAAM,UAAU,GAAG,EAAE,GAAC,OAAH,EAAnB;AACA,SAAO,UAAU,CAAC,UAAX,CAAsB,IAAtB,KAA+B,CAAC,UAAU,CAAC,UAAX,CAAsB,KAAtB,CAAvC;AACD;;AAED,SAAS,cAAT,CAAwB,UAAxB,EAA0C;AACxC;AACA,MAAI,SAAS,EAAb,EAAiB;AACf,WAAO,IAAI,CAAC,IAAL,CAAU,UAAV,EAAsB,WAAtB,EAAmC,cAAnC,CAAP;AACD,GAFD,MAGK;AACH,WAAO,IAAI,CAAC,IAAL,CAAU,UAAV,EAAsB,YAAtB,EAAoC,OAAO,CAAC,IAA5C,EAAkD,cAAlD,CAAP;AACD;AACF","sourcesContent":["import { asArray, isMacOsSierra, log } from \"builder-util\"\nimport { getBinFromGithub } from \"./binDownload\"\nimport { computeToolEnv, ToolInfo } from \"builder-util/out/bundledTool\"\nimport { rename } from \"fs-extra-p\"\nimport isCi from \"is-ci\"\nimport * as os from \"os\"\nimport * as path from \"path\"\nimport { WindowsConfiguration } from \"./options/winOptions\"\nimport { resolveFunction } from \"./platformPackager\"\nimport { isUseSystemSigncode } from \"./util/flags\"\nimport { VmManager } from \"./vm/vm\"\nimport { WinPackager } from \"./winPackager\"\n\nexport function getSignVendorPath() {\n  //noinspection SpellCheckingInspection\n  return getBinFromGithub(\"winCodeSign\", \"2.3.1\", \"J64zdgTQNW9D7gMLXHFiOB7haTmJNKqMj9+rR9wSRo83wKrOypO49dRpmjENp7sm7uo6Cdx7FK3lhVod0gfvJw==\")\n}\n\nexport type CustomWindowsSign = (configuration: CustomWindowsSignTaskConfiguration) => Promise<any>\n\nexport interface WindowsSignOptions {\n  readonly path: string\n\n  readonly name?: string | null\n  readonly cscInfo?: FileCodeSigningInfo | CertificateFromStoreInfo | null\n  readonly site?: string | null\n\n  readonly options: WindowsConfiguration\n}\n\nexport interface WindowsSignTaskConfiguration extends WindowsSignOptions {\n  // set if output path differs from input (e.g. osslsigncode cannot sign file inplace)\n  resultOutputPath?: string\n\n  hash: string\n  isNest: boolean\n}\n\nexport interface CustomWindowsSignTaskConfiguration extends WindowsSignTaskConfiguration {\n  computeSignToolArgs(isWin: boolean): Array<string>\n}\n\nexport async function sign(options: WindowsSignOptions, packager: WinPackager) {\n  let hashes = options.options.signingHashAlgorithms\n  // msi does not support dual-signing\n  if (options.path.endsWith(\".msi\")) {\n    hashes = [hashes != null && !hashes.includes(\"sha1\") ? \"sha256\" : \"sha1\"]\n  }\n  else if (options.path.endsWith(\".appx\")) {\n    hashes = [\"sha256\"]\n  }\n  else if (hashes == null) {\n    hashes = [\"sha1\", \"sha256\"]\n  }\n  else {\n    hashes = Array.isArray(hashes) ? hashes : [hashes]\n  }\n\n  function defaultExecutor(configuration: CustomWindowsSignTaskConfiguration) {\n    return doSign(configuration, packager)\n  }\n\n  const executor = resolveFunction(options.options.sign, \"sign\") || defaultExecutor\n  let isNest = false\n  for (const hash of hashes) {\n    const taskConfiguration: WindowsSignTaskConfiguration = {...options, hash, isNest}\n    await executor({\n      ...taskConfiguration,\n      computeSignToolArgs: isWin => computeSignToolArgs(taskConfiguration, isWin)\n    })\n    isNest = true\n    if (taskConfiguration.resultOutputPath != null) {\n      await rename(taskConfiguration.resultOutputPath, options.path)\n    }\n  }\n}\n\nexport interface FileCodeSigningInfo {\n  readonly file: string\n  readonly password: string | null\n}\n\nexport interface CertificateFromStoreInfo {\n  thumbprint: string\n  subject: string\n  store: string\n  isLocalMachineStore: boolean\n}\n\nexport async function getCertificateFromStoreInfo(options: WindowsConfiguration, vm: VmManager): Promise<CertificateFromStoreInfo> {\n  const certificateSubjectName = options.certificateSubjectName\n  const certificateSha1 = options.certificateSha1\n  // ExcludeProperty doesn't work, so, we cannot exclude RawData, it is ok\n  // powershell can return object if the only item\n  const rawResult = await vm.exec(\"powershell.exe\", [\"Get-ChildItem -Recurse Cert: -CodeSigningCert | Select-Object -Property Subject,PSParentPath,Thumbprint | ConvertTo-Json -Compress\"])\n  const certList = rawResult.length === 0 ? [] : asArray<CertInfo>(JSON.parse(rawResult))\n  for (const certInfo of certList) {\n    if (certificateSubjectName != null) {\n      if (!certInfo.Subject.includes(certificateSubjectName)) {\n        continue\n      }\n    }\n    else if (certInfo.Thumbprint !== certificateSha1) {\n      continue\n    }\n\n    const parentPath = certInfo.PSParentPath\n    const store = parentPath.substring(parentPath.lastIndexOf(\"\\\\\") + 1)\n    log.debug({store, PSParentPath: parentPath}, \"auto-detect certificate store\")\n    // https://github.com/electron-userland/electron-builder/issues/1717\n    const isLocalMachineStore = (parentPath.includes(\"Certificate::LocalMachine\"))\n    log.debug(null, \"auto-detect using of LocalMachine store\")\n    return {\n      thumbprint: certInfo.Thumbprint,\n      subject: certInfo.Subject,\n      store,\n      isLocalMachineStore\n    }\n  }\n\n  throw new Error(`Cannot find certificate ${certificateSubjectName || certificateSha1}, all certs: ${rawResult}`)\n}\n\nasync function doSign(configuration: CustomWindowsSignTaskConfiguration, packager: WinPackager) {\n  // https://github.com/electron-userland/electron-builder/pull/1944\n  const timeout = parseInt(process.env.SIGNTOOL_TIMEOUT as any, 10) || 10 * 60 * 1000\n\n  let tool: string\n  let args: Array<string>\n  let env = process.env\n  let vm: VmManager\n  if (configuration.path.endsWith(\".appx\") || !(\"file\" in configuration.cscInfo!!) /* certificateSubjectName and other such options */) {\n    vm = await packager.vm.value\n    tool = getWinSignTool(await getSignVendorPath())\n    args = computeSignToolArgs(configuration, true, vm)\n  }\n  else {\n    vm = new VmManager()\n    const toolInfo = await getToolPath()\n    tool = toolInfo.path\n    args = configuration.computeSignToolArgs(process.platform === \"win32\")\n    if (toolInfo.env != null) {\n      env = toolInfo.env\n    }\n  }\n\n  try {\n    await vm.exec(tool, args, {timeout, env})\n  }\n  catch (e) {\n    if (e.message.includes(\"The file is being used by another process\")) {\n      await new Promise((resolve, reject) => {\n        setTimeout(() => {\n          vm.exec(tool, args, {timeout, env})\n            .then(resolve)\n            .catch(reject)\n        }, 2000)\n      })\n    }\n    throw e\n  }\n}\n\ninterface CertInfo {\n  Subject: string\n  Thumbprint: string\n  PSParentPath: string\n}\n\n// on windows be aware of http://stackoverflow.com/a/32640183/1910191\nfunction computeSignToolArgs(options: WindowsSignTaskConfiguration, isWin: boolean, vm: VmManager = new VmManager()): Array<string> {\n  const inputFile = vm.toVmFile(options.path)\n  const outputPath = isWin ? inputFile : getOutputPath(inputFile, options.hash)\n  if (!isWin) {\n    options.resultOutputPath = outputPath\n  }\n\n  const args = isWin ? [\"sign\"] : [\"-in\", inputFile, \"-out\", outputPath]\n\n  if (process.env.ELECTRON_BUILDER_OFFLINE !== \"true\") {\n    const timestampingServiceUrl = options.options.timeStampServer || \"http://timestamp.verisign.com/scripts/timstamp.dll\"\n    if (isWin) {\n      args.push(options.isNest || options.hash === \"sha256\" ? \"/tr\" : \"/t\", options.isNest || options.hash === \"sha256\" ? (options.options.rfc3161TimeStampServer || \"http://timestamp.comodoca.com/rfc3161\") : timestampingServiceUrl)\n    }\n    else {\n      args.push(\"-t\", timestampingServiceUrl)\n    }\n  }\n\n  const certificateFile = (options.cscInfo as FileCodeSigningInfo).file\n  if (certificateFile == null) {\n    const cscInfo = (options.cscInfo as CertificateFromStoreInfo)\n    const subjectName = cscInfo.thumbprint\n    if (!isWin) {\n      throw new Error(`${subjectName == null ? \"certificateSha1\" : \"certificateSubjectName\"} supported only on Windows`)\n    }\n\n    args.push(\"/sha1\", cscInfo.thumbprint)\n    args.push(\"/s\", cscInfo.store)\n    if (cscInfo.isLocalMachineStore) {\n      args.push(\"/sm\")\n    }\n  }\n  else {\n    const certExtension = path.extname(certificateFile)\n    if (certExtension === \".p12\" || certExtension === \".pfx\") {\n      args.push(isWin ? \"/f\" : \"-pkcs12\", vm.toVmFile(certificateFile))\n    }\n    else {\n      throw new Error(`Please specify pkcs12 (.p12/.pfx) file, ${certificateFile} is not correct`)\n    }\n  }\n\n  if (!isWin || options.hash !== \"sha1\") {\n    args.push(isWin ? \"/fd\" : \"-h\", options.hash)\n    if (isWin && process.env.ELECTRON_BUILDER_OFFLINE !== \"true\") {\n      args.push(\"/td\", \"sha256\")\n    }\n  }\n\n  if (options.name) {\n    args.push(isWin ? \"/d\" : \"-n\", options.name)\n  }\n\n  if (options.site) {\n    args.push(isWin ? \"/du\" : \"-i\", options.site)\n  }\n\n  // msi does not support dual-signing\n  if (options.isNest) {\n    args.push(isWin ? \"/as\" : \"-nest\")\n  }\n\n  const password = options.cscInfo == null ? null : (options.cscInfo as FileCodeSigningInfo).password\n  if (password) {\n    args.push(isWin ? \"/p\" : \"-pass\", password)\n  }\n\n  if (options.options.additionalCertificateFile) {\n    args.push(isWin ? \"/ac\" : \"-ac\", vm.toVmFile(options.options.additionalCertificateFile))\n  }\n\n  const httpsProxyFromEnv = process.env.HTTPS_PROXY\n  if (!isWin && httpsProxyFromEnv != null && httpsProxyFromEnv.length) {\n    args.push(\"-p\", httpsProxyFromEnv)\n  }\n\n  if (isWin) {\n    // https://github.com/electron-userland/electron-builder/issues/2875#issuecomment-387233610\n    args.push(\"/debug\")\n    // must be last argument\n    args.push(inputFile)\n  }\n\n  return args\n}\n\nfunction getOutputPath(inputPath: string, hash: string) {\n  const extension = path.extname(inputPath)\n  return path.join(path.dirname(inputPath), `${path.basename(inputPath, extension)}-signed-${hash}${extension}`)\n}\n\n/** @internal */\nexport function isOldWin6() {\n  const winVersion = os.release()\n  return winVersion.startsWith(\"6.\") && !winVersion.startsWith(\"6.3\")\n}\n\nfunction getWinSignTool(vendorPath: string): string {\n  // use modern signtool on Windows Server 2012 R2 to be able to sign AppX\n  if (isOldWin6()) {\n    return path.join(vendorPath, \"windows-6\", \"signtool.exe\")\n  }\n  else {\n    return path.join(vendorPath, \"windows-10\", process.arch, \"signtool.exe\")\n  }\n}\n\nasync function getToolPath(): Promise<ToolInfo> {\n  if (isUseSystemSigncode()) {\n    return {path: \"osslsigncode\"}\n  }\n\n  const result = process.env.SIGNTOOL_PATH\n  if (result) {\n    return {path: result}\n  }\n\n  const vendorPath = await getSignVendorPath()\n  if (process.platform === \"win32\") {\n    // use modern signtool on Windows Server 2012 R2 to be able to sign AppX\n    return {path: getWinSignTool(vendorPath)}\n  }\n  else if (process.platform === \"darwin\") {\n    let suffix: string | null = null\n    try {\n      if (await isMacOsSierra()) {\n        const toolDirPath = path.join(vendorPath, process.platform, \"10.12\")\n        return {\n          path: path.join(toolDirPath, \"osslsigncode\"),\n          env: computeToolEnv([path.join(toolDirPath, \"lib\")]),\n        }\n      }\n      else if (isCi) {\n        // not clear for what we do this instead of using version detection\n        suffix = \"ci\"\n      }\n    }\n    catch (e) {\n      log.warn(`${e.stack || e}`)\n    }\n    return {path: path.join(vendorPath, process.platform, `${suffix == null ? \"\" : `${suffix}/`}osslsigncode`)}\n  }\n  else {\n    return {path: path.join(vendorPath, process.platform, \"osslsigncode\")}\n  }\n}\n"],"sourceRoot":""}