stuff

buildfiles/node_modules/app-builder-lib/out/codeSign/codesign.d.ts

@@ -0,0 +1,3 @@
+import { TmpDir } from "temp-file";
+/** @private */
+export declare function downloadCertificate(urlOrBase64: string, tmpDir: TmpDir, currentDir: string): Promise<string>;

buildfiles/node_modules/app-builder-lib/out/codeSign/codesign.js

@@ -0,0 +1,107 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.downloadCertificate = downloadCertificate;
+
+function _fsExtra() {
+  const data = require("fs-extra");
+
+  _fsExtra = function () {
+    return data;
+  };
+
+  return data;
+}
+
+function _os() {
+  const data = require("os");
+
+  _os = function () {
+    return data;
+  };
+
+  return data;
+}
+
+var path = _interopRequireWildcard(require("path"));
+
+function _builderUtil() {
+  const data = require("builder-util");
+
+  _builderUtil = function () {
+    return data;
+  };
+
+  return data;
+}
+
+function _fs() {
+  const data = require("builder-util/out/fs");
+
+  _fs = function () {
+    return data;
+  };
+
+  return data;
+}
+
+function _binDownload() {
+  const data = require("../binDownload");
+
+  _binDownload = function () {
+    return data;
+  };
+
+  return data;
+}
+
+function _getRequireWildcardCache() { if (typeof WeakMap !== "function") return null; var cache = new WeakMap(); _getRequireWildcardCache = function () { return cache; }; return cache; }
+
+function _interopRequireWildcard(obj) { if (obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
+
+/** @private */
+async function downloadCertificate(urlOrBase64, tmpDir, currentDir) {
+  urlOrBase64 = urlOrBase64.trim();
+  let file = null;
+
+  if (urlOrBase64.length > 3 && urlOrBase64[1] === ":" || urlOrBase64.startsWith("/") || urlOrBase64.startsWith(".")) {
+    file = urlOrBase64;
+  } else if (urlOrBase64.startsWith("file://")) {
+    file = urlOrBase64.substring("file://".length);
+  } else if (urlOrBase64.startsWith("~/")) {
+    file = path.join((0, _os().homedir)(), urlOrBase64.substring("~/".length));
+  } else {
+    const isUrl = urlOrBase64.startsWith("https://");
+
+    if (isUrl || urlOrBase64.length > 2048 || urlOrBase64.endsWith("=")) {
+      const tempFile = await tmpDir.getTempFile({
+        suffix: ".p12"
+      });
+
+      if (isUrl) {
+        await (0, _binDownload().download)(urlOrBase64, tempFile);
+      } else {
+        await (0, _fsExtra().outputFile)(tempFile, Buffer.from(urlOrBase64, "base64"));
+      }
+
+      return tempFile;
+    } else {
+      file = urlOrBase64;
+    }
+  }
+
+  file = path.resolve(currentDir, file);
+  const stat = await (0, _fs().statOrNull)(file);
+
+  if (stat == null) {
+    throw new (_builderUtil().InvalidConfigurationError)(`${file} doesn't exist`);
+  } else if (!stat.isFile()) {
+    throw new (_builderUtil().InvalidConfigurationError)(`${file} not a file`);
+  } else {
+    return file;
+  }
+} 
+// __ts-babel@6.0.4
+//# sourceMappingURL=codesign.js.map

buildfiles/node_modules/app-builder-lib/out/codeSign/codesign.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/codeSign/codesign.ts"],"names":[],"mappings":";;;;;;;AAAA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;AACA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;AACA;;AAEA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;AACA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;AACA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;;;;;;AAEA;AACO,eAAe,mBAAf,CAAmC,WAAnC,EAAwD,MAAxD,EAAwE,UAAxE,EAA0F;AAC/F,EAAA,WAAW,GAAG,WAAW,CAAC,IAAZ,EAAd;AAEA,MAAI,IAAI,GAAkB,IAA1B;;AACA,MAAK,WAAW,CAAC,MAAZ,GAAqB,CAArB,IAA0B,WAAW,CAAC,CAAD,CAAX,KAAmB,GAA9C,IAAsD,WAAW,CAAC,UAAZ,CAAuB,GAAvB,CAAtD,IAAqF,WAAW,CAAC,UAAZ,CAAuB,GAAvB,CAAzF,EAAsH;AACpH,IAAA,IAAI,GAAG,WAAP;AACD,GAFD,MAGK,IAAI,WAAW,CAAC,UAAZ,CAAuB,SAAvB,CAAJ,EAAuC;AAC1C,IAAA,IAAI,GAAG,WAAW,CAAC,SAAZ,CAAsB,UAAU,MAAhC,CAAP;AACD,GAFI,MAGA,IAAI,WAAW,CAAC,UAAZ,CAAuB,IAAvB,CAAJ,EAAkC;AACrC,IAAA,IAAI,GAAG,IAAI,CAAC,IAAL,CAAU,oBAAV,EAAqB,WAAW,CAAC,SAAZ,CAAsB,KAAK,MAA3B,CAArB,CAAP;AACD,GAFI,MAGA;AACH,UAAM,KAAK,GAAG,WAAW,CAAC,UAAZ,CAAuB,UAAvB,CAAd;;AACA,QAAI,KAAK,IAAI,WAAW,CAAC,MAAZ,GAAqB,IAA9B,IAAsC,WAAW,CAAC,QAAZ,CAAqB,GAArB,CAA1C,EAAqE;AACnE,YAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,WAAP,CAAmB;AAAC,QAAA,MAAM,EAAE;AAAT,OAAnB,CAAvB;;AACA,UAAI,KAAJ,EAAW;AACT,cAAM,6BAAS,WAAT,EAAsB,QAAtB,CAAN;AACD,OAFD,MAGK;AACH,cAAM,2BAAW,QAAX,EAAqB,MAAM,CAAC,IAAP,CAAY,WAAZ,EAAyB,QAAzB,CAArB,CAAN;AACD;;AACD,aAAO,QAAP;AACD,KATD,MAUK;AACH,MAAA,IAAI,GAAG,WAAP;AACD;AACF;;AAED,EAAA,IAAI,GAAG,IAAI,CAAC,OAAL,CAAa,UAAb,EAAyB,IAAzB,CAAP;AACA,QAAM,IAAI,GAAG,MAAM,sBAAW,IAAX,CAAnB;;AACA,MAAI,IAAI,IAAI,IAAZ,EAAkB;AAChB,UAAM,KAAI,wCAAJ,EAA8B,GAAG,IAAI,gBAArC,CAAN;AACD,GAFD,MAGK,IAAI,CAAC,IAAI,CAAC,MAAL,EAAL,EAAoB;AACvB,UAAM,KAAI,wCAAJ,EAA8B,GAAG,IAAI,aAArC,CAAN;AACD,GAFI,MAGA;AACH,WAAO,IAAP;AACD;AACF,C","sourcesContent":["import { outputFile } from \"fs-extra\"\nimport { homedir } from \"os\"\nimport * as path from \"path\"\nimport { TmpDir } from \"temp-file\"\nimport { InvalidConfigurationError } from \"builder-util\"\nimport { statOrNull } from \"builder-util/out/fs\"\nimport { download } from \"../binDownload\"\n\n/** @private */\nexport async function downloadCertificate(urlOrBase64: string, tmpDir: TmpDir, currentDir: string): Promise<string> {\n  urlOrBase64 = urlOrBase64.trim()\n\n  let file: string | null = null\n  if ((urlOrBase64.length > 3 && urlOrBase64[1] === \":\") || urlOrBase64.startsWith(\"/\") || urlOrBase64.startsWith(\".\")) {\n    file = urlOrBase64\n  }\n  else if (urlOrBase64.startsWith(\"file://\")) {\n    file = urlOrBase64.substring(\"file://\".length)\n  }\n  else if (urlOrBase64.startsWith(\"~/\")) {\n    file = path.join(homedir(), urlOrBase64.substring(\"~/\".length))\n  }\n  else {\n    const isUrl = urlOrBase64.startsWith(\"https://\")\n    if (isUrl || urlOrBase64.length > 2048 || urlOrBase64.endsWith(\"=\")) {\n      const tempFile = await tmpDir.getTempFile({suffix: \".p12\"})\n      if (isUrl) {\n        await download(urlOrBase64, tempFile)\n      }\n      else {\n        await outputFile(tempFile, Buffer.from(urlOrBase64, \"base64\"))\n      }\n      return tempFile\n    }\n    else {\n      file = urlOrBase64\n    }\n  }\n\n  file = path.resolve(currentDir, file)\n  const stat = await statOrNull(file)\n  if (stat == null) {\n    throw new InvalidConfigurationError(`${file} doesn't exist`)\n  }\n  else if (!stat.isFile()) {\n    throw new InvalidConfigurationError(`${file} not a file`)\n  }\n  else {\n    return file\n  }\n}"],"sourceRoot":""}

buildfiles/node_modules/app-builder-lib/out/codeSign/macCodeSign.d.ts

@@ -0,0 +1,27 @@
+import { TmpDir } from "builder-util/out/util";
+export declare const appleCertificatePrefixes: string[];
+export declare type CertType = "Developer ID Application" | "Developer ID Installer" | "3rd Party Mac Developer Application" | "3rd Party Mac Developer Installer" | "Mac Developer";
+export interface CodeSigningInfo {
+    keychainFile?: string | null;
+}
+export declare function isSignAllowed(isPrintWarn?: boolean): boolean;
+export declare function reportError(isMas: boolean, certificateType: CertType, qualifier: string | null | undefined, keychainFile: string | null | undefined, isForceCodeSigning: boolean): Promise<void>;
+export interface CreateKeychainOptions {
+    tmpDir: TmpDir;
+    cscLink: string;
+    cscKeyPassword: string;
+    cscILink?: string | null;
+    cscIKeyPassword?: string | null;
+    currentDir: string;
+}
+export declare function removeKeychain(keychainFile: string, printWarn?: boolean): Promise<any>;
+export declare function createKeychain({ tmpDir, cscLink, cscKeyPassword, cscILink, cscIKeyPassword, currentDir }: CreateKeychainOptions): Promise<CodeSigningInfo>;
+/** @private */
+export declare function sign(path: string, name: string, keychain: string): Promise<any>;
+export declare let findIdentityRawResult: Promise<Array<string>> | null;
+export declare class Identity {
+    readonly name: string;
+    readonly hash: string;
+    constructor(name: string, hash: string);
+}
+export declare function findIdentity(certType: CertType, qualifier?: string | null, keychain?: string | null): Promise<Identity | null>;

buildfiles/node_modules/app-builder-lib/out/codeSign/macCodeSign.js

@@ -0,0 +1,427 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.isSignAllowed = isSignAllowed;
+exports.reportError = reportError;
+exports.removeKeychain = removeKeychain;
+exports.createKeychain = createKeychain;
+exports.sign = sign;
+exports.findIdentity = findIdentity;
+exports.findIdentityRawResult = exports.appleCertificatePrefixes = void 0;
+
+function _bluebirdLst() {
+  const data = _interopRequireDefault(require("bluebird-lst"));
+
+  _bluebirdLst = function () {
+    return data;
+  };
+
+  return data;
+}
+
+function _util() {
+  const data = require("builder-util/out/util");
+
+  _util = function () {
+    return data;
+  };
+
+  return data;
+}
+
+function _fs() {
+  const data = require("builder-util/out/fs");
+
+  _fs = function () {
+    return data;
+  };
+
+  return data;
+}
+
+function _log() {
+  const data = require("builder-util/out/log");
+
+  _log = function () {
+    return data;
+  };
+
+  return data;
+}
+
+function _crypto() {
+  const data = require("crypto");
+
+  _crypto = function () {
+    return data;
+  };
+
+  return data;
+}
+
+function _fsExtra() {
+  const data = require("fs-extra");
+
+  _fsExtra = function () {
+    return data;
+  };
+
+  return data;
+}
+
+function _lazyVal() {
+  const data = require("lazy-val");
+
+  _lazyVal = function () {
+    return data;
+  };
+
+  return data;
+}
+
+function _os() {
+  const data = require("os");
+
+  _os = function () {
+    return data;
+  };
+
+  return data;
+}
+
+var path = _interopRequireWildcard(require("path"));
+
+function _tempFile() {
+  const data = require("temp-file");
+
+  _tempFile = function () {
+    return data;
+  };
+
+  return data;
+}
+
+function _flags() {
+  const data = require("../util/flags");
+
+  _flags = function () {
+    return data;
+  };
+
+  return data;
+}
+
+function _codesign() {
+  const data = require("./codesign");
+
+  _codesign = function () {
+    return data;
+  };
+
+  return data;
+}
+
+function _getRequireWildcardCache() { if (typeof WeakMap !== "function") return null; var cache = new WeakMap(); _getRequireWildcardCache = function () { return cache; }; return cache; }
+
+function _interopRequireWildcard(obj) { if (obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
+
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+
+const appleCertificatePrefixes = ["Developer ID Application:", "Developer ID Installer:", "3rd Party Mac Developer Application:", "3rd Party Mac Developer Installer:"];
+exports.appleCertificatePrefixes = appleCertificatePrefixes;
+
+function isSignAllowed(isPrintWarn = true) {
+  if (process.platform !== "darwin") {
+    if (isPrintWarn) {
+      _util().log.warn({
+        reason: "supported only on macOS"
+      }, "skipped macOS application code signing");
+    }
+
+    return false;
+  }
+
+  const buildForPrWarning = "There are serious security concerns with CSC_FOR_PULL_REQUEST=true (see the  CircleCI documentation (https://circleci.com/docs/1.0/fork-pr-builds/) for details)" + "\nIf you have SSH keys, sensitive env vars or AWS credentials stored in your project settings and untrusted forks can make pull requests against your repo, then this option isn't for you.";
+
+  if ((0, _util().isPullRequest)()) {
+    if ((0, _util().isEnvTrue)(process.env.CSC_FOR_PULL_REQUEST)) {
+      if (isPrintWarn) {
+        _util().log.warn(buildForPrWarning);
+      }
+    } else {
+      if (isPrintWarn) {
+        // https://github.com/electron-userland/electron-builder/issues/1524
+        _util().log.warn("Current build is a part of pull request, code signing will be skipped." + "\nSet env CSC_FOR_PULL_REQUEST to true to force code signing." + `\n${buildForPrWarning}`);
+      }
+
+      return false;
+    }
+  }
+
+  return true;
+}
+
+async function reportError(isMas, certificateType, qualifier, keychainFile, isForceCodeSigning) {
+  const logFields = {};
+
+  if (qualifier == null) {
+    logFields.reason = "";
+
+    if ((0, _flags().isAutoDiscoveryCodeSignIdentity)()) {
+      logFields.reason += `cannot find valid "${certificateType}" identity${isMas ? "" : ` or custom non-Apple code signing certificate`}`;
+    }
+
+    logFields.reason += ", see https://electron.build/code-signing";
+
+    if (!(0, _flags().isAutoDiscoveryCodeSignIdentity)()) {
+      logFields.CSC_IDENTITY_AUTO_DISCOVERY = false;
+    }
+  } else {
+    logFields.reason = "Identity name is specified, but no valid identity with this name in the keychain";
+    logFields.identity = qualifier;
+  }
+
+  const args = ["find-identity"];
+
+  if (keychainFile != null) {
+    args.push(keychainFile);
+  }
+
+  if (qualifier != null || (0, _flags().isAutoDiscoveryCodeSignIdentity)()) {
+    logFields.allIdentities = (await (0, _util().exec)("security", args)).trim().split("\n").filter(it => !(it.includes("Policy: X.509 Basic") || it.includes("Matching identities"))).join("\n");
+  }
+
+  if (isMas || isForceCodeSigning) {
+    throw new Error(_log().Logger.createMessage("skipped macOS application code signing", logFields, "error", it => it));
+  } else {
+    _util().log.warn(logFields, "skipped macOS application code signing");
+  }
+} // "Note that filename will not be searched to resolve the signing identity's certificate chain unless it is also on the user's keychain search list."
+// but "security list-keychains" doesn't support add - we should 1) get current list 2) set new list - it is very bad http://stackoverflow.com/questions/10538942/add-a-keychain-to-search-list
+// "overly complicated and introduces a race condition."
+// https://github.com/electron-userland/electron-builder/issues/398
+
+
+const bundledCertKeychainAdded = new (_lazyVal().Lazy)(async () => {
+  // copy to temp and then atomic rename to final path
+  const cacheDir = getCacheDirectory();
+  const tmpKeychainPath = path.join(cacheDir, (0, _tempFile().getTempName)("electron-builder-root-certs"));
+  const keychainPath = path.join(cacheDir, "electron-builder-root-certs.keychain");
+  const results = await Promise.all([listUserKeychains(), (0, _fs().copyFile)(path.join(__dirname, "..", "..", "certs", "root_certs.keychain"), tmpKeychainPath).then(() => (0, _fsExtra().rename)(tmpKeychainPath, keychainPath))]);
+  const list = results[0];
+
+  if (!list.includes(keychainPath)) {
+    await (0, _util().exec)("security", ["list-keychains", "-d", "user", "-s", keychainPath].concat(list));
+  }
+});
+
+function getCacheDirectory() {
+  const env = process.env.ELECTRON_BUILDER_CACHE;
+  return (0, _util().isEmptyOrSpaces)(env) ? path.join((0, _os().homedir)(), "Library", "Caches", "electron-builder") : path.resolve(env);
+}
+
+function listUserKeychains() {
+  return (0, _util().exec)("security", ["list-keychains", "-d", "user"]).then(it => it.split("\n").map(it => {
+    const r = it.trim();
+    return r.substring(1, r.length - 1);
+  }).filter(it => it.length > 0));
+}
+
+function removeKeychain(keychainFile, printWarn = true) {
+  return (0, _util().exec)("security", ["delete-keychain", keychainFile]).catch(e => {
+    if (printWarn) {
+      _util().log.warn({
+        file: keychainFile,
+        error: e.stack || e
+      }, "cannot delete keychain");
+    }
+
+    return (0, _fs().unlinkIfExists)(keychainFile);
+  });
+}
+
+async function createKeychain({
+  tmpDir,
+  cscLink,
+  cscKeyPassword,
+  cscILink,
+  cscIKeyPassword,
+  currentDir
+}) {
+  // travis has correct AppleWWDRCA cert
+  if (process.env.TRAVIS !== "true") {
+    await bundledCertKeychainAdded.value;
+  } // https://github.com/electron-userland/electron-builder/issues/3685
+  // use constant file
+
+
+  const keychainFile = path.join(process.env.APP_BUILDER_TMP_DIR || (0, _os().tmpdir)(), `${(0, _crypto().createHash)("sha256").update(currentDir).update("app-builder").digest("hex")}.keychain`); // noinspection JSUnusedLocalSymbols
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
+
+  await removeKeychain(keychainFile, false).catch(_ => {});
+  const certLinks = [cscLink];
+
+  if (cscILink != null) {
+    certLinks.push(cscILink);
+  }
+
+  const certPaths = new Array(certLinks.length);
+  const keychainPassword = (0, _crypto().randomBytes)(32).toString("base64");
+  const securityCommands = [["create-keychain", "-p", keychainPassword, keychainFile], ["unlock-keychain", "-p", keychainPassword, keychainFile], ["set-keychain-settings", keychainFile]]; // https://stackoverflow.com/questions/42484678/codesign-keychain-gets-ignored
+  // https://github.com/electron-userland/electron-builder/issues/1457
+
+  const list = await listUserKeychains();
+
+  if (!list.includes(keychainFile)) {
+    securityCommands.push(["list-keychains", "-d", "user", "-s", keychainFile].concat(list));
+  }
+
+  await Promise.all([// we do not clear downloaded files - will be removed on tmpDir cleanup automatically. not a security issue since in any case data is available as env variables and protected by password.
+  _bluebirdLst().default.map(certLinks, (link, i) => (0, _codesign().downloadCertificate)(link, tmpDir, currentDir).then(it => certPaths[i] = it)), _bluebirdLst().default.mapSeries(securityCommands, it => (0, _util().exec)("security", it))]);
+  return await importCerts(keychainFile, certPaths, [cscKeyPassword, cscIKeyPassword].filter(it => it != null));
+}
+
+async function importCerts(keychainFile, paths, keyPasswords) {
+  for (let i = 0; i < paths.length; i++) {
+    const password = keyPasswords[i];
+    await (0, _util().exec)("security", ["import", paths[i], "-k", keychainFile, "-T", "/usr/bin/codesign", "-T", "/usr/bin/productbuild", "-P", password]); // https://stackoverflow.com/questions/39868578/security-codesign-in-sierra-keychain-ignores-access-control-settings-and-ui-p
+    // https://github.com/electron-userland/electron-packager/issues/701#issuecomment-322315996
+
+    await (0, _util().exec)("security", ["set-key-partition-list", "-S", "apple-tool:,apple:", "-s", "-k", password, keychainFile]);
+  }
+
+  return {
+    keychainFile
+  };
+}
+/** @private */
+
+
+function sign(path, name, keychain) {
+  const args = ["--deep", "--force", "--sign", name, path];
+
+  if (keychain != null) {
+    args.push("--keychain", keychain);
+  }
+
+  return (0, _util().exec)("codesign", args);
+}
+
+let findIdentityRawResult = null;
+exports.findIdentityRawResult = findIdentityRawResult;
+
+async function getValidIdentities(keychain) {
+  function addKeychain(args) {
+    if (keychain != null) {
+      args.push(keychain);
+    }
+
+    return args;
+  }
+
+  let result = findIdentityRawResult;
+
+  if (result == null || keychain != null) {
+    // https://github.com/electron-userland/electron-builder/issues/481
+    // https://github.com/electron-userland/electron-builder/issues/535
+    result = Promise.all([(0, _util().exec)("security", addKeychain(["find-identity", "-v"])).then(it => it.trim().split("\n").filter(it => {
+      for (const prefix of appleCertificatePrefixes) {
+        if (it.includes(prefix)) {
+          return true;
+        }
+      }
+
+      return false;
+    })), (0, _util().exec)("security", addKeychain(["find-identity", "-v", "-p", "codesigning"])).then(it => it.trim().split("\n"))]).then(it => {
+      const array = it[0].concat(it[1]).filter(it => !it.includes("(Missing required extension)") && !it.includes("valid identities found") && !it.includes("iPhone ") && !it.includes("com.apple.idms.appleid.prd.")) // remove 1)
+      .map(it => it.substring(it.indexOf(")") + 1).trim());
+      return Array.from(new Set(array));
+    });
+
+    if (keychain == null) {
+      exports.findIdentityRawResult = findIdentityRawResult = result;
+    }
+  }
+
+  return result;
+}
+
+async function _findIdentity(type, qualifier, keychain) {
+  // https://github.com/electron-userland/electron-builder/issues/484
+  //noinspection SpellCheckingInspection
+  const lines = await getValidIdentities(keychain);
+  const namePrefix = `${type}:`;
+
+  for (const line of lines) {
+    if (qualifier != null && !line.includes(qualifier)) {
+      continue;
+    }
+
+    if (line.includes(namePrefix)) {
+      return parseIdentity(line);
+    }
+  }
+
+  if (type === "Developer ID Application") {
+    // find non-Apple certificate
+    // https://github.com/electron-userland/electron-builder/issues/458
+    l: for (const line of lines) {
+      if (qualifier != null && !line.includes(qualifier)) {
+        continue;
+      }
+
+      if (line.includes("Mac Developer:")) {
+        continue;
+      }
+
+      for (const prefix of appleCertificatePrefixes) {
+        if (line.includes(prefix)) {
+          continue l;
+        }
+      }
+
+      return parseIdentity(line);
+    }
+  }
+
+  return null;
+}
+
+const _Identity = require("../../electron-osx-sign/util-identities").Identity;
+
+function parseIdentity(line) {
+  const firstQuoteIndex = line.indexOf('"');
+  const name = line.substring(firstQuoteIndex + 1, line.lastIndexOf('"'));
+  const hash = line.substring(0, firstQuoteIndex - 1);
+  return new _Identity(name, hash);
+}
+
+function findIdentity(certType, qualifier, keychain) {
+  let identity = qualifier || process.env.CSC_NAME;
+
+  if ((0, _util().isEmptyOrSpaces)(identity)) {
+    if ((0, _flags().isAutoDiscoveryCodeSignIdentity)()) {
+      return _findIdentity(certType, null, keychain);
+    } else {
+      return Promise.resolve(null);
+    }
+  } else {
+    identity = identity.trim();
+
+    for (const prefix of appleCertificatePrefixes) {
+      checkPrefix(identity, prefix);
+    }
+
+    return _findIdentity(certType, identity, keychain);
+  }
+}
+
+function checkPrefix(name, prefix) {
+  if (name.startsWith(prefix)) {
+    throw new (_util().InvalidConfigurationError)(`Please remove prefix "${prefix}" from the specified name — appropriate certificate will be chosen automatically`);
+  }
+} 
+// __ts-babel@6.0.4
+//# sourceMappingURL=macCodeSign.js.map

buildfiles/node_modules/app-builder-lib/out/codeSign/windowsCodeSign.d.ts

@@ -0,0 +1,38 @@
+import { WindowsConfiguration } from "..";
+import { VmManager } from "../vm/vm";
+import { WinPackager } from "../winPackager";
+export declare function getSignVendorPath(): Promise<string>;
+export declare type CustomWindowsSign = (configuration: CustomWindowsSignTaskConfiguration, packager?: WinPackager) => Promise<any>;
+export interface WindowsSignOptions {
+    readonly path: string;
+    readonly name?: string | null;
+    readonly cscInfo?: FileCodeSigningInfo | CertificateFromStoreInfo | null;
+    readonly site?: string | null;
+    readonly options: WindowsConfiguration;
+}
+export interface WindowsSignTaskConfiguration extends WindowsSignOptions {
+    resultOutputPath?: string;
+    hash: string;
+    isNest: boolean;
+}
+export interface CustomWindowsSignTaskConfiguration extends WindowsSignTaskConfiguration {
+    computeSignToolArgs(isWin: boolean): Array<string>;
+}
+export declare function sign(options: WindowsSignOptions, packager: WinPackager): Promise<void>;
+export interface FileCodeSigningInfo {
+    readonly file: string;
+    readonly password: string | null;
+}
+export declare function getCertInfo(file: string, password: string): Promise<CertificateInfo>;
+export interface CertificateInfo {
+    readonly commonName: string;
+    readonly bloodyMicrosoftSubjectDn: string;
+}
+export interface CertificateFromStoreInfo {
+    thumbprint: string;
+    subject: string;
+    store: string;
+    isLocalMachineStore: boolean;
+}
+export declare function getCertificateFromStoreInfo(options: WindowsConfiguration, vm: VmManager): Promise<CertificateFromStoreInfo>;
+export declare function doSign(configuration: CustomWindowsSignTaskConfiguration, packager: WinPackager): Promise<void>;

buildfiles/node_modules/app-builder-lib/out/codeSign/windowsCodeSign.js

@@ -0,0 +1,398 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.getSignVendorPath = getSignVendorPath;
+exports.sign = sign;
+exports.getCertInfo = getCertInfo;
+exports.getCertificateFromStoreInfo = getCertificateFromStoreInfo;
+exports.doSign = doSign;
+exports.isOldWin6 = isOldWin6;
+
+function _util() {
+  const data = require("builder-util/out/util");
+
+  _util = function () {
+    return data;
+  };
+
+  return data;
+}
+
+function _binDownload() {
+  const data = require("../binDownload");
+
+  _binDownload = function () {
+    return data;
+  };
+
+  return data;
+}
+
+function _appBuilder() {
+  const data = require("../util/appBuilder");
+
+  _appBuilder = function () {
+    return data;
+  };
+
+  return data;
+}
+
+function _bundledTool() {
+  const data = require("../util/bundledTool");
+
+  _bundledTool = function () {
+    return data;
+  };
+
+  return data;
+}
+
+function _fsExtra() {
+  const data = require("fs-extra");
+
+  _fsExtra = function () {
+    return data;
+  };
+
+  return data;
+}
+
+function os() {
+  const data = _interopRequireWildcard(require("os"));
+
+  os = function () {
+    return data;
+  };
+
+  return data;
+}
+
+var path = _interopRequireWildcard(require("path"));
+
+function _platformPackager() {
+  const data = require("../platformPackager");
+
+  _platformPackager = function () {
+    return data;
+  };
+
+  return data;
+}
+
+function _flags() {
+  const data = require("../util/flags");
+
+  _flags = function () {
+    return data;
+  };
+
+  return data;
+}
+
+function _vm() {
+  const data = require("../vm/vm");
+
+  _vm = function () {
+    return data;
+  };
+
+  return data;
+}
+
+function _getRequireWildcardCache() { if (typeof WeakMap !== "function") return null; var cache = new WeakMap(); _getRequireWildcardCache = function () { return cache; }; return cache; }
+
+function _interopRequireWildcard(obj) { if (obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
+
+function getSignVendorPath() {
+  return (0, _binDownload().getBin)("winCodeSign");
+}
+
+async function sign(options, packager) {
+  let hashes = options.options.signingHashAlgorithms; // msi does not support dual-signing
+
+  if (options.path.endsWith(".msi")) {
+    hashes = [hashes != null && !hashes.includes("sha1") ? "sha256" : "sha1"];
+  } else if (options.path.endsWith(".appx")) {
+    hashes = ["sha256"];
+  } else if (hashes == null) {
+    hashes = ["sha1", "sha256"];
+  } else {
+    hashes = Array.isArray(hashes) ? hashes : [hashes];
+  }
+
+  const executor = (0, _platformPackager().resolveFunction)(options.options.sign, "sign") || doSign;
+  let isNest = false;
+
+  for (const hash of hashes) {
+    const taskConfiguration = { ...options,
+      hash,
+      isNest
+    };
+    await executor({ ...taskConfiguration,
+      computeSignToolArgs: isWin => computeSignToolArgs(taskConfiguration, isWin)
+    }, packager);
+    isNest = true;
+
+    if (taskConfiguration.resultOutputPath != null) {
+      await (0, _fsExtra().rename)(taskConfiguration.resultOutputPath, options.path);
+    }
+  }
+}
+
+async function getCertInfo(file, password) {
+  let result = null;
+  const errorMessagePrefix = "Cannot extract publisher name from code signing certificate. As workaround, set win.publisherName. Error: ";
+
+  try {
+    result = await (0, _appBuilder().executeAppBuilderAsJson)(["certificate-info", "--input", file, "--password", password]);
+  } catch (e) {
+    throw new Error(`${errorMessagePrefix}${e.stack || e}`);
+  }
+
+  if (result.error != null) {
+    // noinspection ExceptionCaughtLocallyJS
+    throw new (_util().InvalidConfigurationError)(`${errorMessagePrefix}${result.error}`);
+  }
+
+  return result;
+}
+
+async function getCertificateFromStoreInfo(options, vm) {
+  const certificateSubjectName = options.certificateSubjectName;
+  const certificateSha1 = options.certificateSha1 ? options.certificateSha1.toUpperCase() : options.certificateSha1; // ExcludeProperty doesn't work, so, we cannot exclude RawData, it is ok
+  // powershell can return object if the only item
+
+  const rawResult = await vm.exec("powershell.exe", ["Get-ChildItem -Recurse Cert: -CodeSigningCert | Select-Object -Property Subject,PSParentPath,Thumbprint | ConvertTo-Json -Compress"]);
+  const certList = rawResult.length === 0 ? [] : (0, _util().asArray)(JSON.parse(rawResult));
+
+  for (const certInfo of certList) {
+    if (certificateSubjectName != null && !certInfo.Subject.includes(certificateSubjectName) || certificateSha1 != null && certInfo.Thumbprint.toUpperCase() !== certificateSha1) {
+      continue;
+    }
+
+    const parentPath = certInfo.PSParentPath;
+    const store = parentPath.substring(parentPath.lastIndexOf("\\") + 1);
+
+    _util().log.debug({
+      store,
+      PSParentPath: parentPath
+    }, "auto-detect certificate store"); // https://github.com/electron-userland/electron-builder/issues/1717
+
+
+    const isLocalMachineStore = parentPath.includes("Certificate::LocalMachine");
+
+    _util().log.debug(null, "auto-detect using of LocalMachine store");
+
+    return {
+      thumbprint: certInfo.Thumbprint,
+      subject: certInfo.Subject,
+      store,
+      isLocalMachineStore
+    };
+  }
+
+  throw new Error(`Cannot find certificate ${certificateSubjectName || certificateSha1}, all certs: ${rawResult}`);
+}
+
+async function doSign(configuration, packager) {
+  // https://github.com/electron-userland/electron-builder/pull/1944
+  const timeout = parseInt(process.env.SIGNTOOL_TIMEOUT, 10) || 10 * 60 * 1000;
+  let tool;
+  let args;
+  let env = process.env;
+  let vm;
+
+  if (configuration.path.endsWith(".appx") || !("file" in configuration.cscInfo)
+  /* certificateSubjectName and other such options */
+  ) {
+      vm = await packager.vm.value;
+      tool = getWinSignTool(await getSignVendorPath());
+      args = computeSignToolArgs(configuration, true, vm);
+    } else {
+    vm = new (_vm().VmManager)();
+    const toolInfo = await getToolPath();
+    tool = toolInfo.path;
+    args = configuration.computeSignToolArgs(process.platform === "win32");
+
+    if (toolInfo.env != null) {
+      env = toolInfo.env;
+    }
+  }
+
+  try {
+    await vm.exec(tool, args, {
+      timeout,
+      env
+    });
+  } catch (e) {
+    if (e.message.includes("The file is being used by another process") || e.message.includes("The specified timestamp server either could not be reached")) {
+      _util().log.warn(`First attempt to code sign failed, another attempt will be made in 15 seconds: ${e.message}`);
+
+      await new Promise((resolve, reject) => {
+        setTimeout(() => {
+          vm.exec(tool, args, {
+            timeout,
+            env
+          }).then(resolve).catch(reject);
+        }, 15000);
+      });
+    }
+
+    throw e;
+  }
+} // on windows be aware of http://stackoverflow.com/a/32640183/1910191
+
+
+function computeSignToolArgs(options, isWin, vm = new (_vm().VmManager)()) {
+  const inputFile = vm.toVmFile(options.path);
+  const outputPath = isWin ? inputFile : getOutputPath(inputFile, options.hash);
+
+  if (!isWin) {
+    options.resultOutputPath = outputPath;
+  }
+
+  const args = isWin ? ["sign"] : ["-in", inputFile, "-out", outputPath];
+
+  if (process.env.ELECTRON_BUILDER_OFFLINE !== "true") {
+    const timestampingServiceUrl = options.options.timeStampServer || "http://timestamp.digicert.com";
+
+    if (isWin) {
+      args.push(options.isNest || options.hash === "sha256" ? "/tr" : "/t", options.isNest || options.hash === "sha256" ? options.options.rfc3161TimeStampServer || "http://timestamp.digicert.com" : timestampingServiceUrl);
+    } else {
+      args.push("-t", timestampingServiceUrl);
+    }
+  }
+
+  const certificateFile = options.cscInfo.file;
+
+  if (certificateFile == null) {
+    const cscInfo = options.cscInfo;
+    const subjectName = cscInfo.thumbprint;
+
+    if (!isWin) {
+      throw new Error(`${subjectName == null ? "certificateSha1" : "certificateSubjectName"} supported only on Windows`);
+    }
+
+    args.push("/sha1", cscInfo.thumbprint);
+    args.push("/s", cscInfo.store);
+
+    if (cscInfo.isLocalMachineStore) {
+      args.push("/sm");
+    }
+  } else {
+    const certExtension = path.extname(certificateFile);
+
+    if (certExtension === ".p12" || certExtension === ".pfx") {
+      args.push(isWin ? "/f" : "-pkcs12", vm.toVmFile(certificateFile));
+    } else {
+      throw new Error(`Please specify pkcs12 (.p12/.pfx) file, ${certificateFile} is not correct`);
+    }
+  }
+
+  if (!isWin || options.hash !== "sha1") {
+    args.push(isWin ? "/fd" : "-h", options.hash);
+
+    if (isWin && process.env.ELECTRON_BUILDER_OFFLINE !== "true") {
+      args.push("/td", "sha256");
+    }
+  }
+
+  if (options.name) {
+    args.push(isWin ? "/d" : "-n", options.name);
+  }
+
+  if (options.site) {
+    args.push(isWin ? "/du" : "-i", options.site);
+  } // msi does not support dual-signing
+
+
+  if (options.isNest) {
+    args.push(isWin ? "/as" : "-nest");
+  }
+
+  const password = options.cscInfo == null ? null : options.cscInfo.password;
+
+  if (password) {
+    args.push(isWin ? "/p" : "-pass", password);
+  }
+
+  if (options.options.additionalCertificateFile) {
+    args.push(isWin ? "/ac" : "-ac", vm.toVmFile(options.options.additionalCertificateFile));
+  }
+
+  const httpsProxyFromEnv = process.env.HTTPS_PROXY;
+
+  if (!isWin && httpsProxyFromEnv != null && httpsProxyFromEnv.length) {
+    args.push("-p", httpsProxyFromEnv);
+  }
+
+  if (isWin) {
+    // https://github.com/electron-userland/electron-builder/issues/2875#issuecomment-387233610
+    args.push("/debug"); // must be last argument
+
+    args.push(inputFile);
+  }
+
+  return args;
+}
+
+function getOutputPath(inputPath, hash) {
+  const extension = path.extname(inputPath);
+  return path.join(path.dirname(inputPath), `${path.basename(inputPath, extension)}-signed-${hash}${extension}`);
+}
+/** @internal */
+
+
+function isOldWin6() {
+  const winVersion = os().release();
+  return winVersion.startsWith("6.") && !winVersion.startsWith("6.3");
+}
+
+function getWinSignTool(vendorPath) {
+  // use modern signtool on Windows Server 2012 R2 to be able to sign AppX
+  if (isOldWin6()) {
+    return path.join(vendorPath, "windows-6", "signtool.exe");
+  } else {
+    return path.join(vendorPath, "windows-10", process.arch, "signtool.exe");
+  }
+}
+
+async function getToolPath() {
+  if ((0, _flags().isUseSystemSigncode)()) {
+    return {
+      path: "osslsigncode"
+    };
+  }
+
+  const result = process.env.SIGNTOOL_PATH;
+
+  if (result) {
+    return {
+      path: result
+    };
+  }
+
+  const vendorPath = await getSignVendorPath();
+
+  if (process.platform === "win32") {
+    // use modern signtool on Windows Server 2012 R2 to be able to sign AppX
+    return {
+      path: getWinSignTool(vendorPath)
+    };
+  } else if (process.platform === "darwin") {
+    const toolDirPath = path.join(vendorPath, process.platform, "10.12");
+    return {
+      path: path.join(toolDirPath, "osslsigncode"),
+      env: (0, _bundledTool().computeToolEnv)([path.join(toolDirPath, "lib")])
+    };
+  } else {
+    return {
+      path: path.join(vendorPath, process.platform, "osslsigncode")
+    };
+  }
+} 
+// __ts-babel@6.0.4
+//# sourceMappingURL=windowsCodeSign.js.map