fix: OS X code signing — cert type prefix must be added, restore non-…

…Apple cert support Closes #458
electron-userland · Jun 6, 2016 · 97e16a2 · 97e16a2
1 parent aea6505
commit 97e16a2
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 13 deletions.
diff --git a/src/codeSign.ts b/src/codeSign.ts
@@ -11,6 +11,10 @@ import { homedir } from "os"
 //noinspection JSUnusedLocalSymbols
 const __awaiter = require("./awaiter")
 
+export const appleCertificatePrefixes = ["Developer ID Application:", "3rd Party Mac Developer Application:", "Developer ID Installer:", "3rd Party Mac Developer Installer:"]
+
+export type CertType = "Developer ID Application" | "3rd Party Mac Developer Application" | "Developer ID Installer" | "3rd Party Mac Developer Installer"
+
 export interface CodeSigningInfo {
   name: string
   keychainName?: string | null
@@ -153,22 +157,42 @@ export function downloadCertificate(cscLink: string): Promise<string> {
     .thenReturn(certPath)
 }
 
-let findIdentityRawResult: Promise<string> | null = null
+export let findIdentityRawResult: Promise<string> | null = null
 
-export async function findIdentity(namePrefix: string, qualifier?: string): Promise<string | null> {
+export async function findIdentity(namePrefix: CertType, qualifier?: string): Promise<string | null> {
   if (findIdentityRawResult == null) {
-    findIdentityRawResult = exec("security", ["find-identity", "-v", "-p", "codesigning"])
+      findIdentityRawResult = exec("security", ["find-identity", "-v", "-p", "codesigning"])
   }
 
-  const lines = (await findIdentityRawResult).split("\n")
+  const lines = (await findIdentityRawResult).trim().split("\n")
+  // ignore last line valid identities found
+  lines.length = lines.length - 1
+
   for (let line of lines) {
     if (qualifier != null && !line.includes(qualifier)) {
       continue
     }
 
-    const location = line.indexOf(namePrefix)
-    if (location >= 0) {
-      return line.substring(location, line.lastIndexOf('"'))
+    if (line.includes(namePrefix)) {
+      return line.substring(line.indexOf('"') + 1, line.lastIndexOf('"'))
+    }
+  }
+
+  if (namePrefix === "Developer ID Application") {
+    // find non-Apple certificate
+    // https://github.com/electron-userland/electron-builder/issues/458
+    l: for (let line of lines) {
+      if (qualifier != null && !line.includes(qualifier)) {
+        continue
+      }
+
+      for (let prefix of appleCertificatePrefixes) {
+        if (line.includes(prefix)) {
+          continue l
+        }
+      }
+
+      return line.substring(line.indexOf('"') + 1, line.lastIndexOf('"'))
     }
   }
   return null

diff --git a/src/osxPackager.ts b/src/osxPackager.ts
@@ -3,7 +3,7 @@ import { Platform, OsXBuildOptions, MasBuildOptions, Arch } from "./metadata"
 import * as path from "path"
 import { Promise as BluebirdPromise } from "bluebird"
 import { log, debug, warn, isEmptyOrSpaces } from "./util"
-import { createKeychain, deleteKeychain, CodeSigningInfo, generateKeychainName, findIdentity } from "./codeSign"
+import { createKeychain, deleteKeychain, CodeSigningInfo, generateKeychainName, findIdentity, appleCertificatePrefixes, CertType } from "./codeSign"
 import deepAssign = require("deep-assign")
 import { signAsync, flatAsync, BaseSignOptions, SignOptions, FlatOptions } from "electron-osx-sign-tf"
 
@@ -59,17 +59,16 @@ export default class OsXPackager extends PlatformPackager<OsXBuildOptions> {
     }
   }
 
-  private static async findIdentity(certType: string, name?: string | null): Promise<string | null> {
+  private static async findIdentity(certType: CertType, name?: string | null): Promise<string | null> {
     let identity = process.env.CSC_NAME || name
     if (isEmptyOrSpaces(identity)) {
       return await findIdentity(certType)
     }
     else {
       identity = identity.trim()
-      checkPrefix(identity, "Developer ID Application:")
-      checkPrefix(identity, "3rd Party Mac Developer Application:")
-      checkPrefix(identity, "Developer ID Installer:")
-      checkPrefix(identity, "3rd Party Mac Developer Installer:")
+      for (let prefix of appleCertificatePrefixes) {
+        checkPrefix(identity, prefix)
+      }
       const result = await findIdentity(certType, identity)
       if (result == null) {
         throw new Error(`Identity name "${identity}" is specified, but no valid identity with this name in the keychain`)