Fall back to system gpg utilities when unable to decode signature
This commit is contained in:
parent
f114febad3
commit
35ef690ea1
@ -249,6 +249,55 @@ function importPrivateKey() {
|
|||||||
}, ".asc");
|
}, ".asc");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Call the native system GPG to "decrypt" a PGP signature. This should work when the hacky "base64 decode and search for strings" method fails.
|
||||||
|
* @param {String} sigdata
|
||||||
|
* @param {Function} callback (string) message, (string) fingerprint, (bool) success
|
||||||
|
* @returns {undefined}
|
||||||
|
*/
|
||||||
|
function readSignatureExternally(sigdata, callback) {
|
||||||
|
const exec = require('child_process').exec;
|
||||||
|
const os = require('os');
|
||||||
|
const process = require('process');
|
||||||
|
|
||||||
|
const sigfilepath = getNewTempFilePath() + ".asc";
|
||||||
|
writeToFile(sigfilepath, sigdata);
|
||||||
|
|
||||||
|
var gpgexecutable = "gpg";
|
||||||
|
switch (os.platform()) {
|
||||||
|
case "win32":
|
||||||
|
// Most systems will have it here
|
||||||
|
gpgexecutable = '"C:\\Program Files (x86)\\gnupg\\bin\\gpg.exe"';
|
||||||
|
if (!fs.existsSync(gpgexecutable)) {
|
||||||
|
// Let's hope it's in %PATH%
|
||||||
|
gpgexecutable = "gpg.exe";
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "linux":
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
var command = gpgexecutable + " -vv --decrypt " + sigfilepath;
|
||||||
|
exec(command, function (error, stdout, stderr) {
|
||||||
|
console.log(stdout);
|
||||||
|
var msg = null;
|
||||||
|
if (stdout.length > 50) {
|
||||||
|
msg = stdout;
|
||||||
|
} else {
|
||||||
|
callback(null, null, false);
|
||||||
|
}
|
||||||
|
|
||||||
|
var keyid = null;
|
||||||
|
var keyidregex = /(keyid|RSA key) ([A-F0-9]+)/;
|
||||||
|
if (keyidregex.test(stderr)) {
|
||||||
|
keyid = stderr.match(keyidregex)[2];
|
||||||
|
}
|
||||||
|
callback(msg, keyid, true);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
function calculateSHA256HashOfBuffer(buffer) {
|
function calculateSHA256HashOfBuffer(buffer) {
|
||||||
const hasha = require('hasha');
|
const hasha = require('hasha');
|
||||||
var hashstr = hasha(Buffer.from(buffer), {algorithm: 'sha256'});
|
var hashstr = hasha(Buffer.from(buffer), {algorithm: 'sha256'});
|
||||||
|
|||||||
@ -94,6 +94,24 @@ function deleteFile(path) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function getBasename(fullpath) {
|
function getBasename(fullpath) {
|
||||||
var path = require("path");
|
const path = require("path");
|
||||||
return path.basename(fullpath);
|
return path.basename(fullpath);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the path to a nonexistent, randomly-named temporary file.
|
||||||
|
* @returns {String}
|
||||||
|
*/
|
||||||
|
function getNewTempFilePath() {
|
||||||
|
const fs = require('fs');
|
||||||
|
const path = require("path");
|
||||||
|
const crypto = require('crypto');
|
||||||
|
const os = require('os');
|
||||||
|
|
||||||
|
const randomname = crypto.randomBytes(6).readUIntLE(0,6).toString(36);
|
||||||
|
var temppath = path.join(os.tmpdir(), "nwjs-app-");
|
||||||
|
|
||||||
|
var folder = fs.mkdtempSync(temppath);
|
||||||
|
|
||||||
|
return path.join(folder, randomname);
|
||||||
|
}
|
||||||
@ -83,8 +83,14 @@ function analyzeSignedPDF() {
|
|||||||
var msg = window.atob(base64).split("START", 2)[1].split("END", 2)[0];
|
var msg = window.atob(base64).split("START", 2)[1].split("END", 2)[0];
|
||||||
parseAndDisplaySignature(msg, pdfhash, false, null);
|
parseAndDisplaySignature(msg, pdfhash, false, null);
|
||||||
} catch (ex) {
|
} catch (ex) {
|
||||||
console.error(ex);
|
readSignatureExternally(sigdata, function (msg, keyprint, ok) {
|
||||||
|
if (!ok) {
|
||||||
showAlert("Error: could not parse signature data.");
|
showAlert("Error: could not parse signature data.");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
parseAndDisplaySignature(msg, pdfhash, false, keyprint);
|
||||||
|
});
|
||||||
|
console.error(ex);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
@ -233,9 +239,14 @@ then run the analyze tool again to prove if it was changed since notarization.")
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (typeof fingerprint == "string") {
|
if (typeof fingerprint == "string") {
|
||||||
|
if (fingerprint.length > 16) {
|
||||||
var fingerprintstart = fingerprint.substr(0, fingerprint.length - 16);
|
var fingerprintstart = fingerprint.substr(0, fingerprint.length - 16);
|
||||||
var fingerprintend = fingerprint.substr(-16);
|
var fingerprintend = fingerprint.substr(-16);
|
||||||
$("#verifyModalDetailedInfoList").append('<li class="list-group-item"><i class="fas fa-fingerprint fa-fw"></i> Signature fingerprint: ' + fingerprintstart + '<b>' + fingerprintend + '</b></li>');
|
} else {
|
||||||
|
var fingerprintstart = "";
|
||||||
|
var fingerprintend = fingerprint;
|
||||||
|
}
|
||||||
|
$("#verifyModalDetailedInfoList").append('<li class="list-group-item"><i class="fas fa-fingerprint fa-fw"></i> Signature key ID: ' + fingerprintstart + '<b>' + fingerprintend + '</b></li>');
|
||||||
}
|
}
|
||||||
new bootstrap.Modal(document.getElementById('verifyModal')).show();
|
new bootstrap.Modal(document.getElementById('verifyModal')).show();
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user