Skip to content
This repository was archived by the owner on Dec 16, 2023. It is now read-only.
This repository was archived by the owner on Dec 16, 2023. It is now read-only.

Signing fails without key file #44

Open
Open
Signing fails without key file#44
@Vortec4800

Description

@Vortec4800
Vortec4800
opened on Nov 23, 2015

When running the prepare-keys command, a file called pass.pem is generated which appears to be the key for the certificate. In the pass.js file where the signing actually happens, it seems like this file is never referenced or used. Running the function causes an error complaining about opening the signing file.

I was able to fix the issue by adding the key argument to the sign function. Here is the code as it currently is in the repository:

function signManifest(template, manifest, callback) {
  var identifier = template.passTypeIdentifier().replace(/^pass./, "");

  var args = [
    "smime",
    "-sign", "-binary",
    "-signer",    Path.resolve(template.keysPath, identifier + ".pem"),
    "-certfile",  Path.resolve(template.keysPath, "wwdr.pem"),
    "-passin",    "pass:" + template.password
  ];
  var sign = execFile("openssl", args, { stdio: "pipe" }, function(error, stdout, stderr) {
    var trimmedStderr = stderr.trim(); 
    // Windows outputs some unhelpful error messages, but still produces a valid signature
    if (error || (trimmedStderr && trimmedStderr.indexOf('- done') < 0)) {
      callback(new Error(stderr));
    } else {
      var signature = stdout.split(/\n\n/)[3];
      callback(null, new Buffer(signature, "base64"));
    }
  });
  sign.stdin.write(manifest);
  sign.stdin.end();
}

And here is my modified code:

function signManifest(template, manifest, callback) {
  var identifier = template.passTypeIdentifier().replace(/^pass./, "");

  var args = [
    "smime",
    "-sign", "-binary",
    "-signer",    Path.resolve(template.keysPath, identifier + ".pem"),
    "-certfile",  Path.resolve(template.keysPath, "wwdr.pem"),
    "-inkey",  Path.resolve(template.keysPath, "pass.pem"),
    "-passin",    "pass:" + template.password
  ];
  var sign = execFile("openssl", args, { stdio: "pipe" }, function(error, stdout, stderr) {
    var trimmedStderr = stderr.trim(); 
    // Windows outputs some unhelpful error messages, but still produces a valid signature
    if (error || (trimmedStderr && trimmedStderr.indexOf('- done') < 0)) {
      callback(new Error(stderr));
    } else {
      var signature = stdout.split(/\n\n/)[3];
      callback(null, new Buffer(signature, "base64"));
    }
  });
  sign.stdin.write(manifest);
  sign.stdin.end();
}

Notice the addition of the "-inkey", Path.resolve(template.keysPath, "pass.pem"), line added to the arguments.

Is this a necessary fix for the library? Or is there another problem that this is essentially bypassing? With my fix above, everything works as expected. But I would prefer to use the version from npm as opposed to using a version with my modifications.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions