[#21: Add signature validation during installations [partial]] [Updated packages] [Removed Hyperspace] [Updated README]

src/helpers.js

@@ -5,6 +5,7 @@ const axios = require('axios/index');
 const exec = require('child_process').exec;
 const spawn = require('child_process').spawn;
 const Constants = require('./constants');
+const RandomString = require('randomstring');
 
 const tryParse = (j, def) => {
   try {
@@ -14,6 +15,29 @@ const tryParse = (j, def) => {
   }
 };
 
+module.exports.createSignatureFiles = (signature, publicKey) => {
+  const fileName1 = RandomString.generate({
+    length: 12,
+    charset: 'alphabetic'
+  });
+  const fileName2 = RandomString.generate({
+    length: 12,
+    charset: 'alphabetic'
+  });
+
+  const signatureFile = path.join(os.tmpdir(), fileName1 + '.sig');
+  const publicKeyFile = path.join(os.tmpdir(), fileName2 + '.pub');
+
+  const buffer = new Buffer(signature, 'base64');
+  fs.writeFileSync(signatureFile, buffer);
+  fs.writeFileSync(publicKeyFile, publicKey);
+
+  return {
+    PublicKeyFile: publicKeyFile,
+    SignatureFile: signatureFile,
+  };
+};
+
 module.exports.detectRepertoryMounts = (directory, version) => {
   return new Promise((resolve, reject) => {
     const processOptions = {
@@ -93,13 +117,13 @@ module.exports.downloadFile = (url, destination, progressCallback, completeCallb
     });
 };
 
-module.exports.executeAndWait = command => {
+module.exports.executeAndWait = (command, ignoreResult) => {
   return new Promise((resolve, reject) => {
     const retryExecute = (count, lastError) => {
       if (++count <= 5) {
-        exec(command, (error) => {
+        exec(command, error => {
           if (error) {
-            if (error.code === 1) {
+            if (!ignoreResult && (error.code === 1)) {
               setTimeout(() => {
                 retryExecute(count, error);
               }, 1000);
@@ -517,4 +541,59 @@ module.exports.stopMountProcessSync = (directory, version, storageType) => {
 
   const process = new spawn(command, args, processOptions);
   process.unref();
+};
+
+module.exports.verifySignature = (file, signatureFile, publicKeyFile) => {
+  return new Promise((resolve, reject) => {
+    const executeVerify = openssl => {
+      //openssl dgst -sha256 -verify $pubkeyfile -signature signature.sig file
+      const command = '"' + openssl + '" dgst -sha256 -verify "' + publicKeyFile + '" -signature "' + signatureFile + '"';
+      exec(command, res => {
+        if (res.code !== 0) {
+          reject(res);
+        } else {
+          resolve();
+        }
+      });
+    };
+
+    if (os.platform() === 'win32') {
+      const Registry = require('winreg');
+      const regKey = new Registry({
+        hive: Registry.HKLM,
+        key: 'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\OpenSSL (64-bit)_is1'
+      });
+      regKey.valueExists('InstallLocation', (err, exists) => {
+        if (err) {
+          reject(err);
+        } else if (exists) {
+          regKey.get('InstallLocation', (err, item) => {
+            if (err) {
+              reject(err);
+            } else {
+              const openssl = path.join(item.value(), 'bin', 'openssl.exe');
+              executeVerify(openssl);
+            }
+          });
+        } else {
+          reject('Failed to locate \'openssl.exe\'');
+        }
+      });
+    } else {
+      reject('Platform not supported: ' + os.platform())
+    }
+  });
+};
+
+module.exports.verifyHash = (file, hash) => {
+  return new Promise((resolve, reject) => {
+    if (os.platform() === 'darwin') {
+      reject('Not implemented');
+    } else if (os.platform() === 'linux') {
+      reject('Not implemented');
+    }
+    else {
+      reject('Platform not supported: ' + os.platform())
+    }
+  });
 };