#21: Add signature validation during installations [partial]

2019-04-28 11:41:49 -05:00
parent ea0f05bc76
commit b96ee3737e
11 changed files with 146 additions and 67 deletions
--- a/src/helpers.js
+++ b/src/helpers.js
@@ -29,7 +29,7 @@ module.exports.createSignatureFiles = (signature, publicKey) => {
  const signatureFile = path.join(os.tmpdir(), fileName1 + '.sig');
  const publicKeyFile = path.join(os.tmpdir(), fileName2 + '.pub');

-  const buffer = new Buffer(signature, 'base64');
+  const buffer = Buffer.from(signature, 'base64');
  fs.writeFileSync(signatureFile, buffer);
  fs.writeFileSync(publicKeyFile, publicKey);

@@ -544,15 +544,45 @@ module.exports.stopMountProcessSync = (directory, version, storageType) => {
  process.unref();
 };

+module.exports.verifyHash = (file, hash) => {
+  return new Promise((resolve, reject) => {
+    const platform = os.platform();
+    let command;
+    let args;
+    if (platform === 'darwin') {
+      command = 'shasum';
+      args = ['-b', '-a', '256', file];
+    } else if (platform === 'linux') {
+      command = 'sha256sum';
+      args = ['-b', file, '-z'];
+    } else {
+      reject(Error('Platform not supported: ' + os.platform()))
+    }
+    if (command) {
+      execFile(command, args, (err, stdout) => {
+        if (err) {
+          reject(err);
+        } else {
+          const hash2 = stdout.split(' ')[0].trim().toLowerCase();
+          if (hash2 === hash.toLowerCase()) {
+            resolve(hash2);
+          } else {
+            reject(Error('Checksum failed for file'));
+          }
+        }
+      });
+    }
+  });
+};
+
 module.exports.verifySignature = (file, signatureFile, publicKeyFile) => {
  return new Promise((resolve, reject) => {
    const executeVerify = openssl => {
-      //openssl dgst -sha256 -verify $pubkeyfile -signature signature.sig file
-      execFile(openssl, ['dgst', '-sha256', '-verify', publicKeyFile, '-signature', signatureFile], res => {
-        if (res.code !== 0) {
-          reject(res);
+      execFile(openssl, ['dgst', '-sha256', '-verify', publicKeyFile, '-signature', signatureFile, file], (err, stdout) => {
+        if (err) {
+          reject(err);
        } else {
-          resolve();
+          resolve(stdout);
        }
      });
    };
@@ -575,45 +605,13 @@ module.exports.verifySignature = (file, signatureFile, publicKeyFile) => {
            }
          });
        } else {
-          reject('Failed to locate \'openssl.exe\'');
+          reject(Error('Failed to locate \'openssl.exe\''));
        }
      });
    } else if (os.platform() === 'linux') {
      executeVerify('openssl');
    } else {
-      reject('Platform not supported: ' + os.platform())
-    }
-  });
-};
-
-module.exports.verifyHash = (file, hash) => {
-  return new Promise((resolve, reject) => {
-    const platform = os.platform();
-    let command;
-    let args;
-    if (platform === 'darwin') {
-      command = 'shasum';
-      args = ['-b', '-a', '256', file];
-    } else if (platform === 'linux') {
-      command = 'sha256sum';
-      args = ['-b', file, '-z'];
-    }
-    else {
-      reject('Platform not supported: ' + os.platform())
-    }
-    if (command) {
-      execFile(command, args, (err, stdout) => {
-        if (err) {
-          reject(err);
-        } else {
-          const hash2 = stdout.split(' ')[0].trim().toLowerCase();
-          if (hash2 === hash.toLowerCase()) {
-            resolve();
-          } else {
-            reject('Checksum failed for file');
-          }
-        }
-      });
+      reject(Error('Platform not supported: ' + os.platform()))
    }
  });
 };