Skip to content
This repository has been archived by the owner on Dec 16, 2023. It is now read-only.

Signing fails without key file #44

Open
Vortec4800 opened this issue Nov 23, 2015 · 1 comment
Open

Signing fails without key file #44

Vortec4800 opened this issue Nov 23, 2015 · 1 comment

Comments

@Vortec4800
Copy link

When running the prepare-keys command, a file called pass.pem is generated which appears to be the key for the certificate. In the pass.js file where the signing actually happens, it seems like this file is never referenced or used. Running the function causes an error complaining about opening the signing file.

I was able to fix the issue by adding the key argument to the sign function. Here is the code as it currently is in the repository:

function signManifest(template, manifest, callback) {
  var identifier = template.passTypeIdentifier().replace(/^pass./, "");

  var args = [
    "smime",
    "-sign", "-binary",
    "-signer",    Path.resolve(template.keysPath, identifier + ".pem"),
    "-certfile",  Path.resolve(template.keysPath, "wwdr.pem"),
    "-passin",    "pass:" + template.password
  ];
  var sign = execFile("openssl", args, { stdio: "pipe" }, function(error, stdout, stderr) {
    var trimmedStderr = stderr.trim(); 
    // Windows outputs some unhelpful error messages, but still produces a valid signature
    if (error || (trimmedStderr && trimmedStderr.indexOf('- done') < 0)) {
      callback(new Error(stderr));
    } else {
      var signature = stdout.split(/\n\n/)[3];
      callback(null, new Buffer(signature, "base64"));
    }
  });
  sign.stdin.write(manifest);
  sign.stdin.end();
}

And here is my modified code:

function signManifest(template, manifest, callback) {
  var identifier = template.passTypeIdentifier().replace(/^pass./, "");

  var args = [
    "smime",
    "-sign", "-binary",
    "-signer",    Path.resolve(template.keysPath, identifier + ".pem"),
    "-certfile",  Path.resolve(template.keysPath, "wwdr.pem"),
    "-inkey",  Path.resolve(template.keysPath, "pass.pem"),
    "-passin",    "pass:" + template.password
  ];
  var sign = execFile("openssl", args, { stdio: "pipe" }, function(error, stdout, stderr) {
    var trimmedStderr = stderr.trim(); 
    // Windows outputs some unhelpful error messages, but still produces a valid signature
    if (error || (trimmedStderr && trimmedStderr.indexOf('- done') < 0)) {
      callback(new Error(stderr));
    } else {
      var signature = stdout.split(/\n\n/)[3];
      callback(null, new Buffer(signature, "base64"));
    }
  });
  sign.stdin.write(manifest);
  sign.stdin.end();
}

Notice the addition of the "-inkey", Path.resolve(template.keysPath, "pass.pem"), line added to the arguments.

Is this a necessary fix for the library? Or is there another problem that this is essentially bypassing? With my fix above, everything works as expected. But I would prefer to use the version from npm as opposed to using a version with my modifications.
@OussamaRomdhane
Copy link

OussamaRomdhane commented Mar 21, 2017
edited
Loading

I forked this repository and done exactly that. Thank you so much for this solution 💯

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Vortec4800 @OussamaRomdhane