From b1b2ca1e4ba42342071da666c11cecb4cb405034 Mon Sep 17 00:00:00 2001
From: JonLuca De Caro <jonluca.decaro@gmail.com>
Date: Tue, 14 Nov 2023 12:38:54 -0800
Subject: [PATCH] feat: add codesign verification and assessment prior to
 notarizing (#152)

* feat: add spctl and codesign verificatin prior to stapling

* fix output

* fix output

* chore: resolve comments

* Update src/check-signature.ts

* chore: fix lint

* chore: address comments

---------

Co-authored-by: Erick Zhao <erick@hotmail.ca>
Co-authored-by: David Sanders <dsanders11@ucsbalum.com>
---
 src/check-signature.ts | 44 ++++++++++++++++++++++++++++++++++++++++++
 src/index.ts           |  3 +++
 2 files changed, 47 insertions(+)
 create mode 100644 src/check-signature.ts

diff --git a/src/check-signature.ts b/src/check-signature.ts
new file mode 100644
index 0000000..1dfec7f
--- /dev/null
+++ b/src/check-signature.ts
@@ -0,0 +1,44 @@
+import * as path from 'path';
+
+import { spawn } from './spawn';
+import { NotarizeStapleOptions } from './types';
+import debug from 'debug';
+const d = debug('electron-notarize');
+
+const codesignDisplay = async (opts: NotarizeStapleOptions) => {
+  const result = await spawn('codesign', ['-dv', '-vvvv', '--deep', path.basename(opts.appPath)], {
+    cwd: path.dirname(opts.appPath),
+  });
+  return result;
+};
+
+const codesign = async (opts: NotarizeStapleOptions) => {
+  d('attempting to check codesign of app:', opts.appPath);
+  const result = await spawn(
+    'codesign',
+    ['-vvv', '--deep', '--strict', path.basename(opts.appPath)],
+    {
+      cwd: path.dirname(opts.appPath),
+    },
+  );
+
+  return result;
+};
+export async function checkSignatures(opts: NotarizeStapleOptions): Promise<void> {
+  const [codesignResult, codesignInfo] = await Promise.all([codesign(opts), codesignDisplay(opts)]);
+  let error = '';
+
+  if (codesignInfo.code !== 0) {
+    d('codesignInfo failed');
+    error = `Failed to display codesign info on your application with code: ${codesignInfo.code}\n\n${codesignInfo.output}\n`;
+  }
+  if (codesignResult.code !== 0) {
+    d('codesign check failed');
+    error += `Failed to codesign your application with code: ${codesignResult.code}\n\n${codesignResult.output}\n\n${codesignInfo.output}`;
+  }
+
+  if (error) {
+    throw new Error(error);
+  }
+  d('codesign assess succeeded');
+}
diff --git a/src/index.ts b/src/index.ts
index 4932b23..48fe71f 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -1,6 +1,7 @@
 import debug from 'debug';
 import retry from 'promise-retry';
 
+import { checkSignatures } from './check-signature';
 import { delay } from './helpers';
 import { startLegacyNotarize, waitForLegacyNotarize } from './legacy';
 import { isNotaryToolAvailable, notarizeAndWaitForNotaryTool } from './notarytool';
@@ -14,6 +15,8 @@ export { NotarizeOptions };
 export { validateLegacyAuthorizationArgs as validateAuthorizationArgs } from './validate-args';
 
 export async function notarize({ appPath, ...otherOptions }: NotarizeOptions) {
+  await checkSignatures({ appPath });
+
   if (otherOptions.tool === 'legacy') {
     console.warn(
       'Notarizing using the legacy altool system. The altool system will be disabled on November 1 2023. Please switch to the notarytool system before then.',