Create needed Cert during build (#29)

Author: joelangeway

.gitignore

@@ -5,3 +5,5 @@ out/
 .env
 assets/cert/cert.key
 assets/cert/cert.crt
+assets/cert/cert.pem
+assets/cert/key.pem

README.md

@@ -46,6 +46,18 @@ echo '{"command":"passcode", "message":"'$PASSCODE'"}' | websocat -k wss://local
 
 This will create a single executable in the `dist` folder for the specific platform you're running on.
 
+## But MacOS says it's damaged
+
+- Because MacOS is often (wisely) configured only to run apps siged by authors registered with Apple, it often won't even ask if you'd like to run a perfectly valid application. If you built an apple app distribution and it says
+
+    "gpg-bridge.app" is damaged and can't be opened. You should move it to the Trash.
+    
+when you try to run it, don't worry, the build probably worked, MacOS is just trying to keep you safe. Open a terminal and run:
+
+    xattr -d com.apple.quarantine /path/to/gpg-bridge.app
+
+
+
 ## TODO
 
 - [x] Should show itself in the system tray.

certs.js

@@ -0,0 +1,79 @@
+const path = require("path");
+const fs = require("fs");
+
+const keyNameRegex = /^cert(?:ificate)?\.key$|^key\.pem$/i;
+const certNameRegex = /^cert(?:ificate)?\.(?:crt|pem)$/i;
+
+const assetsDir = path.join(__dirname, 'assets');
+
+function findCertificates() {
+  const certDir = path.join(assetsDir, 'cert');
+  const candidates = fs.readdirSync(certDir);
+  const keyNames = candidates.filter(name => keyNameRegex.test(name));
+  const certNames = candidates.filter(name => certNameRegex.test(name));
+  
+  const errors = [];
+  for (const [a, b] of [[keyNames, 'key'], [certNames, 'certificate']]) {
+    if (a.length === 0) {
+      errors.push(`No ${b} file.`); 
+    } else if (a.length > 1) {
+      errors.push(`Multiple ${b} files.`); 
+    }
+  }
+
+  if (keyNames.length === 0 && certNames.length === 0) {
+    return {noCertFiles: true, badCertFiles: false, certDir, keyFilename: null, certFilename: null, errors}
+  }
+  if (errors.length > 0) {
+    return {noCertFiles: false, badCertFiles: true, certDir, keyFilename: null, certFilename: null, errors}
+  }
+
+  const keyFilename = path.join(certDir, keyNames[0]);
+  const certFilename = path.join(certDir, certNames[0]);
+  return {keyFilename, certFilename, noCertFiles: false, badCertFiles: false, certDir, errors};
+}
+
+function loadCertificates() {
+  const result = findCertificates();
+  if (result.noCertFiles) {
+    throw new Error(`No certificate files found in '${result.certDir}'.`);
+  }
+  if (result.badCertFiles) {
+    throw new Error(`Ambiguous or incomplete certificate files found in '${result.certDir}'. ${result.errors.join(' ')}`);
+  }
+  const [privateKey, certificate] = [
+    fs.readFileSync(result.keyFilename, 'utf8'),
+    fs.readFileSync(result.certFilename, 'utf8'),
+  ];
+  return {privateKey, certificate};
+}
+
+function createCertificates() {
+  const result = findCertificates();
+  if (result.badCertFiles) {
+    const msg = `Ambiguous or incomplete certificate files found in '${result.certDir}'. ${result.errors.join(' ')}`;
+    console.error(msg);
+    console.error('Throwing error because the built app will likely fail.')
+    throw new Error(msg);
+  }
+  if (!result.noCertFiles) {
+    console.log('INFO Certificate files already present. NOT creating certificates.');
+    return;
+  }
+  console.log('INFO Creating self signed certificate.');
+  const selfsigned = require('selfsigned');
+  const pems = selfsigned.generate([
+    { shortName: 'ST', value: 'Texas' },
+    { name: 'countryName', value: 'US' },
+    { name: 'localityName', value: 'Austin' },
+    { name: 'organizationName', value: 'Unchained' },
+    { name: 'commonName', value: 'GPG-Bridge' },
+  ], {});
+  
+  const certDir = path.join(assetsDir, 'cert');
+  fs.writeFileSync(path.join(certDir, 'key.pem'), pems.private);
+  fs.writeFileSync(path.join(certDir, 'cert.pem'), pems.cert);
+}
+
+module.exports = {loadCertificates, createCertificates};
+

forge.config.js

@@ -4,6 +4,10 @@ const pkg = require("./package.json")
 const { FusesPlugin } = require("@electron-forge/plugin-fuses");
 const { FuseV1Options, FuseVersion } = require("@electron/fuses");
 
+const {createCertificates } = require('./certs.js');
+
+createCertificates();
+
 module.exports = {
   packagerConfig: {
     asar: false,

main.js

@@ -9,6 +9,8 @@ const { createServer } = require('https');
 const tmp = require("tmp-promise")
 const isMac = process.platform === 'darwin'
 
+const { loadCertificates } = require('./certs.js');
+
 tmp.setGracefulCleanup()
 
 // Temporary directory location
@@ -152,26 +154,6 @@ let httpsServer;
 const assetsDir = path.join(__dirname, 'assets');
 console.log('INFO assetsDir =', assetsDir);
 
-const keyNameRegex = /^cert(?:ificate)?\.key$|^key\.pem$/i;
-const certNameRegex = /^cert(?:ificate)?\.(?:crt|pem)$/i;
-async function loadCertificates() {
-  const certDir = path.join(assetsDir, 'cert');
-  const candidates = await fs.readdir(certDir);
-  const keyname = candidates.find(name => keyNameRegex.test(name));
-  const certname = candidates.find(name => certNameRegex.test(name));
-  if (!keyname) {
-    throw new Error('Expected file `assets/cert/cert.key` not found.');
-  }
-  if (!certname) {
-    throw new Error('Expected file `assets/cert/cert.crt` not found.');
-  }
-  const [privateKey, certificate] = await Promise.all([
-    fs.readFile(path.join(certDir, keyname), 'utf8'),
-    fs.readFile(path.join(certDir, certname), 'utf8'),
-  ]);
-  return {privateKey, certificate};
-}
-
 async function setupWebSocketServer() {
   try {
     const {privateKey, certificate} = await loadCertificates();

package-lock.json

@@ -17,6 +17,7 @@
   "dependencies": {
     "electron-squirrel-startup": "^1.0.0",
     "kill-port": "^2.0.1",
+    "selfsigned": "^3.0.1",
     "tmp-promise": "^3.0.3",
     "ws": "^8.18.0",
     "zod": "^3.23.8"
@@ -36,5 +37,7 @@
     "dotenv": "^16.4.5",
     "electron": "^33.0.1"
   },
-  "files": ["assets"]
+  "files": [
+    "assets"
+  ]
 }