From 6918916fb81f49fa23b59ac0ba569431df78d2d8 Mon Sep 17 00:00:00 2001
From: Paulius Uza <pauliusuza@gmail.com>
Date: Wed, 9 Mar 2016 12:21:03 +0100
Subject: [PATCH] feat: Allow custom .p12 certificates

Closes #216
---
 src/builder.ts          |  3 +++
 src/codeSign.ts         | 14 +++++++-------
 src/macPackager.ts      |  2 +-
 src/platformPackager.ts |  1 +
 4 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/builder.ts b/src/builder.ts
index 30af89fa112..433b69d088a 100644
--- a/src/builder.ts
+++ b/src/builder.ts
@@ -31,6 +31,9 @@ export async function build(options: BuildOptions = {}): Promise<void> {
   if (options.cscLink == null) {
     options.cscLink = process.env.CSC_LINK
   }
+  if (options.csaLink == null) {
+    options.csaLink = process.env.CSA_LINK
+  }
   if (options.cscKeyPassword == null) {
     options.cscKeyPassword = process.env.CSC_KEY_PASSWORD
   }
diff --git a/src/codeSign.ts b/src/codeSign.ts
index 47f5f1e826c..d4f3833af17 100644
--- a/src/codeSign.ts
+++ b/src/codeSign.ts
@@ -23,13 +23,13 @@ export function generateKeychainName(): string {
   return "csc-" + randomString() + ".keychain"
 }
 
-export function createKeychain(keychainName: string, cscLink: string, cscKeyPassword: string): Promise<CodeSigningInfo> {
-  const appleCertPath = path.join(tmpdir(), randomString() + ".cer")
+export function createKeychain(keychainName: string, cscLink: string, cscKeyPassword: string, csaLink?: string): Promise<CodeSigningInfo> {
+  const authorityCertPath = path.join(tmpdir(), randomString() + ".cer")
   const developerCertPath = path.join(tmpdir(), randomString() + ".p12")
 
   const keychainPassword = randomString()
   return executeFinally(BluebirdPromise.all([
-      download("https://developer.apple.com/certificationauthority/AppleWWDRCA.cer", appleCertPath),
+      download(csaLink || "https://developer.apple.com/certificationauthority/AppleWWDRCA.cer", authorityCertPath),
       download(cscLink, developerCertPath),
       BluebirdPromise.mapSeries([
         ["create-keychain", "-p", keychainPassword, keychainName],
@@ -37,9 +37,9 @@ export function createKeychain(keychainName: string, cscLink: string, cscKeyPass
         ["set-keychain-settings", "-t", "3600", "-u", keychainName]
       ], it => exec("security", it))
     ])
-    .then(() => importCerts(keychainName, appleCertPath, developerCertPath, cscKeyPassword)),
+    .then(() => importCerts(keychainName, authorityCertPath, developerCertPath, cscKeyPassword)),
     errorOccurred => {
-      const tasks = [deleteFile(appleCertPath, true), deleteFile(developerCertPath, true)]
+      const tasks = [deleteFile(authorityCertPath, true), deleteFile(developerCertPath, true)]
       if (errorOccurred) {
         tasks.push(deleteKeychain(keychainName))
       }
@@ -47,8 +47,8 @@ export function createKeychain(keychainName: string, cscLink: string, cscKeyPass
     })
 }
 
-async function importCerts(keychainName: string, appleCertPath: string, developerCertPath: string, cscKeyPassword: string): Promise<CodeSigningInfo> {
-  await exec("security", ["import", appleCertPath, "-k", keychainName, "-T", "/usr/bin/codesign"])
+async function importCerts(keychainName: string, authorityCertPath: string, developerCertPath: string, cscKeyPassword: string): Promise<CodeSigningInfo> {
+  await exec("security", ["import", authorityCertPath, "-k", keychainName, "-T", "/usr/bin/codesign"])
   await exec("security", ["import", developerCertPath, "-k", keychainName, "-T", "/usr/bin/codesign", "-P", cscKeyPassword])
   let cscName = await extractCommonName(cscKeyPassword, developerCertPath)
   return {
diff --git a/src/macPackager.ts b/src/macPackager.ts
index 3a0ac3a7601..747a158a58f 100644
--- a/src/macPackager.ts
+++ b/src/macPackager.ts
@@ -17,7 +17,7 @@ export default class MacPackager extends PlatformPackager<appdmg.Specification>
     if (this.options.cscLink != null && this.options.cscKeyPassword != null) {
       const keychainName = generateKeychainName()
       cleanupTasks.push(() => deleteKeychain(keychainName))
-      this.codeSigningInfo = createKeychain(keychainName, this.options.cscLink, this.options.cscKeyPassword)
+      this.codeSigningInfo = createKeychain(keychainName, this.options.cscLink, this.options.cscKeyPassword, this.options.csaLink)
     }
     else {
       this.codeSigningInfo = BluebirdPromise.resolve(null)
diff --git a/src/platformPackager.ts b/src/platformPackager.ts
index e907a2691f5..bdc50491064 100644
--- a/src/platformPackager.ts
+++ b/src/platformPackager.ts
@@ -26,6 +26,7 @@ export interface PackagerOptions {
   projectDir?: string
 
   cscLink?: string
+  csaLink?: string
   cscKeyPassword?: string
 }