npm - @aiot-toolkit/aiotpack - Versions diffs - 2.0.1-alpha.0 - Mend

@aiot-toolkit/aiotpack 2.0.1-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (123) hide show

package/lib/compiler/javascript/vela/utils/signature/SignUtil.js ADDED Viewed

@@ -0,0 +1,713 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const ColorConsole2_1 = __importDefault(require("@aiot-toolkit/shared-utils/lib/ColorConsole2"));
+const CommonUtil_1 = __importDefault(require("@aiot-toolkit/shared-utils/lib/utils/CommonUtil"));
+const FileUtil_1 = __importDefault(require("@aiot-toolkit/shared-utils/lib/utils/FileUtil"));
+const crypto_1 = __importDefault(require("crypto"));
+const fs_extra_1 = __importDefault(require("fs-extra"));
+const jsrsasign_1 = __importDefault(require("jsrsasign"));
+const jszip_1 = __importDefault(require("jszip"));
+const path_1 = __importDefault(require("path"));
+const CompileMode_1 = __importDefault(require("../../../../enum/CompileMode"));
+const ZipUtil_1 = __importDefault(require("../ZipUtil"));
+const Base64_1 = __importDefault(require("./Base64"));
+const CRC32_1 = __importDefault(require("./CRC32"));
+const Signer_1 = __importDefault(require("./Signer"));
+/**
+ * SignUtil
+ */
+class SignUtil {
+    /**
+     * 获取签名相关的配置内容
+     * 1. ICompileParam参数中获取编译模式是否为release
+     * 2. IJavascriptCompileOption参数中获取签名目录等内容
+     * @param param
+     */
+    static getProjectSignConfig(param) {
+        const { mode, projectPath, signRoot } = param;
+        let signConfig;
+        let privatekeyPath;
+        let certificatePath;
+        switch (mode) {
+            case CompileMode_1.default.DEVELOPMENT:
+                privatekeyPath = path_1.default.join(__dirname, 'pem', 'private.pem');
+                certificatePath = path_1.default.join(__dirname, 'pem', 'certificate.pem');
+                break;
+            case CompileMode_1.default.PRODUCTION:
+                privatekeyPath = path_1.default.join(projectPath, signRoot, 'private.pem');
+                certificatePath = path_1.default.join(projectPath, signRoot, 'certificate.pem');
+                break;
+            default:
+                // 打印信息， 模式未定义
+                ColorConsole2_1.default.error(`【SignUtil】Error: mode ${mode} undefined`);
+                break;
+        }
+        // 检查路径是否真实存在
+        if (privatekeyPath &&
+            certificatePath &&
+            FileUtil_1.default.checkFilePath([privatekeyPath, certificatePath])) {
+            signConfig = {
+                privatekey: fs_extra_1.default.readFileSync(privatekeyPath),
+                certificate: fs_extra_1.default.readFileSync(certificatePath)
+            };
+        }
+        else {
+            // 报错, 抛出错误
+            ColorConsole2_1.default.throw();
+        }
+        return signConfig;
+    }
+    static signZipBufferForPackage(zipBuffer, privatekey, certificate) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // 1. 解压得到文件列表
+            const zipInstWrap = yield SignUtil.createFileListFromZipBuffer(zipBuffer);
+            // 摘要map
+            const fileDigestHash = [];
+            const fileList = [];
+            // 2. 如果包含META-INF/CERT，则对其解压，增加签名
+            const metaBuffer = zipInstWrap.getFileBuffer(ZipUtil_1.default.CERT_PATH);
+            if (metaBuffer) {
+                const metaHash = {
+                    name: ZipUtil_1.default.DIGEST_HASH_JSON,
+                    hash: CommonUtil_1.default.calcDataDigest(metaBuffer)
+                };
+                const signedMetaBuffer = SignUtil.doSign(metaBuffer, [metaHash], privatekey, certificate);
+                if (signedMetaBuffer === false) {
+                    // 报错，META-INF/CERT签名失败
+                    console.error('【SignUtil】error: META-INF/CERT signature failed');
+                }
+                else {
+                    fileList.push({
+                        path: ZipUtil_1.default.CERT_PATH,
+                        content: signedMetaBuffer
+                    });
+                    fileDigestHash.push({
+                        name: ZipUtil_1.default.CERT_PATH,
+                        hash: CommonUtil_1.default.calcDataDigest(signedMetaBuffer)
+                    });
+                }
+            }
+            // 3. 对整个zip做签名
+            const files = zipInstWrap.fileList;
+            files.filter(SignUtil.fileFilter).map((item) => {
+                fileList.push(item);
+                fileDigestHash.push({
+                    name: item.path,
+                    hash: CommonUtil_1.default.calcDataDigest(item.content)
+                });
+            });
+            // 因为META变化，重新创建ZIP流
+            const newZipBuffer = yield ZipUtil_1.default.createZipBufferFromFileList(fileList, zipInstWrap.comment);
+            // 对新ZIP流重新签名
+            const signedZipBuffer = SignUtil.doSign(newZipBuffer, fileDigestHash, privatekey, certificate);
+            return signedZipBuffer;
+        });
+    }
+    /**
+     * 根据ZIP流获取文件实例
+     * @param zipBuffer
+     * @returns
+     */
+    static createFileListFromZipBuffer(zipBuffer) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const zipInst = yield jszip_1.default.loadAsync(zipBuffer, ZipUtil_1.default.ZIP_OPTION);
+            function iterator(filePath) {
+                return __awaiter(this, void 0, void 0, function* () {
+                    const content = yield zipInst.files[filePath].async('nodebuffer');
+                    return {
+                        path: filePath,
+                        content
+                    };
+                });
+            }
+            const fileList = yield Promise.all(Object.keys(zipInst.files).map(iterator));
+            return {
+                fileList,
+                comment: zipInst.comment,
+                getFileBuffer(path) {
+                    const buffer = fileList.find((item) => item.path === path);
+                    let content;
+                    if (buffer) {
+                        content = buffer.content;
+                    }
+                    return content;
+                }
+            };
+        });
+    }
+    /**
+     * 为 zip buffer 签名，返回签名后的buffer
+     * @param fileBuffer
+     * @param files
+     * @param privatekey
+     * @param certificate
+     */
+    static doSign(fileBuffer, files, privatekey, certificate) {
+        const result = SignUtil.unZipFiles(fileBuffer, files);
+        if (!result) {
+            return false;
+        }
+        const [chunks] = result;
+        // 生成整体签名
+        SignUtil.signChunk(chunks, privatekey, certificate);
+        // 写入zip文件
+        const signContent = SignUtil.saveChunk(fileBuffer, chunks);
+        return signContent;
+    }
+    /**
+     * 解析buffer
+     * @param fileBuffer
+     * @param files
+     */
+    static unZipFiles(fileBuffer, files) {
+        // 1. 读取zip文件
+        if (!fileBuffer || fileBuffer.length <= 4) {
+            // 报错
+            console.error('【SignUtil】Zip file open failed');
+            return false;
+        }
+        // 2. 检查文件格式是否正确
+        const fileMagic = fileBuffer.readInt32LE(0);
+        if (fileMagic !== 0x4034b50) {
+            // 报错
+            console.error('【SignUtil】Zip file format is wrong');
+            return false;
+        }
+        // 3. 解析数据块
+        const chunks = SignUtil.parserZip(fileBuffer);
+        chunks.options = { files };
+        // 解析成功，生成签名块
+        if (chunks.tag) {
+            // 分别处理三个签名块
+            Object.keys(chunks.sections).forEach((item) => {
+                const chunk = chunks.sections[item];
+                SignUtil.processChunk(fileBuffer, chunk);
+            });
+            return [chunks, fileBuffer];
+        }
+        return false;
+    }
+    /**
+     * 解析ZIP 分解为数据块
+     * @param fileBuffer
+     */
+    static parserZip(fileBuffer) {
+        let chunk = {
+            signchunk: Buffer.from(''),
+            tag: false,
+            length: fileBuffer.length,
+            options: {
+                files: []
+            },
+            sections: {
+                header: {
+                    tag: false,
+                    startIndex: 0,
+                    len: 0,
+                    previous: 0,
+                    sign: undefined
+                },
+                central: {
+                    tag: false,
+                    startIndex: 0,
+                    len: 0,
+                    previous: 0,
+                    sign: undefined
+                },
+                footer: {
+                    tag: false,
+                    startIndex: 0,
+                    len: 0,
+                    previous: 0,
+                    sign: undefined
+                }
+            }
+        };
+        // fileBuffer至少22个字节
+        chunk.sections.footer = SignUtil.readEOCD(fileBuffer);
+        if (chunk.sections.footer.tag) {
+            chunk.sections.central = SignUtil.readCD(fileBuffer, chunk.sections.footer.previous, chunk.sections.footer.startIndex - chunk.sections.footer.previous);
+            if (chunk.sections.central.tag) {
+                chunk.sections.header = SignUtil.readFH(fileBuffer, chunk.sections.central.previous, chunk.sections.central.startIndex - chunk.sections.central.previous);
+                if (chunk.sections.header.tag) {
+                    chunk.tag = true;
+                }
+            }
+        }
+        return chunk;
+    }
+    /**
+     * 从后往前读取buffer，读取尾部buffer
+     * @param buffer
+     * @returns
+     */
+    static readEOCD(buffer) {
+        let chunk;
+        if (buffer && buffer.length >= 22) {
+            let offset = buffer.length - 22;
+            let tag;
+            // 从开始位置往前单个字节读取，检查
+            while (offset >= 0) {
+                tag = buffer.readInt32LE(offset);
+                if (tag === 0x6054b50) {
+                    // 如果找到起始位置
+                    chunk = {
+                        tag: true,
+                        startIndex: offset,
+                        len: buffer.length - offset,
+                        previous: buffer.readInt32LE(offset + 16)
+                    };
+                    break;
+                }
+                offset -= 1;
+            }
+        }
+        return chunk;
+    }
+    /**
+     * 读取中部buffer
+     * @param buffer
+     * @param offset
+     * @param size
+     */
+    static readCD(buffer, offset, size) {
+        let chunk;
+        if (buffer && buffer.length >= offset) {
+            const tag = buffer.readInt32LE(offset);
+            // 找到起始位置
+            if (tag === 0x2014b50) {
+                chunk = {
+                    tag: true,
+                    startIndex: offset,
+                    len: size,
+                    previous: buffer.readInt32LE(offset + 42)
+                };
+            }
+        }
+        return chunk;
+    }
+    /**
+     * 读取前部buffer
+     * @param buffer
+     * @param offset
+     * @param size
+     * @returns
+     */
+    static readFH(buffer, offset, size) {
+        let chunk;
+        if (buffer && buffer.length >= offset) {
+            const tag = buffer.readInt32LE(offset);
+            // 找到起始位置
+            if (tag === 0x4034b50) {
+                chunk = {
+                    tag: true,
+                    startIndex: offset,
+                    len: size,
+                    previous: -1
+                };
+            }
+        }
+        return chunk;
+    }
+    /**
+     * 数据块hash
+     * @param buffer
+     * @param chunk
+     */
+    static processChunk(buffer, chunk) {
+        const cur = chunk.startIndex;
+        const end = chunk.startIndex + chunk.len;
+        // 取数据块对应的buffer内容
+        const chk = buffer.subarray(cur, end);
+        // 创建指定长度Buffer对象，并确保分配内存区域被清零
+        const header = Buffer.alloc(5 + chunk.len);
+        // 给第一个字节赋值
+        header[0] = 0xa5;
+        // 从第二个字节位置开始填充，长度为4字节,填充内容为chk.length
+        header.writeInt32LE(chk.length, 1);
+        // 从第六个开始填充chk的内容
+        chk.copy(header, 5);
+        // 将buffer进行hash计算并存储到chunk对象上
+        const signer = crypto_1.default.createHash('SHA256');
+        signer.update(header);
+        chunk.sign = signer.digest();
+    }
+    static signChunk(chunks, privatekey, certificate) {
+        const { sections } = chunks;
+        // 二进制拼接每个块摘要
+        let length = 5;
+        if (sections.header.sign) {
+            length += sections.header.sign.length;
+        }
+        if (sections.central.sign) {
+            length += sections.central.sign.length;
+        }
+        if (sections.footer.sign) {
+            length += sections.footer.sign.length;
+        }
+        const wholeData = Buffer.alloc(length);
+        let offset = 0;
+        wholeData.writeInt8(0x5a, 0);
+        wholeData.writeInt32LE(3, 1);
+        offset += 5;
+        function writeBuffer(buf) {
+            buf.copy(wholeData, offset);
+            offset += buf.length;
+        }
+        sections.header.sign && writeBuffer(sections.header.sign);
+        sections.central.sign && writeBuffer(sections.central.sign);
+        sections.footer.sign && writeBuffer(sections.footer.sign);
+        // 计算整体摘要
+        const signer = crypto_1.default.createHash('SHA256');
+        signer.update(wholeData);
+        const signature = signer.digest();
+        // 生成sign block, 计算block总长度, 向buf中考入数据
+        const signchunk = SignUtil.makeSignChunk(chunks.options, signature, privatekey, certificate);
+        chunks.signchunk = SignUtil.saveSignChunk(signchunk);
+    }
+    static makeSignChunk(options, sign, privatekey, certificate) {
+        // 提取公钥
+        const cert = Buffer.from(Base64_1.default.unarmor(certificate));
+        const c = new jsrsasign_1.default.X509();
+        c.readCertPEM(certificate.toString());
+        const pubKey = jsrsasign_1.default.KEYUTIL.getPEM(c.subjectPublicKeyRSA);
+        // 摘要块
+        const digestBuf = Buffer.alloc(sign.length + 12);
+        digestBuf.writeInt32LE(sign.length + 8, 0);
+        digestBuf.writeInt32LE(0x0103, 4);
+        digestBuf.writeInt32LE(sign.length, 8);
+        sign.copy(digestBuf, 12);
+        const digestBlock = {
+            len: digestBuf.length,
+            buffer: digestBuf
+        };
+        // 证书块
+        const certBuf = Buffer.alloc(cert.length + 4);
+        certBuf.writeInt32LE(cert.length, 0);
+        cert.copy(certBuf, 4);
+        const certBlock = {
+            len: certBuf.length,
+            buffer: certBuf
+        };
+        // 签名数据
+        const signdataBlock = {
+            len: 12,
+            digests: {
+                size: 0,
+                data: []
+            },
+            certs: {
+                size: 0,
+                data: []
+            },
+            additional: 0
+        };
+        signdataBlock.digests.data.push(digestBlock);
+        signdataBlock.digests.size += digestBlock.len;
+        signdataBlock.len += digestBlock.len;
+        signdataBlock.certs.data.push(certBlock);
+        signdataBlock.certs.size += certBlock.len;
+        signdataBlock.len += certBlock.len;
+        // 将public.pem转化为der
+        const pubbuf = Buffer.from(Base64_1.default.unarmor(pubKey));
+        const signBlock = {
+            len: 16 + pubbuf.length,
+            size: 12 + pubbuf.length,
+            signdata: {
+                size: 0,
+                buffer: null
+            },
+            signatures: {
+                size: 0,
+                data: []
+            },
+            pubkey: {
+                size: pubbuf.length,
+                buffer: pubbuf
+            }
+        };
+        signBlock.signdata.buffer = SignUtil.makeSignDataBuffer(signdataBlock);
+        signBlock.signdata.size = signdataBlock.len;
+        signBlock.size += signdataBlock.len;
+        signBlock.len += signdataBlock.len;
+        // 生成签名
+        const signature = SignUtil.callCryptoSignFunction(signBlock.signdata.buffer, privatekey, certificate);
+        const signatureBlock = {
+            len: signature.length + 12,
+            size: signature.length + 8,
+            id: 0x0103,
+            buffer: signature
+        };
+        signBlock.signatures.data.push(signatureBlock);
+        signBlock.signatures.size += signatureBlock.len;
+        signBlock.size += signatureBlock.len;
+        signBlock.len += signatureBlock.len;
+        const signBlocks = {
+            len: 4,
+            size: 0,
+            data: []
+        };
+        signBlocks.data.push(signBlock);
+        signBlocks.size += signBlock.len;
+        signBlocks.len += signBlock.len;
+        // 生成key-value
+        const kvBlock = {
+            len: signBlocks.len + 12,
+            size: signBlocks.len + 4,
+            id: 0x01000101,
+            value: signBlocks
+        };
+        const signchunk = {
+            len: 32,
+            size: 24,
+            data: []
+        };
+        signchunk.data.push(kvBlock);
+        signchunk.size += kvBlock.len;
+        signchunk.len += kvBlock.len;
+        // 添加文件列表hash kvblock
+        if (options.files) {
+            const filehashChunk = SignUtil.signFiles(options.files, privatekey, certificate);
+            if (filehashChunk) {
+                const filesignBlocks = {
+                    len: 4,
+                    size: 0,
+                    data: []
+                };
+                filesignBlocks.data.push(filehashChunk);
+                filesignBlocks.size += filehashChunk.length;
+                filesignBlocks.len += filehashChunk.length;
+                const filekvBlock = {
+                    len: filesignBlocks.len + 12,
+                    size: filesignBlocks.len + 4,
+                    id: 0x01000201,
+                    value: filesignBlocks
+                };
+                signchunk.data.push(filekvBlock);
+                signchunk.size += filekvBlock.len;
+                signchunk.len += filekvBlock.len;
+            }
+        }
+        return signchunk;
+    }
+    static makeSignDataBuffer(block) {
+        const buffer = Buffer.alloc(block.len);
+        let offset = 0;
+        buffer.writeInt32LE(block.digests.size, offset);
+        offset += 4;
+        block.digests.data.forEach((item) => {
+            item.buffer.copy(buffer, offset);
+            offset += item.len;
+        });
+        buffer.writeInt32LE(block.certs.size, offset);
+        offset += 4;
+        block.certs.data.forEach((item) => {
+            item.buffer.copy(buffer, offset);
+            offset += item.len;
+        });
+        buffer.writeInt32LE(block.additional, offset);
+        return buffer;
+    }
+    static callCryptoSignFunction(buffer, prikey, certpem) {
+        let signature = null;
+        if (!Signer_1.default.getRemoteCryptoSignFunction()) {
+            // 使用默认
+            signature = Signer_1.default.defaultCryptoSignFunction(buffer, prikey);
+        }
+        else {
+            // 使用外部：传递原文件内容、证书内容
+            const remoteCryptoSignFunction = Signer_1.default.getRemoteCryptoSignFunction();
+            signature = remoteCryptoSignFunction(buffer, certpem);
+        }
+        return signature;
+    }
+    /**
+     * 加签名文件
+     * @param filehashs
+     * @param prikey
+     * @param certpem
+     */
+    static signFiles(filehashs, prikey, certpem) {
+        const chunk = {
+            len: 8,
+            size: 4,
+            digests: [],
+            sign: null
+        };
+        // 生成hash块
+        filehashs.forEach((item) => {
+            // name hash
+            const namehash = CRC32_1.default.digest(item.name);
+            // 计算大小
+            const sum = 6 + item.hash.length;
+            const chk = Buffer.alloc(sum);
+            let offset = 0;
+            chk.writeInt32LE(namehash, offset);
+            offset += 4;
+            chk.writeInt16LE(item.hash.length, offset);
+            offset += 2;
+            item.hash.copy(chk, offset);
+            offset += item.hash.length;
+            chunk.digests.push(chk);
+            chunk.size += sum;
+            chunk.len += sum;
+        });
+        // 生成整体签名
+        SignUtil.signDigestChunk(chunk, prikey, certpem);
+        // 写入文件
+        return SignUtil.saveDigestChunk(chunk);
+    }
+    static signDigestChunk(chunk, prikey, certpem) {
+        const buf = Buffer.alloc(chunk.size);
+        let offset = 0;
+        buf.writeInt32LE(0x0103, offset);
+        offset += 4;
+        chunk.digests.forEach((chk) => {
+            chk.copy(buf, offset);
+            offset += chk.length;
+        });
+        chunk.digests = buf.slice();
+        // 生成签名
+        const signature = SignUtil.callCryptoSignFunction(buf, prikey, certpem);
+        chunk.sign = {
+            len: 12 + signature.length,
+            size: 8 + signature.length,
+            id: 0x0103,
+            data: signature
+        };
+        chunk.len += chunk.sign.len;
+    }
+    static saveDigestChunk(chunk) {
+        // 创建新buffer
+        const newBuffer = Buffer.alloc(chunk.len);
+        let offset = 0;
+        newBuffer.writeInt32LE(chunk.size, offset);
+        offset += 4;
+        // 文件hash列表
+        chunk.digests.copy(newBuffer, offset);
+        offset += chunk.digests.length;
+        // 写入签名
+        newBuffer.writeInt32LE(chunk.sign.size, offset);
+        offset += 4;
+        newBuffer.writeInt32LE(chunk.sign.id, offset);
+        offset += 4;
+        newBuffer.writeInt32LE(chunk.sign.data.length, offset);
+        offset += 4;
+        chunk.sign.data.copy(newBuffer, offset);
+        offset += chunk.sign.data.length;
+        return newBuffer;
+    }
+    static saveSignChunk(signchunk) {
+        const buffer = Buffer.alloc(signchunk.len);
+        let offset = 0;
+        // 大小
+        buffer.writeInt32LE(signchunk.size, offset);
+        offset += 4;
+        buffer.writeInt32LE(0, offset);
+        offset += 4;
+        // key-value
+        signchunk.data.forEach((kv) => {
+            buffer.writeInt32LE(kv.size, offset);
+            offset += 4;
+            buffer.writeInt32LE(0, offset);
+            offset += 4;
+            buffer.writeInt32LE(kv.id, offset);
+            offset += 4;
+            // value
+            buffer.writeInt32LE(kv.value.size, offset);
+            offset += 4;
+            if (kv.id === 0x01000101) {
+                // sign blocks
+                kv.value.data.forEach((block) => {
+                    buffer.writeInt32LE(block.size, offset);
+                    offset += 4;
+                    // signdata
+                    buffer.writeInt32LE(block.signdata.size, offset);
+                    offset += 4;
+                    block.signdata.buffer.copy(buffer, offset);
+                    offset += block.signdata.buffer.length;
+                    // signature
+                    buffer.writeInt32LE(block.signatures.size, offset);
+                    offset += 4;
+                    block.signatures.data.forEach((signature) => {
+                        buffer.writeInt32LE(signature.size, offset);
+                        offset += 4;
+                        buffer.writeInt32LE(signature.id, offset);
+                        offset += 4;
+                        buffer.writeInt32LE(signature.buffer.length, offset);
+                        offset += 4;
+                        signature.buffer.copy(buffer, offset);
+                        offset += signature.buffer.length;
+                    });
+                    // pubkey
+                    buffer.writeInt32LE(block.pubkey.size, offset);
+                    offset += 4;
+                    block.pubkey.buffer.copy(buffer, offset);
+                    offset += block.pubkey.buffer.length;
+                });
+            }
+            else if (kv.id === 0x01000201) {
+                // files blocks
+                kv.value.data.forEach((block) => {
+                    block.copy(buffer, offset);
+                    offset += block.length;
+                });
+            }
+        });
+        // 大小
+        buffer.writeInt32LE(signchunk.size, offset);
+        offset += 4;
+        buffer.writeInt32LE(0, offset);
+        offset += 4;
+        // 魔法值
+        const magic = Buffer.from(SignUtil.SigMagic);
+        magic.copy(buffer, offset);
+        return buffer;
+    }
+    static saveChunk(buf, chunks) {
+        // 创建新buffer
+        const newBuffer = Buffer.alloc(buf.length + chunks.signchunk.length);
+        let offset = 0;
+        const sections = chunks.sections;
+        // 拷贝header
+        buf.copy(newBuffer, offset, sections.header.startIndex, sections.header.startIndex + sections.header.len);
+        offset += sections.header.len;
+        // 拷贝signblock
+        chunks.signchunk.copy(newBuffer, offset);
+        offset += chunks.signchunk.length;
+        // 拷贝central
+        buf.copy(newBuffer, offset, sections.central.startIndex, sections.central.startIndex + sections.central.len);
+        offset += sections.central.len;
+        // 修改eocd
+        buf.writeInt32LE(sections.central.startIndex + chunks.signchunk.length, sections.footer.startIndex + 16);
+        // 拷贝eocd
+        buf.copy(newBuffer, offset, sections.footer.startIndex, sections.footer.startIndex + sections.footer.len);
+        offset += sections.footer.len;
+        return newBuffer;
+    }
+    /**
+     * 过滤掉文件夹和META文件
+     * @param item
+     * @returns
+     */
+    static fileFilter(item) {
+        const path = item.path;
+        return !path.endsWith('/') && path !== ZipUtil_1.default.CERT_PATH;
+    }
+}
+SignUtil.SigMagic = 'RPK Sig Block 42';
+exports.default = SignUtil;
+//# sourceMappingURL=SignUtil.js.map