@involvex/msix-packager-cli 1.4.1

package/src/certificates.js

@@ -0,0 +1,320 @@
+const fs = require("fs-extra");
+const path = require("path");
+const { executeCommand } = require("./utils");
+const { CONSTANTS, CertificateError, MSIXError } = require("./constants");
+
+/**
+ * Finds code signing certificates in the certificate store
+ * @returns {Array} Array of certificate objects
+ */
+async function findCodeSigningCertificates() {
+  try {
+    console.log("Searching for code signing certificates...");
+
+    const psScript = `
+      $results = @()
+      
+      function Has-CodeSigning($cert) {
+        foreach($ext in $cert.Extensions) {
+          if($ext.Oid.Value -eq '2.5.29.37') {
+            $ekuText = $ext.Format($true)
+            if($ekuText -match 'Code Signing') {
+              return $true
+            }
+          }
+        }
+        return $false
+      }
+      
+      function Check-Store($storeLocation, $storeName) {
+        try {
+          $store = New-Object System.Security.Cryptography.X509Certificates.X509Store([System.Security.Cryptography.X509Certificates.StoreName]::$storeName, [System.Security.Cryptography.X509Certificates.StoreLocation]::$storeLocation)
+          $store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)
+          
+          foreach($cert in $store.Certificates) {
+            if($cert.HasPrivateKey -and (Has-CodeSigning $cert)) {
+              $script:results += @{
+                Subject = $cert.Subject
+                Thumbprint = $cert.Thumbprint
+                NotBefore = $cert.NotBefore.ToString('yyyy-MM-ddTHH:mm:ssZ')
+                NotAfter = $cert.NotAfter.ToString('yyyy-MM-ddTHH:mm:ssZ')
+                Store = $storeLocation
+              }
+            }
+          }
+          $store.Close()
+        } catch {
+          # Continue to next store
+        }
+      }
+      
+      Check-Store 'CurrentUser' 'My'
+      Check-Store 'LocalMachine' 'My'
+      
+      if($results.Count -eq 0) {
+        Write-Output '[]'
+      } else {
+        $results | ConvertTo-Json -Depth 2
+      }
+    `;
+
+    let result = "";
+    try {
+      const tempScript = path.join(
+        process.env.TEMP || "/tmp",
+        "find-certs.ps1",
+      );
+      await fs.writeFile(tempScript, psScript);
+
+      result = executeCommand(
+        `powershell -ExecutionPolicy Bypass -File "${tempScript}"`,
+        { silent: true },
+      );
+
+      await fs.unlink(tempScript).catch(() => {}); // Ignore cleanup errors
+    } catch (error) {
+      console.warn(`Certificate search failed: ${error.message}`);
+      return [];
+    }
+
+    const certificates = [];
+
+    if (result && result.trim() && result.trim() !== "[]") {
+      try {
+        const parsed = JSON.parse(result);
+        const certsArray = Array.isArray(parsed) ? parsed : [parsed];
+
+        for (const cert of certsArray) {
+          if (cert?.Subject && cert?.Thumbprint) {
+            certificates.push({
+              subject: cert.Subject,
+              thumbprint: cert.Thumbprint.replace(/\s/g, ""),
+              store: cert.Store || "CurrentUser",
+              notBefore: new Date(cert.NotBefore),
+              notAfter: new Date(cert.NotAfter),
+              isExpired: new Date(cert.NotAfter) < new Date(),
+              isValid:
+                new Date(cert.NotBefore) <= new Date() &&
+                new Date(cert.NotAfter) >= new Date(),
+            });
+          }
+        }
+      } catch (parseError) {
+        console.warn(
+          `Could not parse certificate results: ${parseError.message}`,
+        );
+      }
+    }
+
+    console.log(`Found ${certificates.length} code signing certificate(s)`);
+
+    return certificates;
+  } catch (error) {
+    console.warn(`Certificate search error: ${error.message}`);
+    return []; // Return empty array instead of throwing
+  }
+}
+
+/**
+ * Selects the best certificate from available certificates
+ * @param {Array} certificates - Array of available certificates
+ * @param {Object} preferences - Certificate selection preferences
+ * @returns {Object} Selected certificate
+ */
+function selectBestCertificate(certificates, preferences = {}) {
+  if (certificates.length === 0) {
+    throw new CertificateError("No code signing certificates found");
+  }
+
+  const validCertificates = certificates.filter((cert) => cert.isValid);
+
+  if (validCertificates.length === 0) {
+    throw new CertificateError(
+      "No valid (non-expired) code signing certificates found",
+    );
+  }
+
+  // If thumbprint is specified, try to find matching certificate
+  if (preferences.thumbprint) {
+    const matchingCert = validCertificates.find(
+      (cert) =>
+        cert.thumbprint.replace(/\s/g, "").toLowerCase() ===
+        preferences.thumbprint.replace(/\s/g, "").toLowerCase(),
+    );
+
+    if (!matchingCert) {
+      throw new CertificateError(
+        `Certificate with thumbprint ${preferences.thumbprint} not found`,
+      );
+    }
+    return matchingCert;
+  }
+
+  // If subject is specified, try to find matching certificate
+  if (preferences.subject) {
+    const matchingCert = validCertificates.find((cert) =>
+      cert.subject.toLowerCase().includes(preferences.subject.toLowerCase()),
+    );
+
+    if (!matchingCert) {
+      throw new CertificateError(
+        `Certificate with subject containing "${preferences.subject}" not found`,
+      );
+    }
+    return matchingCert;
+  }
+
+  // Select the certificate that expires latest
+  return validCertificates.reduce((best, current) =>
+    current.notAfter > best.notAfter ? current : best,
+  );
+}
+
+/**
+ * Gets certificate information from PFX file and validates it
+ * @param {string} pfxPath - Path to PFX file
+ * @param {string} password - PFX password
+ * @param {boolean} validateOnly - If true, only validates without returning full info
+ * @returns {Object|boolean} Certificate information or validation result
+ */
+async function getPfxCertificateInfo(
+  pfxPath,
+  password = "",
+  validateOnly = false,
+) {
+  try {
+    if (!(await fs.pathExists(pfxPath))) {
+      throw new CertificateError(`PFX file not found: ${pfxPath}`);
+    }
+
+    const psCommand = `
+      try {
+        $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("${pfxPath}", "${password}")
+        if (-not ($cert.HasPrivateKey -and $cert.Subject)) {
+          throw "Invalid certificate"
+        }
+        ${
+          validateOnly
+            ? 'Write-Output "Valid"'
+            : `$info = @{
+            Subject = $cert.Subject
+            Thumbprint = $cert.Thumbprint
+            NotBefore = $cert.NotBefore.ToString('yyyy-MM-ddTHH:mm:ss')
+            NotAfter = $cert.NotAfter.ToString('yyyy-MM-ddTHH:mm:ss')
+          }
+          $info | ConvertTo-Json -Depth 2`
+        }
+      } catch {
+        ${validateOnly ? 'Write-Output "Invalid"' : 'Write-Error "Failed to read certificate: $_"; exit 1'}
+      }
+    `;
+
+    const output = executeCommand(
+      `powershell -ExecutionPolicy Bypass -Command "${psCommand}"`,
+      { silent: true },
+    );
+
+    if (validateOnly) {
+      if (output.trim() !== "Valid") {
+        throw new CertificateError(`Invalid PFX file or password`);
+      }
+      return true;
+    }
+
+    const certInfo = JSON.parse(output);
+
+    return {
+      subject: certInfo.Subject || "Unknown",
+      thumbprint: (certInfo.Thumbprint || "").replace(/\s/g, ""),
+      notBefore: certInfo.NotBefore ? new Date(certInfo.NotBefore) : null,
+      notAfter: certInfo.NotAfter ? new Date(certInfo.NotAfter) : null,
+      source: "PFX File",
+      path: pfxPath,
+      isExpired: certInfo.NotAfter
+        ? new Date(certInfo.NotAfter) < new Date()
+        : true,
+      isValid:
+        certInfo.NotBefore && certInfo.NotAfter
+          ? new Date(certInfo.NotBefore) <= new Date() &&
+            new Date(certInfo.NotAfter) >= new Date()
+          : false,
+    };
+  } catch (error) {
+    if (error instanceof CertificateError) {
+      throw error;
+    }
+    throw new CertificateError(
+      `Failed to ${validateOnly ? "validate" : "get info from"} PFX file: ${error.message}`,
+    );
+  }
+}
+
+/**
+ * Validates that a PFX file exists and can be used for signing
+ * @param {string} pfxPath - Path to PFX file
+ * @param {string} password - PFX password
+ * @returns {boolean} True if PFX is valid
+ */
+async function validatePfxFile(pfxPath, password = "") {
+  return await getPfxCertificateInfo(pfxPath, password, true);
+}
+
+/**
+ * Determines the best signing method based on available certificates and configuration
+ * @param {Object} signingConfig - Signing configuration
+ * @returns {Object} Signing method and parameters
+ */
+async function determineSigningMethod(signingConfig) {
+  if (!signingConfig.sign) {
+    return null;
+  }
+
+  // Priority 1: Use PFX file if specified
+  if (signingConfig.certificatePath) {
+    if (!(await fs.pathExists(signingConfig.certificatePath))) {
+      throw new CertificateError(
+        `Certificate file not found: ${signingConfig.certificatePath}`,
+      );
+    }
+
+    await validatePfxFile(
+      signingConfig.certificatePath,
+      signingConfig.certificatePassword || "",
+    );
+
+    return {
+      method: "pfx",
+      parameters: {
+        pfxPath: signingConfig.certificatePath,
+        password: signingConfig.certificatePassword || "",
+        timestampUrl:
+          signingConfig.timestampUrl || CONSTANTS.DEFAULT_TIMESTAMP_URL,
+      },
+    };
+  }
+
+  // Priority 2: Use certificate store
+  const certificates = await findCodeSigningCertificates();
+  const selectedCert = selectBestCertificate(certificates, {
+    thumbprint: signingConfig.certificateThumbprint,
+    subject: signingConfig.certificateSubject,
+  });
+
+  return {
+    method: "store",
+    parameters: {
+      thumbprint: selectedCert.thumbprint,
+      store: selectedCert.store,
+      timestampUrl:
+        signingConfig.timestampUrl || CONSTANTS.DEFAULT_TIMESTAMP_URL,
+    },
+  };
+}
+
+module.exports = {
+  findCodeSigningCertificates,
+  selectBestCertificate,
+  validatePfxFile,
+  getPfxCertificateInfo,
+  determineSigningMethod,
+};

package/src/cli.js

@@ -0,0 +1,383 @@
+#!/usr/bin/env node
+
+const { Command } = require("commander");
+const fs = require("fs-extra");
+const path = require("path");
+const chalk = require("chalk");
+
+// Get package information first
+const packageJson = require("../package.json");
+
+const program = new Command();
+
+program
+  .name("node-msix")
+  .description("Create MSIX packages from Node.js applications")
+  .version(packageJson.version)
+  .addHelpText(
+    "after",
+    `
+Examples:
+  $ node-msix package --input ./my-app --name "My App" --publisher "CN=MyCompany"
+  $ node-msix package --config ./msix-config.json
+  $ node-msix init
+  $ node-msix list-certificates
+  $ node-msix sign ./dist/MyApp.msix --cert-path ./cert.pfx --cert-password mypassword
+  
+For more information, visit: https://github.com/your-username/node-msix
+`,
+  );
+
+/**
+ * Package command - creates an MSIX package
+ */
+program
+  .command("package")
+  .description("Create an MSIX package from a Node.js application")
+  .option(
+    "-i, --input <path>",
+    "Input directory containing the Node.js application",
+  )
+  .option(
+    "-o, --output <path>",
+    "Output directory for the MSIX package",
+    "./dist",
+  )
+  .option("-n, --name <name>", "Application name")
+  .option(
+    "-p, --publisher <publisher>",
+    'Publisher name (e.g., "CN=My Company")',
+  )
+  .option("-v, --version <version>", 'Application version (e.g., "1.0.0.0")')
+  .option("-d, --description <description>", "Application description")
+  .option("-e, --executable <executable>", "Main executable file")
+  .option(
+    "-a, --architecture <arch>",
+    "Target architecture (x86, x64, arm, arm64)",
+    "x64",
+  )
+  .option("--icon <path>", "Path to application icon file")
+  .option("--display-name <name>", "Display name for the application")
+  .option("--package-name <name>", "Package identity name")
+  .option(
+    "--capabilities <capabilities>",
+    "Comma-separated list of capabilities",
+    "internetClient",
+  )
+  .option(
+    "--background-color <color>",
+    "Background color for tiles",
+    "transparent",
+  )
+  .option("--skip-build", "Skip running bun run build script")
+  .option(
+    "--install-dev-deps",
+    "Install dev dependencies for build (default: true)",
+  )
+  .option("--no-install-dev-deps", "Skip installing dev dependencies")
+  .option("--no-sign", "Skip signing the package")
+  .option(
+    "--cert-thumbprint <thumbprint>",
+    "Certificate thumbprint for signing",
+  )
+  .option("--cert-subject <subject>", "Certificate subject name for signing")
+  .option("--cert-path <path>", "Path to PFX certificate file")
+  .option("--cert-password <password>", "Password for PFX certificate")
+  .option("--timestamp-url <url>", "Timestamp server URL")
+  .option(
+    "-c, --config <path>",
+    "Path to configuration file",
+    "msix-config.json",
+  )
+  .action(async (options) => {
+    try {
+      // Import main functions only when needed
+      const { createMsixPackage, CONSTANTS } = require("./index");
+
+      console.log(chalk.blue(`📦 Node-MSIX v${packageJson.version}`));
+      console.log(chalk.blue("Creating MSIX package..."));
+      console.log();
+
+      // Load configuration
+      let config = {};
+
+      // Load from config file if it exists
+      if (await fs.pathExists(options.config)) {
+        console.log(
+          chalk.blue(`📋 Loading configuration from ${options.config}`),
+        );
+        const configContent = await fs.readFile(options.config, "utf8");
+        config = JSON.parse(configContent);
+      }
+
+      // Override with command line options
+      if (options.input) config.inputPath = options.input;
+      if (options.output) config.outputPath = options.output;
+      if (options.name) config.appName = options.name;
+      if (options.publisher) config.publisher = options.publisher;
+      if (options.version) config.version = options.version;
+      if (options.description) config.description = options.description;
+      if (options.executable) config.executable = options.executable;
+      if (options.architecture) config.architecture = options.architecture;
+      if (options.icon) config.icon = options.icon;
+      if (options.displayName) config.displayName = options.displayName;
+      if (options.packageName) config.packageName = options.packageName;
+      if (options.capabilities)
+        config.capabilities = options.capabilities.split(",");
+      if (options.backgroundColor)
+        config.backgroundColor = options.backgroundColor;
+
+      // Build options
+      if (options.skipBuild) config.skipBuild = true;
+      if (options.installDevDeps === false) config.installDevDeps = false;
+
+      // Signing options
+      config.sign = options.sign !== false; // Default to true unless --no-sign is used
+      if (options.certThumbprint)
+        config.certificateThumbprint = options.certThumbprint;
+      if (options.certSubject) config.certificateSubject = options.certSubject;
+      if (options.certPath) config.certificatePath = options.certPath;
+      if (options.certPassword)
+        config.certificatePassword = options.certPassword;
+      if (options.timestampUrl) config.timestampUrl = options.timestampUrl;
+
+      // Validate required fields
+      if (!config.inputPath) {
+        console.error(chalk.red("❌ Error: Input path is required"));
+        console.log(
+          chalk.blue("Use --input <path> or specify inputPath in config file"),
+        );
+        process.exit(1);
+      }
+
+      if (!config.appName) {
+        console.error(chalk.red("❌ Error: Application name is required"));
+        console.log(
+          chalk.blue("Use --name <name> or specify appName in config file"),
+        );
+        process.exit(1);
+      }
+
+      if (!config.publisher) {
+        console.error(chalk.red("❌ Error: Publisher name is required"));
+        console.log(
+          chalk.blue(
+            'Use --publisher "CN=My Company" or specify publisher in config file',
+          ),
+        );
+        process.exit(1);
+      }
+
+      // Create the MSIX package
+      const result = await createMsixPackage(config);
+
+      console.log();
+      console.log(chalk.green("🎉 Success!"));
+      console.log(chalk.green(`📁 Package: ${result.packagePath}`));
+      console.log(chalk.green(`📏 Size: ${result.packageSize}`));
+      console.log(chalk.green(`🔐 Signed: ${result.signed ? "Yes" : "No"}`));
+      console.log();
+    } catch (error) {
+      console.log();
+      console.error(chalk.red(`❌ Error: ${error.message}`));
+      console.log();
+
+      if (error.name === "ValidationError") {
+        console.log(chalk.yellow("💡 Configuration tips:"));
+        console.log(
+          chalk.yellow("  • Use --help to see all available options"),
+        );
+        console.log(
+          chalk.yellow("  • Create a config file with: node-msix init"),
+        );
+        console.log(
+          chalk.yellow(
+            "  • Ensure input directory contains a valid Node.js application",
+          ),
+        );
+      }
+
+      process.exit(1);
+    }
+  });
+
+/**
+ * Sign command - signs an existing MSIX package
+ */
+program
+  .command("sign <packagePath>")
+  .description("Sign an existing MSIX package")
+  .option(
+    "--cert-thumbprint <thumbprint>",
+    "Certificate thumbprint for signing",
+  )
+  .option("--cert-subject <subject>", "Certificate subject name for signing")
+  .option("--cert-path <path>", "Path to PFX certificate file")
+  .option("--cert-password <password>", "Password for PFX certificate")
+  .option("--timestamp-url <url>", "Timestamp server URL")
+  .action(async (packagePath, options) => {
+    try {
+      // Import signing function only when needed
+      const { signMsixPackage, CONSTANTS } = require("./index");
+
+      console.log(chalk.blue(`📦 Node-MSIX v${packageJson.version}`));
+      console.log(chalk.blue(`Signing package: ${packagePath}`));
+      console.log();
+
+      const signingConfig = {
+        certificateThumbprint: options.certThumbprint,
+        certificateSubject: options.certSubject,
+        certificatePath: options.certPath,
+        certificatePassword: options.certPassword,
+        timestampUrl: options.timestampUrl,
+      };
+
+      const result = await signMsixPackage(packagePath, signingConfig);
+
+      if (result) {
+        console.log();
+        console.log(chalk.green("🎉 Package signed successfully!"));
+      } else {
+        console.log();
+        console.log(chalk.yellow("⚠️  Package signing failed"));
+        process.exit(1);
+      }
+    } catch (error) {
+      console.log();
+      console.error(chalk.red(`❌ Error: ${error.message}`));
+      process.exit(1);
+    }
+  });
+
+/**
+ * List certificates command
+ */
+program
+  .command("list-certificates")
+  .alias("certs")
+  .description("List available code signing certificates on this system")
+  .action(async () => {
+    try {
+      // Import certificate functions only when needed
+      const { listCertificates } = require("./index");
+
+      console.log(chalk.blue(`📦 Node-MSIX v${packageJson.version}`));
+      console.log();
+
+      const certificates = await listCertificates();
+
+      if (certificates.length === 0) {
+        console.log(chalk.yellow("⚠️  No code signing certificates found"));
+        console.log();
+        console.log(chalk.blue("💡 To use certificate signing:"));
+        console.log(
+          chalk.blue(
+            "   1. Install a code signing certificate in your certificate store",
+          ),
+        );
+        console.log(
+          chalk.blue("   2. Ensure the certificate has a private key"),
+        );
+        console.log(
+          chalk.blue(
+            '   3. The certificate should have "Code Signing" capability',
+          ),
+        );
+        console.log();
+        return;
+      }
+
+      console.log(
+        chalk.green(
+          `✅ Found ${certificates.length} code signing certificate(s):`,
+        ),
+      );
+      console.log();
+
+      certificates.forEach((cert, index) => {
+        console.log(chalk.white(`${index + 1}. ${cert.subject}`));
+        console.log(chalk.gray(`   Thumbprint: ${cert.thumbprint}`));
+        console.log(chalk.gray(`   Store: ${cert.store}`));
+        console.log(
+          chalk.gray(`   Valid: ${cert.isValid ? "Yes" : "No (Expired)"}`),
+        );
+        console.log(
+          chalk.gray(`   Expires: ${cert.notAfter.toLocaleDateString()}`),
+        );
+        if (index < certificates.length - 1) console.log();
+      });
+
+      console.log();
+      console.log(chalk.blue("💡 To use a certificate for signing:"));
+      console.log(chalk.blue("   --cert-thumbprint <thumbprint>"));
+      console.log(chalk.blue("   or"));
+      console.log(chalk.blue('   --cert-subject "part-of-subject-name"'));
+      console.log();
+    } catch (error) {
+      console.log();
+      console.error(chalk.red(`❌ Error: ${error.message}`));
+      process.exit(1);
+    }
+  });
+
+/**
+ * Init command - creates a configuration file
+ */
+program
+  .command("init [directory]")
+  .description("Initialize a new MSIX configuration file")
+  .option("-f, --force", "Overwrite existing configuration file")
+  .option("--name <name>", "Application name")
+  .option("--publisher <publisher>", 'Publisher name (e.g., "CN=My Company")')
+  .option("--version <version>", "Application version")
+  .option("--description <description>", "Application description")
+  .action(async (directory = process.cwd(), options) => {
+    try {
+      // Import init functions only when needed
+      const { initConfig, CONSTANTS } = require("./index");
+
+      console.log(chalk.blue(`📦 Node-MSIX v${packageJson.version}`));
+      console.log(chalk.blue(`Initializing configuration in: ${directory}`));
+      console.log();
+
+      // Check if config already exists and force flag is not set
+      const configPath = path.join(directory, CONSTANTS.CONFIG_FILENAME);
+      if ((await fs.pathExists(configPath)) && !options.force) {
+        console.log(chalk.yellow("⚠️  Configuration file already exists"));
+        console.log(chalk.blue("Use --force to overwrite"));
+        process.exit(1);
+      }
+
+      const configFile = await initConfig(directory, {
+        appName: options.name,
+        publisher: options.publisher,
+        version: options.version,
+        description: options.description,
+      });
+
+      console.log();
+      console.log(chalk.green("🎉 Configuration initialized!"));
+      console.log(chalk.green(`📁 Config file: ${configFile}`));
+      console.log();
+      console.log(chalk.blue("💡 Next steps:"));
+      console.log(
+        chalk.blue(
+          "   1. Edit the configuration file to customize your package",
+        ),
+      );
+      console.log(chalk.blue("   2. Run: node-msix package"));
+      console.log();
+    } catch (error) {
+      console.log();
+      console.error(chalk.red(`❌ Error: ${error.message}`));
+      process.exit(1);
+    }
+  });
+
+// Show help if no command provided
+if (process.argv.length === 2) {
+  program.help();
+}
+
+// Parse command line arguments
+program.parse();