Codesign on Windows (#20)

Co-authored-by: U-DESKTOP-QVUEOL6\tanin <@tanin>

Author: tanin47

build.gradle.kts

@@ -256,12 +256,12 @@ tasks.register("copyJar", Copy::class) {
     from(tasks.jar).into(layout.buildDirectory.dir("jmods"))
 }
 
-private fun runCmd(vararg args: String): String {
+private fun runCmd(currentDir: File, vararg args: String): String {
     println("Executing command: ${args.joinToString(" ")}")
 
     val output = StringBuilder()
     val process = ProcessBuilder(*args)
-        .directory(layout.projectDirectory.asFile)
+        .directory(currentDir)
         .start()
 
     // Print stdout
@@ -286,49 +286,72 @@ private fun runCmd(vararg args: String): String {
     return output.toString()
 }
 
+private fun runCmd(vararg args: String): String {
+    return runCmd(layout.projectDirectory.asFile, *args)
+}
+
 private fun codesign(file: File, useRuntimeEntitlement: Boolean = false) {
-    runCmd(
-        "codesign",
-        "-vvvv",
-        "--options",
-        "runtime",
-        "--entitlements",
-        if (useRuntimeEntitlement) {
-            "runtime-entitlements.plist"
-        } else {
-            "entitlements.plist"
-        },
-        "--timestamp",
-        "--force",
-        "--sign",
-        macDeveloperApplicationCertName,
-        file.absolutePath,
-    )
+    if (currentOS == OS.MAC) {
+        runCmd(
+            "codesign",
+            "-vvvv",
+            "--options",
+            "runtime",
+            "--entitlements",
+            if (useRuntimeEntitlement) {
+                "runtime-entitlements.plist"
+            } else {
+                "entitlements.plist"
+            },
+            "--timestamp",
+            "--force",
+            "--sign",
+            macDeveloperApplicationCertName,
+            file.absolutePath,
+        )
+    }
 }
 
 private fun isCodesignable(file: File): Boolean {
-    val excludedExtensions = setOf("so", "a", "xml")
-    return file.extension == "dylib" ||
-            file.extension == "jnilib" ||
-            (!excludedExtensions.contains(file.extension) && file.toPath().isExecutable())
+    if (currentOS == OS.MAC) {
+        val excludedExtensions = setOf("so", "a", "xml")
+        return file.extension == "dylib" ||
+                file.extension == "jnilib" ||
+                (!excludedExtensions.contains(file.extension) && file.toPath().isExecutable())
+    } else if (currentOS == OS.WINDOWS) {
+        return file.extension == "dll"
+    } else {
+        throw Exception("Unsupported OS: $currentOS")
+    }
+}
+
+private fun isValidLibFile(file: File): Boolean {
+   if (currentOS == OS.MAC) {
+       return !(
+         file.absolutePath.contains("darwin-x86-64") || // for libjnidispatch.jnilib
+         file.absolutePath.contains("x86_64") // for liblz4-java.dylib
+       )
+   } else if (currentOS == OS.WINDOWS) {
+       return !(
+           file.absolutePath.endsWith("win32-aarch64\\jnidispatch.dll") ||
+           file.absolutePath.endsWith("win32-x86\\jnidispatch.dll")
+       )
+   } else {
+       throw Exception("Unsupported OS: $currentOS")
+   }
 }
 
 private fun codesignInJar(jarFile: File, nativeLibPath: File) {
-    val tmpDir = createTempDirectory("MacosCodesignLibsInJarsTask").toFile()
+    val tmpDir = createTempDirectory("codesignLibsInJarsTask").toFile()
     runCmd("unzip", "-q", jarFile.absolutePath, "-d", tmpDir.absolutePath)
 
     tmpDir.walk()
         .filter { it.isFile && isCodesignable(it) }
         .forEach { libFile ->
-            println("")
-            codesign(libFile)
-
-            if (
-                libFile.absolutePath.contains("darwin-x86-64") || // for libjnidispatch.jnilib
-                libFile.absolutePath.contains("x86_64") // for liblz4-java.dylib
-            ) {
-                // Skip the jna's x86-64 lib
-            } else {
+
+            if (isValidLibFile(libFile)) {
+                println("")
+                codesign(libFile)
                 runCmd("cp", libFile.absolutePath, nativeLibPath.absolutePath)
             }
 
@@ -344,7 +367,7 @@ private fun codesignInJar(jarFile: File, nativeLibPath: File) {
     tmpDir.deleteRecursively()
 }
 
-tasks.register("macosCodesignLibsInJars") {
+tasks.register("codesignLibsInJars") {
     dependsOn("copyDependencies", "copyJar")
     inputs.files(tasks.named("copyJar").get().outputs.files)
 
@@ -383,6 +406,7 @@ private fun removeQuarantine(file: File) {
 }
 
 tasks.register("macosCodesignProvisionprofile") {
+    onlyIf { currentOS == OS.MAC }
     doLast {
         removeQuarantine(provisionprofileDir.file("embedded.provisionprofile").asFile)
         codesign(provisionprofileDir.file("embedded.provisionprofile").asFile)
@@ -393,7 +417,7 @@ tasks.register("macosCodesignProvisionprofile") {
 }
 
 tasks.register<Exec>("jlink") {
-    dependsOn("assemble", "macosCodesignLibsInJars", "macosCodesignProvisionprofile")
+    dependsOn("assemble", "codesignLibsInJars", "macosCodesignProvisionprofile")
     val jlinkBin = Paths.get(System.getProperty("java.home"), "bin", "jlink")
 
     inputs.files(tasks.named("copyJar").get().outputs.files)
@@ -412,6 +436,7 @@ tasks.register<Exec>("jlink") {
 }
 
 tasks.register("prepareInfoPlist") {
+    onlyIf { currentOS == OS.MAC }
     doLast {
         val template = layout.projectDirectory.file("mac-resources/Info.plist.template").asFile.readText()
         val content = template
@@ -435,45 +460,78 @@ tasks.register("bareJpackage") {
     inputs.files(runtimeImage, modulePath)
 
     val outputDir = layout.buildDirectory.dir("bare-jpackage")
-    val outputFile = outputDir.get().asFile.resolve("${appName}-$version.dmg")
+    val outputFile = if (currentOS == OS.MAC) {
+        outputDir.get().asFile.resolve("${appName}-$version.dmg")
+    } else if (currentOS == OS.WINDOWS) {
+        outputDir.get().asFile.resolve("${appName}-$version.msi")
+    } else {
+        throw Exception("Unsupported OS: $currentOS")
+    }
 
     outputs.file(outputFile)
     outputDir.get().asFile.deleteRecursively()
 
-    // -XstartOnFirstThread is required for MacOS
-    val maybeStartOnFirstThread = if (currentOS == OS.MAC) {
-        "-XstartOnFirstThread"
-    } else {
-        ""
-    }
-
     doLast {
-        runCmd(
-            jpackageBin.absolutePathString(),
+        // -XstartOnFirstThread is required for MacOS
+        val maybeStartOnFirstThread = if (currentOS == OS.MAC) {
+            "-XstartOnFirstThread"
+        } else {
+            ""
+        }
+
+        val javaOptionsArg = listOf(
+            "--java-options",
+            // -Djava.library.path=$APPDIR/resources is needed because we put the needed dylibs, jnilibs, and dlls there.
+            "$maybeStartOnFirstThread -Djava.electron.packaged=true -Djava.library.path=\$APPDIR/resources --add-exports java.base/sun.security.x509=ALL-UNNAMED --add-exports java.base/sun.security.tools.keytool=ALL-UNNAMED"
+        )
+
+        val baseArgs = listOf(
             "--name", appName,
             "--app-version", version.toString(),
             "--main-jar", modulePath.resolve("${project.name}-$version.jar").absolutePath,
             "--main-class", mainClassName,
             "--runtime-image", runtimeImage.absolutePath,
             "--input", modulePath.absolutePath,
             "--dest", outputDir.get().asFile.absolutePath,
-            "--mac-package-identifier", packageIdentifier,
-            "--mac-package-name", appName,
-            "--mac-sign",
-            "--mac-app-store",
-            "--mac-signing-key-user-name", macDeveloperApplicationCertName,
-            "--mac-entitlements", "entitlements.plist",
-            "--resource-dir", layout.projectDirectory.dir("mac-resources").asFile.absolutePath,
-            "--app-content", provisionprofileDir.file("embedded.provisionprofile").asFile.absolutePath,
             "--app-content", layout.buildDirectory.file("resources-native").get().asFile.resolve("app").absolutePath,
-            "--java-options",
-            // -Djava.library.path=$APPDIR/resources is needed because we put all dylibs there.
-            "$maybeStartOnFirstThread -Djava.library.path=\$APPDIR/resources --add-exports java.base/sun.security.x509=ALL-UNNAMED --add-exports java.base/sun.security.tools.keytool=ALL-UNNAMED"
+        ) + javaOptionsArg
+
+        val platformSpecificArgs = if (currentOS == OS.MAC) {
+            listOf(
+                "--mac-package-identifier",
+                packageIdentifier,
+                "--mac-package-name",
+                appName,
+                "--mac-sign",
+                "--mac-app-store",
+                "--mac-signing-key-user-name",
+                macDeveloperApplicationCertName,
+                "--mac-entitlements",
+                "entitlements.plist",
+                "--resource-dir",
+                layout.projectDirectory.dir("mac-resources").asFile.absolutePath,
+                "--app-content",
+                provisionprofileDir.file("embedded.provisionprofile").asFile.absolutePath,
+            )
+        } else if (currentOS == OS.WINDOWS) {
+            listOf(
+                "--type", "msi",
+                "--win-menu",
+                "--win-shortcut"
+            )
+        } else {
+            throw Exception("Unsupported OS: $currentOS")
+        }
+
+        runCmd(
+            *((listOf(jpackageBin.absolutePathString())
+                    + baseArgs + platformSpecificArgs).toTypedArray())
         )
     }
 }
 
-tasks.register("jpackage") {
+tasks.register("jpackageForMac") {
+    onlyIf { currentOS == OS.MAC }
     dependsOn("bareJpackage")
 
     inputs.file(tasks.named("bareJpackage").get().outputs.files.singleFile)
@@ -533,10 +591,43 @@ tasks.register("jpackage") {
     }
 }
 
+
+tasks.register("jpackageForWindows") {
+    onlyIf { currentOS == OS.WINDOWS }
+    dependsOn("bareJpackage")
+
+    inputs.file(tasks.named("bareJpackage").get().outputs.files.singleFile)
+
+    val outputAppDir = layout.buildDirectory.dir("msi").get().asFile
+
+    outputs.dir(outputAppDir)
+
+    doLast {
+        outputAppDir.deleteRecursively()
+        outputAppDir.mkdirs()
+
+        runCmd(
+            File("c:\\Users\\tanin\\projects\\CodeSignTool-v1.3.2-windows"),
+            "CodeSignTool.bat",
+            "sign",
+            "-input_file_path=${inputs.files.singleFile.absolutePath}",
+            "-output_dir_path=${outputAppDir.absolutePath}",
+            "-program_name=JavaElectron",
+            "-username=${System.getenv("SSL_COM_USERNAME")}",
+            "-password=${System.getenv("SSL_COM_PASSWORD")}",
+            "-totp_secret=${System.getenv("SSL_COM_TOTP_SECRET")}"
+        )
+    }
+}
+
+tasks.register("jpackage") {
+    dependsOn("bareJpackage", "jpackageForMac", "jpackageForWindows")
+}
+
 tasks.register<Exec>("notarize") {
-    dependsOn("jpackage")
+    dependsOn("jpackageForMac")
 
-    inputs.file(tasks.named("jpackage").get().outputs.files.filter { it.extension == "dmg" }.first())
+    inputs.file(tasks.named("jpackageForMac").get().outputs.files.filter { it.extension == "dmg" }.first())
 
     commandLine(
         "/usr/bin/xcrun",
@@ -554,7 +645,7 @@ tasks.register<Exec>("notarize") {
 tasks.register<Exec>("staple") {
     dependsOn("notarize")
 
-    inputs.file(tasks.named("jpackage").get().outputs.files.filter { it.extension == "dmg" }.first())
+    inputs.file(tasks.named("jpackageForMac").get().outputs.files.filter { it.extension == "dmg" }.first())
 
     commandLine(
         "/usr/bin/xcrun",
@@ -566,8 +657,8 @@ tasks.register<Exec>("staple") {
 }
 
 tasks.register<Exec>("convertToPkg") {
-    dependsOn("jpackage")
-    val app = tasks.named("jpackage").get().outputs.files.filter { it.extension == "app" }.first()
+    dependsOn("jpackageForMac")
+    val app = tasks.named("jpackageForMac").get().outputs.files.filter { it.extension == "app" }.first()
     inputs.dir(app)
     outputs.file(layout.buildDirectory.dir("pkg").get().file("Backdoor.pkg"))
     commandLine(

src/main/java/tanin/javaelectron/Browser.java

@@ -17,19 +17,13 @@
 import static tanin.javaelectron.nativeinterface.WebviewNative.N;
 
 public class Browser {
-  public static interface OnFileSelected {
-    void invoke(String path);
-  }
-
   private static final Logger logger = Logger.getLogger(Browser.class.getName());
 
   String url;
   boolean isDebug;
   private long pointer;
   SelfSignedCertificate cert;
 
-  private static final String OS_NAME = System.getProperty("os.name").toLowerCase();
-
   private MacOsApi.OnFileSelected onFileSelected = null;
 
   public Browser(String url, boolean isDebug) {
@@ -78,6 +72,10 @@ private void terminate() {
     }
   }
 
+  public static interface OnFileSelected {
+    void invoke(String path);
+  }
+
   void openFileDialog(boolean isSaved, OnFileSelected fileSelected) {
     if (Base.CURRENT_OS == Base.OperatingSystem.WINDOWS) {
       var thread = new Thread(() -> {
@@ -114,7 +112,7 @@ void openFileDialog(boolean isSaved, OnFileSelected fileSelected) {
           MacOsApi.N.openFile(onFileSelected);
         }
     } else {
-      throw new RuntimeException("Unsupported OS: " + OS_NAME);
+      throw new RuntimeException("Unsupported OS: " + Base.CURRENT_OS);
     }
   }
 }

src/main/java/tanin/javaelectron/Main.java

@@ -35,7 +35,6 @@ public static void main(String[] args) throws Exception {
     main.start();
 
     var port = main.minum.getSslServer().getPort();
-//    var port = main.minum.getServer().getPort();
 
     var browser = new Browser(
       "https://localhost:" + port + "?authKey=" + authKey,

src/main/java/tanin/javaelectron/nativeinterface/Base.java

@@ -24,10 +24,10 @@ private static OperatingSystem determineOS() {
   public static final File nativeDir;
 
   static {
-    boolean sandboxed = System.getenv("APP_SANDBOX_CONTAINER_ID") != null;
+    boolean packaged = System.getProperty("java.electron.packaged") != null;
 
     try {
-      if (sandboxed) {
+      if (packaged) {
         nativeDir = new File(System.getProperty("java.library.path"));
       } else {
         nativeDir = new File("src/main/resources/native");
@@ -38,8 +38,8 @@ private static OperatingSystem determineOS() {
       System.setProperty("jna.library.path", nativeDir.getAbsolutePath());
       System.setProperty("java.library.path", nativeDir.getAbsolutePath());
 
-      if (sandboxed) {
-        logger.info("Run in sandbox.");
+      if (packaged) {
+        logger.info("Run in a packaged environment.");
         System.setProperty("jna.nounpack", "true");
         System.setProperty("jna.noclasspath", "true");
         System.setProperty("jna.boot.library.path", nativeDir.getAbsolutePath());