fix: moving cscInfo logic into signtoolManager to distinguish the log…

…ic between custom sign, csc info, and azure signing

- logs error if signing cscInfo cannot be identified during signtool execution. Return false for quick exit with logging

.changeset/tiny-knives-behave.md

@@ -0,0 +1,5 @@
+---
+"app-builder-lib": patch
+---
+
+fix: moving cscInfo logic into signtoolManager to distinguish the logic between custom sign, csc info, and azure signing

packages/app-builder-lib/src/codeSign/windowsSignToolManager.ts

@@ -174,11 +174,36 @@ export class WindowsSignToolManager {
       hashes = Array.isArray(hashes) ? hashes : [hashes]
     }
 
-    const cscInfo = await this.cscInfo.value
     const name = this.packager.appInfo.productName
     const site = await this.packager.appInfo.computePackageUrl()
 
     const customSign = await resolveFunction(this.packager.appInfo.type, chooseNotNull(options.options.signtoolOptions?.sign, options.options.sign), "sign")
+
+    const cscInfo = await this.cscInfo.value
+    if (cscInfo) {
+      let logInfo: any = {
+        file: log.filePath(options.path),
+      }
+      if ("file" in cscInfo) {
+        logInfo = {
+          ...logInfo,
+          certificateFile: cscInfo.file,
+        }
+      } else {
+        logInfo = {
+          ...logInfo,
+          subject: cscInfo.subject,
+          thumbprint: cscInfo.thumbprint,
+          store: cscInfo.store,
+          user: cscInfo.isLocalMachineStore ? "local machine" : "current user",
+        }
+      }
+      log.info(logInfo, "signing")
+    } else if (!customSign) {
+      log.error({ signHook: customSign, cscInfo }, "no signing info identified, signing is skipped")
+      return false
+    }
+
     const executor = customSign || ((config: CustomWindowsSignTaskConfiguration, packager: WinPackager) => this.doSign(config, packager))
     let isNest = false
     for (const hash of hashes) {

packages/app-builder-lib/src/targets/nsis/NsisTarget.ts

@@ -403,7 +403,7 @@ export class NsisTarget extends Target {
     } else {
       await execWine(installerPath, null, [], { env: { __COMPAT_LAYER: "RunAsInvoker" } })
     }
-    await packager.sign(uninstallerPath, "signing NSIS uninstaller")
+    await packager.sign(uninstallerPath)
 
     delete defines.BUILD_UNINSTALLER
     // platform-specific path, not wine

packages/app-builder-lib/src/winPackager.ts

@@ -122,56 +122,19 @@ export class WinPackager extends PlatformPackager<WindowsConfiguration> {
     )
   }
 
-  async sign(file: string, logMessagePrefix?: string): Promise<boolean> {
+  async sign(file: string): Promise<boolean> {
     const signOptions: WindowsSignOptions = {
       path: file,
       options: this.platformSpecificBuildOptions,
     }
 
-    const cscInfo = await (await this.signtoolManager.value).cscInfo.value
-    if (cscInfo == null) {
-      if (chooseNotNull(this.platformSpecificBuildOptions.signtoolOptions?.sign, this.platformSpecificBuildOptions.sign) != null) {
-        return signWindows(signOptions, this)
-      } else if (this.forceCodeSigning) {
-        throw new InvalidConfigurationError(
-          `App is not signed and "forceCodeSigning" is set to true, please ensure that code signing configuration is correct, please see https://electron.build/code-signing`
-        )
-      }
-      return false
-    }
-
-    if (logMessagePrefix == null) {
-      logMessagePrefix = "signing"
-    }
-
-    if ("file" in cscInfo) {
-      log.info(
-        {
-          file: log.filePath(file),
-          certificateFile: cscInfo.file,
-        },
-        logMessagePrefix
-      )
-    } else {
-      const info = cscInfo
-      log.info(
-        {
-          file: log.filePath(file),
-          subject: info.subject,
-          thumbprint: info.thumbprint,
-          store: info.store,
-          user: info.isLocalMachineStore ? "local machine" : "current user",
-        },
-        logMessagePrefix
+    const didSignSuccessfully = await this.doSign(signOptions)
+    if (!didSignSuccessfully && this.forceCodeSigning) {
+      throw new InvalidConfigurationError(
+        `App is not signed and "forceCodeSigning" is set to true, please ensure that code signing configuration is correct, please see https://electron.build/code-signing`
       )
     }
-
-    return this.doSign({
-      ...signOptions,
-      options: {
-        ...this.platformSpecificBuildOptions,
-      },
-    })
+    return didSignSuccessfully
   }
 
   private async doSign(options: WindowsSignOptions) {