From 3e44d64c19ecf5e0fec9803e61113033fd1b4c93 Mon Sep 17 00:00:00 2001
From: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Date: Sat, 28 May 2022 22:59:21 -0700
Subject: [PATCH] Added support for custom agent code signing cert and code
 signing fixes.

---
 authenticode.js | 9 +++++----
 meshcentral.js  | 8 +++++---
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/authenticode.js b/authenticode.js
index f3d264ab..22e2266c 100644
--- a/authenticode.js
+++ b/authenticode.js
@@ -51,8 +51,8 @@ function createOutFile(args, filename) {
 }
 
 // Load certificates and private key from PEM files
-function loadCertificates(args) {
-    var certs = [], keys = [], pemFileNames = args.pem;
+function loadCertificates(pemFileNames) {
+    var certs = [], keys = [];
     if (pemFileNames == null) return;
     if (typeof pemFileNames == 'string') { pemFileNames = [pemFileNames]; }
     for (var i in pemFileNames) {
@@ -421,7 +421,7 @@ function start() {
     if (command == 'sign') { // Sign an executable
         if (typeof args.exe != 'string') { console.log("Missing --exe [filename]"); return; }
         createOutFile(args, args.exe);
-        const cert = loadCertificates(args);
+        const cert = loadCertificates(args.pem);
         if (cert == null) { console.log("Unable to load certificate and/or private key, generating test certificate."); }
         console.log("Signing to " + args.out); exe.sign(cert, args); console.log("Done.");
     }
@@ -449,4 +449,5 @@ function start() {
 if (require.main === module) { start(); }
 
 // Exports
-module.exports.createAuthenticodeHandler = createAuthenticodeHandler;
\ No newline at end of file
+module.exports.createAuthenticodeHandler = createAuthenticodeHandler;
+module.exports.loadCertificates = loadCertificates;
\ No newline at end of file
diff --git a/meshcentral.js b/meshcentral.js
index aea1717c..ba82bb93 100644
--- a/meshcentral.js
+++ b/meshcentral.js
@@ -2847,9 +2847,11 @@ function CreateMeshCentralServer(config, args) {
         var objx = domain, suffix = '';
         if (domain.id == '') { objx = obj; } else { suffix = '-' + domain.id; objx.meshAgentBinaries = {}; }
 
-        // Get agent code signature certificate ready with the full cert chain
-        var agentSignCertInfo = null;
-        if (obj.certificates.codesign) {
+        // Check if a custom agent signing certificate is available
+        var agentSignCertInfo = require('./authenticode.js').loadCertificates([ obj.path.join(obj.datapath, 'agentsigningcert.pem') ]);
+
+        // If not using a custom signing cert, get agent code signature certificate ready with the full cert chain
+        if ((agentSignCertInfo == null) && (obj.certificates.codesign != null)) {
             agentSignCertInfo = {
                 cert: obj.certificateOperations.forge.pki.certificateFromPem(obj.certificates.codesign.cert),
                 key: obj.certificateOperations.forge.pki.privateKeyFromPem(obj.certificates.codesign.key),