external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-02-12 11:01:52 +00:00
Code Issues Releases Wiki Activity

Added support for custom agent code signing cert and code signing fixes.

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2022-05-28 22:59:21 -07:00
parent 205441bdd4
commit 3e44d64c19
2 changed files with 10 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
authenticode.js
View file

@ -51,8 +51,8 @@ function createOutFile(args, filename) {
} }
// Load certificates and private key from PEM files // Load certificates and private key from PEM files
function loadCertificates(args) { function loadCertificates(pemFileNames) {
var certs = [], keys = [], pemFileNames = args.pem; var certs = [], keys = [];
if (pemFileNames == null) return; if (pemFileNames == null) return;
if (typeof pemFileNames == 'string') { pemFileNames = [pemFileNames]; } if (typeof pemFileNames == 'string') { pemFileNames = [pemFileNames]; }
for (var i in pemFileNames) { for (var i in pemFileNames) {
@ -421,7 +421,7 @@ function start() {
if (command == 'sign') { // Sign an executable if (command == 'sign') { // Sign an executable
if (typeof args.exe != 'string') { console.log("Missing --exe [filename]"); return; } if (typeof args.exe != 'string') { console.log("Missing --exe [filename]"); return; }
createOutFile(args, args.exe); createOutFile(args, args.exe);
const cert = loadCertificates(args); const cert = loadCertificates(args.pem);
if (cert == null) { console.log("Unable to load certificate and/or private key, generating test certificate."); } if (cert == null) { console.log("Unable to load certificate and/or private key, generating test certificate."); }
console.log("Signing to " + args.out); exe.sign(cert, args); console.log("Done."); console.log("Signing to " + args.out); exe.sign(cert, args); console.log("Done.");
} }
@ -450,3 +450,4 @@ if (require.main === module) { start(); }
// Exports // Exports
module.exports.createAuthenticodeHandler = createAuthenticodeHandler; module.exports.createAuthenticodeHandler = createAuthenticodeHandler;
module.exports.loadCertificates = loadCertificates;

8
meshcentral.js
View file

@ -2847,9 +2847,11 @@ function CreateMeshCentralServer(config, args) {
var objx = domain, suffix = ''; var objx = domain, suffix = '';
if (domain.id == '') { objx = obj; } else { suffix = '-' + domain.id; objx.meshAgentBinaries = {}; } if (domain.id == '') { objx = obj; } else { suffix = '-' + domain.id; objx.meshAgentBinaries = {}; }
// Get agent code signature certificate ready with the full cert chain // Check if a custom agent signing certificate is available
var agentSignCertInfo = null; var agentSignCertInfo = require('./authenticode.js').loadCertificates([ obj.path.join(obj.datapath, 'agentsigningcert.pem') ]);
if (obj.certificates.codesign) {
// If not using a custom signing cert, get agent code signature certificate ready with the full cert chain
if ((agentSignCertInfo == null) && (obj.certificates.codesign != null)) {
agentSignCertInfo = { agentSignCertInfo = {
cert: obj.certificateOperations.forge.pki.certificateFromPem(obj.certificates.codesign.cert), cert: obj.certificateOperations.forge.pki.certificateFromPem(obj.certificates.codesign.cert),
key: obj.certificateOperations.forge.pki.privateKeyFromPem(obj.certificates.codesign.key), key: obj.certificateOperations.forge.pki.privateKeyFromPem(obj.certificates.codesign.key),