Added support for custom agent code signing cert and code signing fixes.

2025-02-12 11:01:52 +00:00 · 2022-05-28 22:59:21 -07:00 · 2022-05-28 22:59:21 -07:00 · 3e44d64c19
commit 3e44d64c19
parent 205441bdd4
2 changed files with 10 additions and 7 deletions
--- a/authenticode.js
+++ b/authenticode.js
@ -51,8 +51,8 @@ function createOutFile(args, filename) {
 }

 // Load certificates and private key from PEM files
-function loadCertificates(args) {
-    var certs = [], keys = [], pemFileNames = args.pem;
+function loadCertificates(pemFileNames) {
+    var certs = [], keys = [];
    if (pemFileNames == null) return;
    if (typeof pemFileNames == 'string') { pemFileNames = [pemFileNames]; }
    for (var i in pemFileNames) {
@ -421,7 +421,7 @@ function start() {
    if (command == 'sign') { // Sign an executable
        if (typeof args.exe != 'string') { console.log("Missing --exe [filename]"); return; }
        createOutFile(args, args.exe);
-        const cert = loadCertificates(args);
+        const cert = loadCertificates(args.pem);
        if (cert == null) { console.log("Unable to load certificate and/or private key, generating test certificate."); }
        console.log("Signing to " + args.out); exe.sign(cert, args); console.log("Done.");
    }
@ -449,4 +449,5 @@ function start() {
 if (require.main === module) { start(); }

 // Exports
-module.exports.createAuthenticodeHandler = createAuthenticodeHandler;
+module.exports.createAuthenticodeHandler = createAuthenticodeHandler;
+module.exports.loadCertificates = loadCertificates;
--- a/meshcentral.js
+++ b/meshcentral.js
@ -2847,9 +2847,11 @@ function CreateMeshCentralServer(config, args) {
        var objx = domain, suffix = '';
        if (domain.id == '') { objx = obj; } else { suffix = '-' + domain.id; objx.meshAgentBinaries = {}; }

-        // Get agent code signature certificate ready with the full cert chain
-        var agentSignCertInfo = null;
-        if (obj.certificates.codesign) {
+        // Check if a custom agent signing certificate is available
+        var agentSignCertInfo = require('./authenticode.js').loadCertificates([ obj.path.join(obj.datapath, 'agentsigningcert.pem') ]);
+
+        // If not using a custom signing cert, get agent code signature certificate ready with the full cert chain
+        if ((agentSignCertInfo == null) && (obj.certificates.codesign != null)) {
            agentSignCertInfo = {
                cert: obj.certificateOperations.forge.pki.certificateFromPem(obj.certificates.codesign.cert),
                key: obj.certificateOperations.forge.pki.privateKeyFromPem(obj.certificates.codesign.key),