From 43bbabc00c08279e2ce66011f8b632c6a0312d84 Mon Sep 17 00:00:00 2001
From: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Date: Wed, 1 Jun 2022 16:29:18 -0700
Subject: [PATCH] Added workaround if MeshCentral can't sign the agents, #4069

---
 authenticode.js |  5 ++++-
 meshcentral.js  | 15 ++++++++++-----
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/authenticode.js b/authenticode.js
index 15031b29..ff3d5777 100644
--- a/authenticode.js
+++ b/authenticode.js
@@ -505,7 +505,9 @@ function createAuthenticodeHandler(path) {
         //console.log('Signature', Buffer.from(p7signature, 'binary').toString('base64'));
 
         // Open the output file
-        var output = fs.openSync(args.out, 'w');
+        var output = null;
+        try { output = fs.openSync(args.out, 'w'); } catch (ex) { }
+        if (output == null) return false;
         var tmp, written = 0;
         var executableSize = obj.header.sigpos ? obj.header.sigpos : this.filesize;
 
@@ -544,6 +546,7 @@ function createAuthenticodeHandler(path) {
 
         // Close the file
         fs.closeSync(output);
+        return true;
     }
 
     // Save an executable without the signature
diff --git a/meshcentral.js b/meshcentral.js
index 15e06d97..eca704a8 100644
--- a/meshcentral.js
+++ b/meshcentral.js
@@ -2918,13 +2918,18 @@ function CreateMeshCentralServer(config, args) {
                     if (destinationAgentOk == false) {
                         // If not signed correctly, sign it. First, create the server signed agent folder if needed
                         try { obj.fs.mkdirSync(serverSignedAgentsPath); } catch (ex) { }
-                        console.log(obj.common.format('Code signing agent {0}...', obj.meshAgentsArchitectureNumbers[archid].localname));
-                        originalAgent.sign(agentSignCertInfo, { out: signeedagentpath, desc: signDesc, url: signUrl });
+                        if (originalAgent.sign(agentSignCertInfo, { out: signeedagentpath, desc: signDesc, url: signUrl }) == true) {
+                            // Agent was signed succesfuly
+                            agentpath = signeedagentpath;
+                            console.log(obj.common.format('Code signed agent {0}.', obj.meshAgentsArchitectureNumbers[archid].localname));
+                        } else {
+                            console.log(obj.common.format('Failed to sign agent {0}.', obj.meshAgentsArchitectureNumbers[archid].localname));
+                        }
+                    } else {
+                        // Signed agent is already ok, use it.
+                        agentpath = signeedagentpath;
                     }
                     originalAgent.close();
-
-                    // Update agent path to signed agent
-                    agentpath = signeedagentpath;
                 }
             }