From fa13239d468ad081461cc978a0e3206e68e9b55c Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Sat, 18 Jun 2022 21:47:44 -0700 Subject: [PATCH] Minor code signing improvements and clean up. --- authenticode.js | 2 +- meshcentral.js | 31 +++++++++++++++---------------- views/default.handlebars | 5 +++-- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/authenticode.js b/authenticode.js index 0827f8cf..daabd441 100644 --- a/authenticode.js +++ b/authenticode.js @@ -1240,7 +1240,7 @@ function createAuthenticodeHandler(path) { if ((typeof args.desc == 'string') || (typeof args.url == 'string')) { var codeSigningAttributes = { 'tagClass': 0, 'type': 16, 'constructed': true, 'composed': true, 'value': [] }; if (args.desc != null) { // Encode description as big-endian unicode. - var desc = "", ucs = Buffer.from(args.desc, 'ucs2').toString() + var desc = '', ucs = Buffer.from(args.desc, 'ucs2').toString() for (var k = 0; k < ucs.length; k += 2) { desc += String.fromCharCode(ucs.charCodeAt(k + 1), ucs.charCodeAt(k)); } codeSigningAttributes.value.push({ 'tagClass': 128, 'type': 0, 'constructed': true, 'composed': true, 'value': [{ 'tagClass': 128, 'type': 0, 'constructed': false, 'composed': false, 'value': desc }] }); } diff --git a/meshcentral.js b/meshcentral.js index 8b27643e..cd3364f2 100644 --- a/meshcentral.js +++ b/meshcentral.js @@ -2867,22 +2867,19 @@ function CreateMeshCentralServer(config, args) { if (domain.id == '') { objx = obj; } else { suffix = '-' + domain.id; objx.meshAgentBinaries = {}; } // Generate the agent signature description and URL - var serverSignedAgentsPath, signDesc, signUrl; - if (agentSignCertInfo != null) { - serverSignedAgentsPath = obj.path.join(obj.datapath, 'signedagents' + suffix); - signDesc = (domain.title ? domain.title : agentSignCertInfo.cert.subject.hash); - var httpsPort = ((obj.args.aliasport == null) ? obj.args.port : obj.args.aliasport); // Use HTTPS alias port is specified - var httpsHost = ((domain.dns != null) ? domain.dns : obj.certificates.CommonName); - if (obj.args.agentaliasdns != null) { httpsHost = obj.args.agentaliasdns; } - signUrl = 'https://' + httpsHost; - if (httpsPort != 443) { signUrl += ':' + httpsPort; } - var xdomain = (domain.dns == null) ? domain.id : ''; - if (xdomain != '') xdomain += '/'; - signUrl += '/' + xdomain; + const serverSignedAgentsPath = obj.path.join(obj.datapath, 'signedagents' + suffix); + const signDesc = (domain.title ? domain.title : agentSignCertInfo.cert.subject.hash); + const httpsPort = ((obj.args.aliasport == null) ? obj.args.port : obj.args.aliasport); // Use HTTPS alias port is specified + var httpsHost = ((domain.dns != null) ? domain.dns : obj.certificates.CommonName); + if (obj.args.agentaliasdns != null) { httpsHost = obj.args.agentaliasdns; } + var signUrl = 'https://' + httpsHost; + if (httpsPort != 443) { signUrl += ':' + httpsPort; } + var xdomain = (domain.dns == null) ? domain.id : ''; + if (xdomain != '') xdomain += '/'; + signUrl += '/' + xdomain; - // If requested, lock the agent to this server - if (obj.config.settings.agentsignlock) { signUrl += '?ServerID=' + obj.certificateOperations.getPublicKeyHash(obj.certificates.agent.cert).toUpperCase(); } - } + // If requested, lock the agent to this server + if (obj.config.settings.agentsignlock) { signUrl += '?ServerID=' + obj.certificateOperations.getPublicKeyHash(obj.certificates.agent.cert).toUpperCase(); } // Setup the time server var timeStampUrl = 'http://timestamp.comodoca.com/authenticode'; @@ -2930,7 +2927,8 @@ function CreateMeshCentralServer(config, args) { // Agent was signed succesfuly console.log(obj.common.format('Code signed agent {0}.', agentSignedFunc.objx.meshAgentsArchitectureNumbers[agentSignedFunc.archid].localname)); } else { - console.log(obj.common.format('Failed to sign agent {0}: ' + err, agentSignedFunc.objx.meshAgentsArchitectureNumbers[agentSignedFunc.archid].localname)); + // Failed to sign agent + addServerWarning('Failed to sign agent \"' + agentSignedFunc.objx.meshAgentsArchitectureNumbers[agentSignedFunc.archid].localname + '\": ' + err, 22, [ agentSignedFunc.objx.meshAgentsArchitectureNumbers[agentSignedFunc.archid].localname, err ]); } if (--pendingOperations === 0) { agentSignedFunc.func(); } } @@ -2939,6 +2937,7 @@ function CreateMeshCentralServer(config, args) { xagentSignedFunc.objx = objx; xagentSignedFunc.archid = archid; xagentSignedFunc.signeedagentpath = signeedagentpath; + obj.debug('main', "Code signing agent with arguments: " + JSON.stringify({ out: signeedagentpath, desc: signDesc, url: signUrl, time: timeStampUrl })); originalAgent.sign(agentSignCertInfo, { out: signeedagentpath, desc: signDesc, url: signUrl, time: timeStampUrl }, xagentSignedFunc); } else { // Signed agent is already ok, use it. diff --git a/views/default.handlebars b/views/default.handlebars index b5000e5a..2c762fde 100644 --- a/views/default.handlebars +++ b/views/default.handlebars @@ -2316,7 +2316,8 @@ 18: "SMTP server has limited use in LAN mode.", 19: "SMS gateway has limited use in LAN mode.", 20: "Invalid \"LoginCookieEncryptionKey\" in config.json.", - 21: "Backup path can't be set within meshcentral-data folder, backup settings ignored." + 21: "Backup path can't be set within meshcentral-data folder, backup settings ignored.", + 22: "Failed to sign agent {0}: {1}" }; var x = ''; for (var i in message.warnings) { @@ -2325,7 +2326,7 @@ x += '
' + "WARNING: " + y + '
'; } else { var z = ServerWarnings[y.id]; - if (z == null) { z = y.msg; } else { z = format(z, y.args); } + if (z == null) { z = y.msg; } else { z = format(z, ...y.args); } x += '
' + "WARNING: " + z + '
'; } }