MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-05-22 18:11:47 -04:00
Code Issues Packages Projects Releases Wiki Activity

generate new codesign-cert if cert value changes #6999

Browse Source 
Signed-off-by: Simon Smith <simonsmith5521@gmail.com>
This commit is contained in:
Simon Smith 2025-05-18 16:24:51 +01:00
parent db282b22f0
commit 0feaec0d6b
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
certoperations.js
View File

@ -1000,6 +1000,7 @@ module.exports.CertificateOperations = function (parent) {
var organization = null; var organization = null;
var forceWebCertGen = 0; var forceWebCertGen = 0;
var forceMpsCertGen = 0; var forceMpsCertGen = 0;
var forceCodeCertGen = 0;
if (certargs != undefined) { if (certargs != undefined) {
var xargs = certargs.split(','); var xargs = certargs.split(',');
if (xargs.length > 0) { commonName = xargs[0]; } if (xargs.length > 0) { commonName = xargs[0]; }
@ -1025,6 +1026,7 @@ module.exports.CertificateOperations = function (parent) {
r.CommonName = obj.getCertificateCommonName(r.web.cert); r.CommonName = obj.getCertificateCommonName(r.web.cert);
r.CommonNames = obj.getCertificateAltNames(r.web.cert); r.CommonNames = obj.getCertificateAltNames(r.web.cert);
r.RootName = obj.getCertificateCommonName(r.root.cert); r.RootName = obj.getCertificateCommonName(r.root.cert);
r.CodeCertName = obj.getCertificateCommonName(r.codesign.cert);
// If the "cert" name is not set, try to use the certificate CN instead (ok if the certificate is not wildcard). // If the "cert" name is not set, try to use the certificate CN instead (ok if the certificate is not wildcard).
if (commonName == 'un-configured') { if (commonName == 'un-configured') {
@ -1085,10 +1087,11 @@ module.exports.CertificateOperations = function (parent) {
// Check if we have correct certificates. // Check if we have correct certificates.
if (obj.compareCertificateNames(r.CommonNames, commonName) == false) { console.log("Error: " + commonName + " does not match name in TLS certificate: " + r.CommonNames.join(', ')); forceWebCertGen = 1; } else { r.CommonName = commonName; } if (obj.compareCertificateNames(r.CommonNames, commonName) == false) { console.log("Error: " + commonName + " does not match name in TLS certificate: " + r.CommonNames.join(', ')); forceWebCertGen = 1; } else { r.CommonName = commonName; }
if (r.AmtMpsName != mpsCommonName) { forceMpsCertGen = 1; } if (r.AmtMpsName != mpsCommonName) { forceMpsCertGen = 1; }
if (args.keepcerts == true) { forceWebCertGen = 0; forceMpsCertGen = 0; r.CommonName = commonName; } if (r.CodeCertName != commonName) { forceCodeCertGen = 1; }
if (args.keepcerts == true) { forceWebCertGen = 0; forceMpsCertGen = 0; forceCodeCertGen = 0; r.CommonName = commonName; }
// If the certificates matches what we want, use them. // If the certificates matches what we want, use them.
if ((forceWebCertGen == 0) && (forceMpsCertGen == 0)) { if ((forceWebCertGen == 0) && (forceMpsCertGen == 0) && (forceCodeCertGen == 0)) {
if (func !== null) { func(r); } if (func !== null) { func(r); }
return r; return r;
} }
@ -1185,7 +1188,7 @@ module.exports.CertificateOperations = function (parent) {
// If the code signing certificate does not exist, create one // If the code signing certificate does not exist, create one
var codesignCertAndKey, codesignCertificate, codesignPrivateKey; var codesignCertAndKey, codesignCertificate, codesignPrivateKey;
if (r.codesign == null) { if ((r.codesign == null) || (forceCodeCertGen === 1)) {
console.log("Generating code signing certificate..."); console.log("Generating code signing certificate...");
codesignCertAndKey = obj.IssueWebServerCertificate(rootCertAndKey, true, commonName, country, organization, { codeSign: true }, strongCertificate); codesignCertAndKey = obj.IssueWebServerCertificate(rootCertAndKey, true, commonName, country, organization, { codeSign: true }, strongCertificate);
codesignCertificate = obj.pki.certificateToPem(codesignCertAndKey.cert); codesignCertificate = obj.pki.certificateToPem(codesignCertAndKey.cert);