mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-25 22:55:52 -05:00
MeshCentral now generates a code-signing certificate.
This commit is contained in:
parent
1188f0711f
commit
504941d1e4
@ -714,6 +714,10 @@ module.exports.CertificateOperations = function (parent) {
|
||||
extensions.push({ name: 'subjectAltName', altNames: altNames });
|
||||
}
|
||||
|
||||
if (extKeyUsage.codeSign === true) {
|
||||
extensions = [{ name: 'basicConstraints', cA: false }, { name: 'keyUsage', keyCertSign: false, digitalSignature: true, nonRepudiation: false, keyEncipherment: false, dataEncipherment: false }, { name: 'extKeyUsage', codeSigning: true }, { name: "subjectKeyIdentifier" }];
|
||||
}
|
||||
|
||||
cert.setExtensions(extensions);
|
||||
cert.sign(rootcert.key, obj.forge.md.sha384.create());
|
||||
|
||||
@ -780,7 +784,7 @@ module.exports.CertificateOperations = function (parent) {
|
||||
var certargs = args.cert;
|
||||
var mpscertargs = args.mpscert;
|
||||
var strongCertificate = (args.fastcert ? false : true);
|
||||
var rcountmax = 4;
|
||||
var rcountmax = 5;
|
||||
var caindex = 1;
|
||||
var caok = false;
|
||||
var calist = [];
|
||||
@ -847,6 +851,12 @@ module.exports.CertificateOperations = function (parent) {
|
||||
if (obj.checkCertificate(r.agent.cert, r.agent.key) == false) { delete r.agent; } else { rcount++; }
|
||||
}
|
||||
|
||||
// If the code signing certificate already exist, load it
|
||||
if (obj.fileExists("codesign-cert-public.crt") && obj.fileExists("codesign-cert-private.key")) {
|
||||
r.codesign = { cert: obj.fileLoad("codesign-cert-public.crt", 'utf8'), key: obj.decryptPrivateKey(obj.fileLoad("codesign-cert-private.key", 'utf8')) };
|
||||
if (obj.checkCertificate(r.codesign.cert, r.codesign.key) == false) { delete r.codesign; } else { rcount++; }
|
||||
}
|
||||
|
||||
// If the swarm server certificate exist, load it (This is an optional certificate)
|
||||
if (obj.fileExists('swarmserver-cert-public.crt') && obj.fileExists('swarmserver-cert-private.key')) {
|
||||
r.swarmserver = { cert: obj.fileLoad('swarmserver-cert-public.crt', 'utf8'), key: obj.decryptPrivateKey(obj.fileLoad('swarmserver-cert-private.key', 'utf8')) };
|
||||
@ -1047,6 +1057,22 @@ module.exports.CertificateOperations = function (parent) {
|
||||
agentPrivateKey = r.agent.key;
|
||||
}
|
||||
|
||||
// If the code signing certificate does not exist, create one
|
||||
var codesignCertAndKey, codesignCertificate, codesignPrivateKey;
|
||||
if (r.codesign == null) {
|
||||
console.log("Generating code signing certificate...");
|
||||
codesignCertAndKey = obj.IssueWebServerCertificate(rootCertAndKey, true, commonName, country, organization, { codeSign: true }, strongCertificate);
|
||||
codesignCertificate = obj.pki.certificateToPem(codesignCertAndKey.cert);
|
||||
codesignPrivateKey = obj.pki.privateKeyToPem(codesignCertAndKey.key);
|
||||
obj.fs.writeFileSync(parent.getConfigFilePath('codesign-cert-public.crt'), codesignCertificate);
|
||||
obj.fs.writeFileSync(parent.getConfigFilePath('codesign-cert-private.key'), codesignPrivateKey);
|
||||
} else {
|
||||
// Keep the code signing certificate we have
|
||||
codesignCertAndKey = { cert: obj.pki.certificateFromPem(r.codesign.cert), key: obj.pki.privateKeyFromPem(r.codesign.key) };
|
||||
codesignCertificate = r.codesign.cert;
|
||||
codesignPrivateKey = r.codesign.key;
|
||||
}
|
||||
|
||||
// If the Intel AMT MPS certificate does not exist, create one
|
||||
var mpsCertAndKey, mpsCertificate, mpsPrivateKey;
|
||||
if ((r.mps == null) || (forceMpsCertGen == 1)) {
|
||||
|
Loading…
Reference in New Issue
Block a user