MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-01-27 14:43:14 -05:00
Code Issues Packages Projects Releases Wiki Activity

Added more authenticode-js error handling, #4134

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2022-06-21 19:06:40 -07:00
parent 3d0e19d885
commit 9372f7666c
1 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
authenticode.js
View File

@ -426,10 +426,12 @@ function createAuthenticodeHandler(path) {
res.on('data', function (chunk) { responseAccumulator += chunk; }); res.on('data', function (chunk) { responseAccumulator += chunk; });
res.on('end', function () { res.on('end', function () {
// Decode the timestamp signature block // Decode the timestamp signature block
const timepkcs7der = forge.asn1.fromDer(forge.util.createBuffer(Buffer.from(responseAccumulator, 'base64').toString('binary'))); var timepkcs7der = null;
try { timepkcs7der = forge.asn1.fromDer(forge.util.createBuffer(Buffer.from(responseAccumulator, 'base64').toString('binary'))); } catch (ex) { func('' + ex); return; }
// Decode the executable signature block // Decode the executable signature block
const pkcs7der = forge.asn1.fromDer(forge.util.createBuffer(Buffer.from(obj.getRawSignatureBlock(), 'base64').toString('binary'))); var pkcs7der = null;
try { forge.asn1.fromDer(forge.util.createBuffer(Buffer.from(obj.getRawSignatureBlock(), 'base64').toString('binary'))); } catch (ex) { func('' + ex); return; }
// Get the ASN1 certificates used to sign the timestamp and add them to the certs in the PKCS7 of the executable // Get the ASN1 certificates used to sign the timestamp and add them to the certs in the PKCS7 of the executable
// TODO: We could look to see if the certificate is already present in the executable // TODO: We could look to see if the certificate is already present in the executable
@ -1291,7 +1293,8 @@ function createAuthenticodeHandler(path) {
signEx(args, p7signature, obj.filesize, func); signEx(args, p7signature, obj.filesize, func);
} else { } else {
// Decode the signature block // Decode the signature block
var pkcs7der = forge.asn1.fromDer(forge.util.createBuffer(p7signature)); var pkcs7der = null;
try { forge.asn1.fromDer(forge.util.createBuffer(p7signature)); } catch (ex) { func('' + ex); return; }
// To work around ForgeJS PKCS#7 limitation, this may break PKCS7 verify if ForgeJS adds support for it in the future // To work around ForgeJS PKCS#7 limitation, this may break PKCS7 verify if ForgeJS adds support for it in the future
// Switch content type from "1.3.6.1.4.1.311.2.1.4" to "1.2.840.113549.1.7.1" // Switch content type from "1.3.6.1.4.1.311.2.1.4" to "1.2.840.113549.1.7.1"
@ -1316,7 +1319,7 @@ function createAuthenticodeHandler(path) {
]); ]);
// Re-decode the PKCS7 from the executable, this time, no workaround needed // Re-decode the PKCS7 from the executable, this time, no workaround needed
pkcs7der = forge.asn1.fromDer(forge.util.createBuffer(p7signature)); try { pkcs7der = forge.asn1.fromDer(forge.util.createBuffer(p7signature)); } catch (ex) { func('' + ex); return; }
// Serialize an ASN.1 object to DER format in Base64 // Serialize an ASN.1 object to DER format in Base64
const requestBody = Buffer.from(asn1.toDer(asn1obj).data, 'binary').toString('base64'); const requestBody = Buffer.from(asn1.toDer(asn1obj).data, 'binary').toString('base64');
@ -1341,7 +1344,8 @@ function createAuthenticodeHandler(path) {
res.on('data', function (chunk) { responseAccumulator += chunk; }); res.on('data', function (chunk) { responseAccumulator += chunk; });
res.on('end', function () { res.on('end', function () {
// Decode the timestamp signature block // Decode the timestamp signature block
const timepkcs7der = forge.asn1.fromDer(forge.util.createBuffer(Buffer.from(responseAccumulator, 'base64').toString('binary'))); const timepkcs7der = null;
try { forge.asn1.fromDer(forge.util.createBuffer(Buffer.from(responseAccumulator, 'base64').toString('binary'))); } catch (ex) { func('' + ex); return; }
// Get the ASN1 certificates used to sign the timestamp and add them to the certs in the PKCS7 of the executable // Get the ASN1 certificates used to sign the timestamp and add them to the certs in the PKCS7 of the executable
// TODO: We could look to see if the certificate is already present in the executable // TODO: We could look to see if the certificate is already present in the executable
@ -1562,7 +1566,7 @@ function createAuthenticodeHandler(path) {
if (args.hash == 'sha512') { hashOid = forge.pki.oids.sha512; fileHash = obj.getHashOfFile(output, 'sha512', written); } if (args.hash == 'sha512') { hashOid = forge.pki.oids.sha512; fileHash = obj.getHashOfFile(output, 'sha512', written); }
if (args.hash == 'sha224') { hashOid = forge.pki.oids.sha224; fileHash = obj.getHashOfFile(output, 'sha224', written); } if (args.hash == 'sha224') { hashOid = forge.pki.oids.sha224; fileHash = obj.getHashOfFile(output, 'sha224', written); }
if (args.hash == 'md5') { hashOid = forge.pki.oids.md5; fileHash = obj.getHashOfFile(output, 'md5', written); } if (args.hash == 'md5') { hashOid = forge.pki.oids.md5; fileHash = obj.getHashOfFile(output, 'md5', written); }
if (hashOid == null) return false; if (hashOid == null) { func('Bad hash method OID'); return; }
// Create the signature block // Create the signature block
var xp7 = forge.pkcs7.createSignedData(); var xp7 = forge.pkcs7.createSignedData();
@ -1605,7 +1609,8 @@ function createAuthenticodeHandler(path) {
writeExecutableEx(output, p7signature, written, func); writeExecutableEx(output, p7signature, written, func);
} else { } else {
// Decode the signature block // Decode the signature block
var pkcs7der = forge.asn1.fromDer(forge.util.createBuffer(p7signature)); var pkcs7der = null;
try { pkcs7der = forge.asn1.fromDer(forge.util.createBuffer(p7signature)); } catch (ex) { func('' + ex); return; }
// To work around ForgeJS PKCS#7 limitation, this may break PKCS7 verify if ForgeJS adds support for it in the future // To work around ForgeJS PKCS#7 limitation, this may break PKCS7 verify if ForgeJS adds support for it in the future
// Switch content type from "1.3.6.1.4.1.311.2.1.4" to "1.2.840.113549.1.7.1" // Switch content type from "1.3.6.1.4.1.311.2.1.4" to "1.2.840.113549.1.7.1"
@ -1630,7 +1635,7 @@ function createAuthenticodeHandler(path) {
]); ]);
// Re-decode the PKCS7 from the executable, this time, no workaround needed // Re-decode the PKCS7 from the executable, this time, no workaround needed
pkcs7der = forge.asn1.fromDer(forge.util.createBuffer(p7signature)); try { pkcs7der = forge.asn1.fromDer(forge.util.createBuffer(p7signature)); } catch (ex) { func('' + ex); return; }
// Serialize an ASN.1 object to DER format in Base64 // Serialize an ASN.1 object to DER format in Base64
const requestBody = Buffer.from(asn1.toDer(asn1obj).data, 'binary').toString('base64'); const requestBody = Buffer.from(asn1.toDer(asn1obj).data, 'binary').toString('base64');