From db88f9233eb87f20308c65f87c61499407e2615c Mon Sep 17 00:00:00 2001
From: james pickett <james@kolide.co>
Date: Mon, 11 Mar 2024 10:17:21 -0700
Subject: [PATCH 1/3] add comment, tweak plist

---
 ee/secureenclavesigner/secureenclavesigner_darwin.go | 2 ++
 ee/secureenclavesigner/test_app_resources/info.plist | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/ee/secureenclavesigner/secureenclavesigner_darwin.go b/ee/secureenclavesigner/secureenclavesigner_darwin.go
index 381e804d0..1df6ca91e 100644
--- a/ee/secureenclavesigner/secureenclavesigner_darwin.go
+++ b/ee/secureenclavesigner/secureenclavesigner_darwin.go
@@ -75,6 +75,8 @@ func New(ctx context.Context, slogger *slog.Logger, store types.GetterSetterDele
 		opt(ses)
 	}
 
+	// this is here to facilitate testing, since go builds a special test binary,
+	// if we look for os.Executable in a test and try to exec it, it will error
 	if ses.pathToLauncherBinary == "" {
 		p, err := os.Executable()
 		if err != nil {
diff --git a/ee/secureenclavesigner/test_app_resources/info.plist b/ee/secureenclavesigner/test_app_resources/info.plist
index fe801acec..72bd0bfa7 100644
--- a/ee/secureenclavesigner/test_app_resources/info.plist
+++ b/ee/secureenclavesigner/test_app_resources/info.plist
@@ -5,7 +5,7 @@
 	<key>CFBundleExecutable</key>
 	<string>launcher_test</string>
 	<key>CFBundleIdentifier</key>
-	<string>com.kolide.agent</string>
+	<string>com.launcher.test</string>
 	<key>CFBundleName</key>
 	<string>launcher_test</string>
 	<key>LSUIElement</key>

From 8181bb6b0e5de3b384474f893deabf1df5ba556b Mon Sep 17 00:00:00 2001
From: james pickett <james@kolide.co>
Date: Mon, 11 Mar 2024 10:58:37 -0700
Subject: [PATCH 2/3] use temp dir in test

---
 ee/secureenclavesigner/secureenclavesigner_test.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ee/secureenclavesigner/secureenclavesigner_test.go b/ee/secureenclavesigner/secureenclavesigner_test.go
index ab834e84d..be98eea37 100644
--- a/ee/secureenclavesigner/secureenclavesigner_test.go
+++ b/ee/secureenclavesigner/secureenclavesigner_test.go
@@ -40,9 +40,9 @@ func TestSecureEnclaveSigner(t *testing.T) {
 
 	// put the root dir somewhere else if you want to persist the signed macos app bundle
 	// should build this into make at some point
-	rootDir := "/tmp/secure_enclave_test"
+	// rootDir := "/tmp/secure_enclave_test"
 
-	// rootDir := t.TempDir()
+	rootDir := t.TempDir()
 	appRoot := filepath.Join(rootDir, "launcher_test.app")
 
 	// make required dirs krypto_test.app/Contents/MacOS and add files

From 4343eade3843b34fb7732afa900d740618c8c37a Mon Sep 17 00:00:00 2001
From: james pickett <james@kolide.co>
Date: Mon, 11 Mar 2024 11:23:18 -0700
Subject: [PATCH 3/3] make non-darwin same as darwin for kolide_launcher_info
 table

---
 pkg/osquery/table/launcher_info.go | 31 +++++++++++++++++++++++++-----
 1 file changed, 26 insertions(+), 5 deletions(-)

diff --git a/pkg/osquery/table/launcher_info.go b/pkg/osquery/table/launcher_info.go
index efbfb4b17..fd08b6e22 100644
--- a/pkg/osquery/table/launcher_info.go
+++ b/pkg/osquery/table/launcher_info.go
@@ -105,16 +105,37 @@ func generateLauncherInfoTable(store types.GetterSetter) table.GenerateFunc {
 			if err != nil {
 				return nil, fmt.Errorf("marshalling hardware keys: %w", err)
 			}
-			results[0]["hardware_key"] = string(jsonBytes)
-			results[0]["hardware_key_source"] = agent.HardwareKeys().Type()
+
+			// for darwin we'll have an array of uid / key pairs looking this
+			// [{"uid":"501","pub_key":"PUB_KEY_B64_DER"}, {"uid":"502","pub_key":"PUB_KEY_B64_DER"}]
+			results[0]["hardware_keys"] = string(jsonBytes)
+			results[0]["hardware_keys_source"] = agent.HardwareKeys().Type()
 
 			return results, nil
 		}
 
 		if hardwareKeyDer, err := x509.MarshalPKIXPublicKey(agent.HardwareKeys().Public()); err == nil {
-			// der is a binary format, so convert to b64
-			results[0]["hardware_key"] = base64.StdEncoding.EncodeToString(hardwareKeyDer)
-			results[0]["hardware_key_source"] = agent.HardwareKeys().Type()
+			// for windows and linux we just have a single key, but we want data to be in a consistent format, so update it to look like
+			// the darwin format
+			keys := []struct {
+				Uid    string `json:"uid"`
+				PubKey string `json:"pub_key"`
+			}{
+				{
+					// the uid is irrelevant for windows and linux, so just use -1
+					// since hardware keys are not tied to user
+					Uid:    "-1",
+					PubKey: base64.StdEncoding.EncodeToString(hardwareKeyDer),
+				},
+			}
+
+			jsonBytes, err := json.Marshal(keys)
+			if err != nil {
+				return nil, fmt.Errorf("marshalling hardware keys: %w", err)
+			}
+
+			results[0]["hardware_keys"] = string(jsonBytes)
+			results[0]["hardware_keys_source"] = agent.HardwareKeys().Type()
 		}
 
 		return results, nil