kolide · James-Pickett · Mar 11, 2024 · Mar 11, 2024 · Mar 11, 2024 · Mar 11, 2024
diff --git a/ee/secureenclavesigner/secureenclavesigner_darwin.go b/ee/secureenclavesigner/secureenclavesigner_darwin.go
@@ -75,6 +75,8 @@ func New(ctx context.Context, slogger *slog.Logger, store types.GetterSetterDele
 		opt(ses)
 	}
 
+	// this is here to facilitate testing, since go builds a special test binary,
+	// if we look for os.Executable in a test and try to exec it, it will error
 	if ses.pathToLauncherBinary == "" {
 		p, err := os.Executable()
 		if err != nil {

diff --git a/ee/secureenclavesigner/secureenclavesigner_test.go b/ee/secureenclavesigner/secureenclavesigner_test.go
@@ -40,9 +40,9 @@ func TestSecureEnclaveSigner(t *testing.T) {
 
 	// put the root dir somewhere else if you want to persist the signed macos app bundle
 	// should build this into make at some point
-	rootDir := "/tmp/secure_enclave_test"
+	// rootDir := "/tmp/secure_enclave_test"
 
-	// rootDir := t.TempDir()
+	rootDir := t.TempDir()
 	appRoot := filepath.Join(rootDir, "launcher_test.app")
 
 	// make required dirs krypto_test.app/Contents/MacOS and add files

diff --git a/ee/secureenclavesigner/test_app_resources/info.plist b/ee/secureenclavesigner/test_app_resources/info.plist
@@ -5,7 +5,7 @@
 	<key>CFBundleExecutable</key>
 	<string>launcher_test</string>
 	<key>CFBundleIdentifier</key>
-	<string>com.kolide.agent</string>
+	<string>com.launcher.test</string>
 	<key>CFBundleName</key>
 	<string>launcher_test</string>
 	<key>LSUIElement</key>

diff --git a/pkg/osquery/table/launcher_info.go b/pkg/osquery/table/launcher_info.go
@@ -105,16 +105,37 @@ func generateLauncherInfoTable(store types.GetterSetter) table.GenerateFunc {
 			if err != nil {
 				return nil, fmt.Errorf("marshalling hardware keys: %w", err)
 			}
-			results[0]["hardware_key"] = string(jsonBytes)
-			results[0]["hardware_key_source"] = agent.HardwareKeys().Type()
+
+			// for darwin we'll have an array of uid / key pairs looking this
+			// [{"uid":"501","pub_key":"PUB_KEY_B64_DER"}, {"uid":"502","pub_key":"PUB_KEY_B64_DER"}]
+			results[0]["hardware_keys"] = string(jsonBytes)
+			results[0]["hardware_keys_source"] = agent.HardwareKeys().Type()
 
 			return results, nil
 		}
 
 		if hardwareKeyDer, err := x509.MarshalPKIXPublicKey(agent.HardwareKeys().Public()); err == nil {
-			// der is a binary format, so convert to b64
-			results[0]["hardware_key"] = base64.StdEncoding.EncodeToString(hardwareKeyDer)
-			results[0]["hardware_key_source"] = agent.HardwareKeys().Type()
+			// for windows and linux we just have a single key, but we want data to be in a consistent format, so update it to look like
+			// the darwin format
+			keys := []struct {
+				Uid    string `json:"uid"`
+				PubKey string `json:"pub_key"`
+			}{
+				{
+					// the uid is irrelevant for windows and linux, so just use -1
+					// since hardware keys are not tied to user
+					Uid:    "-1",
+					PubKey: base64.StdEncoding.EncodeToString(hardwareKeyDer),
+				},
+			}
+
+			jsonBytes, err := json.Marshal(keys)
+			if err != nil {
+				return nil, fmt.Errorf("marshalling hardware keys: %w", err)
+			}
+
+			results[0]["hardware_keys"] = string(jsonBytes)
+			results[0]["hardware_keys_source"] = agent.HardwareKeys().Type()
 		}
 
 		return results, nil