Skip to content

Add Windows certificate trust management for signed installers#445

Merged
shannah merged 5 commits intomasterfrom
claude/add-authenticode-signing-04qdh
Mar 19, 2026
Merged

Add Windows certificate trust management for signed installers#445
shannah merged 5 commits intomasterfrom
claude/add-authenticode-signing-04qdh

Conversation

@shannah
Copy link
Copy Markdown
Owner

@shannah shannah commented Mar 16, 2026

Summary

This PR adds functionality to detect when a Windows executable is signed with an untrusted certificate and prompts the user to add it to their trust store, improving the installation experience for self-signed or internally-signed applications.

Key Changes

  • AuthenticodeSignatureChecker: New utility class that uses PowerShell to check Authenticode signatures on Windows executables, extracting certificate details (subject, issuer, thumbprint, validity dates) and determining if the certificate is trusted
  • CertificateTrustService: New service class that adds certificates to the current user's trusted root store using certutil.exe without requiring admin elevation
  • Certificate Trust Prompt UI: Added showCertificateTrustPrompt() method to InstallationForm interface with implementation in DefaultInstallationForm that displays certificate details and asks users if they want to trust the certificate
  • Installation Flow Integration: Modified Main.java to check for untrusted certificates after Windows installation completes and prompt the user accordingly before showing the completion dialog
  • Certificate Export: Added certificate export functionality to extract the signing certificate from an exe to a temporary file for adding to the trust store

Implementation Details

  • PowerShell scripts are used to interact with Windows certificate APIs, with proper path escaping to handle special characters
  • The signature check distinguishes between unsigned executables, signed-but-untrusted (self-signed or untrusted CA), and properly signed executables
  • User trust store operations use the -user flag with certutil.exe to avoid requiring administrator privileges
  • The certificate trust prompt is shown on the EDT while the signature check runs on a background thread
  • Certificate files are created as temporary files and cleaned up after use

https://claude.ai/code/session_019uM9CsmXdTMeEtoiNLijWG

claude added 5 commits March 16, 2026 02:18
@claude
feat: prompt user to trust self-signed certificates after Windows ins…
7d27373 
…tall

After installation completes on Windows, checks if the installed exe is
signed with an untrusted (e.g. self-signed) certificate. If so, shows
certificate details and offers to add it to the user's trust store via
certutil -user (no admin required). Proceeds to the completion dialog
regardless of the user's choice.

https://claude.ai/code/session_019uM9CsmXdTMeEtoiNLijWG
@claude
fix: use mvn install instead of package for installer in mock-network…
fbeeb83 
…-tests

The mock-network-tests workflow built the installer module with
`mvn package` which does not install the jar to the local Maven repo.
When the CLI module subsequently resolves jdeploy-installer as a
dependency, it fails because the artifact is not available.

https://claude.ai/code/session_019uM9CsmXdTMeEtoiNLijWG
@claude
refactor: make AuthenticodeSignatureChecker never return null
b318a01 
checkSignature() and exportCertificate() now throw
IllegalArgumentException for invalid input (null, missing file,
non-exe) and IOException for process failures instead of returning
null. Callers guard against obvious invalid input before calling,
and the existing catch(Exception) block handles any runtime failures.

https://claude.ai/code/session_019uM9CsmXdTMeEtoiNLijWG
@claude
fix: add BasicConstraints and KeyUsage extensions to code signing certs
6395460 
The signtool verify error 0x80096019 ("basic constraint extension has
not been observed") occurs because generated certificates lack proper
X.509v3 extensions. Add basicConstraints=CA:FALSE, keyUsage=
digitalSignature, and extendedKeyUsage=codeSigning to all certificate
generation paths: OpenSSL commands in the test skill and keytool
commands in integration tests.

Also includes the earlier refactor making AuthenticodeSignatureChecker
never return null (throws exceptions instead).

https://claude.ai/code/session_019uM9CsmXdTMeEtoiNLijWG
@claude
fix: simplify certificate trust prompt dialog
2eaccc7 
Replace the verbose certificate details dump with a friendly message
showing just the signer name and organization extracted from the
subject DN. Full certificate details (subject, issuer, thumbprint,
validity) are available via an info icon button. Button labels
simplified to "Trust" / "Skip".

https://claude.ai/code/session_019uM9CsmXdTMeEtoiNLijWG
@shannah shannah merged commit 9ddd5ec into master Mar 19, 2026
24 of 27 checks passed
@shannah shannah deleted the claude/add-authenticode-signing-04qdh branch March 19, 2026 03:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@shannah @claude