From 86fb18a0c5d1da556245a47890d0df2b7490823b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?=
 <davidcorreafjb2001@gmail.com>
Date: Thu, 31 Aug 2023 11:27:19 +0200
Subject: [PATCH 1/5] Added SHA512 URL variables

---
 roles/wazuh/vars/repo.yml             | 2 +-
 roles/wazuh/vars/repo_pre-release.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/wazuh/vars/repo.yml b/roles/wazuh/vars/repo.yml
index 2dd92669d..036400815 100644
--- a/roles/wazuh/vars/repo.yml
+++ b/roles/wazuh/vars/repo.yml
@@ -5,7 +5,7 @@ wazuh_repo:
   key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
 wazuh_winagent_config_url: "https://packages.wazuh.com/4.x/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
 wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
-
+wazuh_winagent_sha512_url: "https://packages.wazuh.com/4.x/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"
 certs_gen_tool_version: 4.5
 
 # Url of certificates generator tool
diff --git a/roles/wazuh/vars/repo_pre-release.yml b/roles/wazuh/vars/repo_pre-release.yml
index 3eaf6ca1d..b7ae548a7 100644
--- a/roles/wazuh/vars/repo_pre-release.yml
+++ b/roles/wazuh/vars/repo_pre-release.yml
@@ -5,7 +5,7 @@ wazuh_repo:
   key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
 wazuh_winagent_config_url: "https://packages-dev.wazuh.com/pre-release/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
 wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
-
+wazuh_winagent_sha512_url: "https://packages-dev.wazuh.com/pre-release/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"
 certs_gen_tool_version: 4.5
 
 # Url of certificates generator tool

From 06314eb8f92f104b293093581b1b516b163b58e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?=
 <davidcorreafjb2001@gmail.com>
Date: Thu, 31 Aug 2023 12:18:16 +0200
Subject: [PATCH 2/5] Added tasks to verify SHA512 checksum

---
 .../ansible-wazuh-agent/tasks/Windows.yml     | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
index bcf6e1f02..15b27f721 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
@@ -30,16 +30,29 @@
   when:
     - not wazuh_package_downloaded.stat.exists
 
+- name: Windows | Download SHA512 checksum file
+  win_get_url:
+    url: "{{ wazuh_winagent_sha512_url }}"
+    dest: "{{ wazuh_winagent_config.download_dir }}"
+  when:
+    - not wazuh_package_downloaded.stat.exists
+  
+- name: Extract checksum from SHA512 file
+  win_shell: Get-Content "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}.sha512" | ForEach-Object { $_.Split(' ')[0] }
+  register: extracted_checksum
+  when:
+    - not wazuh_package_downloaded.stat.exists
+
 - name: Windows | Verify the Wazuh Agent installer
   win_stat:
     path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}"
     get_checksum: true
-    checksum_algorithm: md5
+    checksum_algorithm: sha512
   register: wazuh_agent_status
   failed_when:
-    - wazuh_agent_status.stat.checksum != wazuh_winagent_config.md5
+    - wazuh_agent_status.stat.checksum != extracted_checksum.stdout
   when:
-    - wazuh_winagent_config.check_md5
+    - wazuh_winagent_config.check_sha512
 
 
 - name: Windows | Install Agent if not already installed

From 4c62f30d9d16942e0080efa09617b16db5c328cd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?=
 <davidcorreafjb2001@gmail.com>
Date: Thu, 31 Aug 2023 13:18:22 +0200
Subject: [PATCH 3/5] Fixed checksum condition

---
 roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
index 15b27f721..e70243f1a 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
@@ -35,13 +35,13 @@
     url: "{{ wazuh_winagent_sha512_url }}"
     dest: "{{ wazuh_winagent_config.download_dir }}"
   when:
-    - not wazuh_package_downloaded.stat.exists
+    - wazuh_winagent_config.check_sha512
   
 - name: Extract checksum from SHA512 file
   win_shell: Get-Content "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}.sha512" | ForEach-Object { $_.Split(' ')[0] }
   register: extracted_checksum
   when:
-    - not wazuh_package_downloaded.stat.exists
+    - wazuh_winagent_config.check_sha512
 
 - name: Windows | Verify the Wazuh Agent installer
   win_stat:
@@ -50,11 +50,10 @@
     checksum_algorithm: sha512
   register: wazuh_agent_status
   failed_when:
-    - wazuh_agent_status.stat.checksum != extracted_checksum.stdout
+    - wazuh_agent_status.stat.checksum != extracted_checksum.stdout_lines[0]
   when:
     - wazuh_winagent_config.check_sha512
 
-
 - name: Windows | Install Agent if not already installed
   win_package:
     path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}"

From b8e2fb676b44ff4997d50932f133d440b3ef2ffd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?=
 <davidcorreafjb2001@gmail.com>
Date: Thu, 31 Aug 2023 14:29:15 +0200
Subject: [PATCH 4/5] Changed md5 by sha512 variable

---
 roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
index 70e258f06..5b4582be4 100644
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -53,8 +53,7 @@ wazuh_winagent_config:
   auth_path: C:\Program Files\ossec-agent\agent-auth.exe
   # Adding quotes to auth_path_x86 since win_shell outputs error otherwise
   auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
-  check_md5: True
-  md5: 3823a34bb108b9ad4e9fb43cb8f0b4e3
+  check_sha512: True
 
 wazuh_dir: "/var/ossec"
 

From f2ec14038ffdb76a19c8e793cc656096bebd3adb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?=
 <davidcorreafjb2001@gmail.com>
Date: Thu, 31 Aug 2023 14:40:21 +0200
Subject: [PATCH 5/5] Added task to delete checksum file

---
 roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
index e70243f1a..f312253df 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
@@ -107,3 +107,8 @@
   win_file:
     path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}"
     state: absent
+
+- name: Windows | Delete downloaded checksum file
+  win_file:
+    path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}.sha512"
+    state: absent