From 06314eb8f92f104b293093581b1b516b163b58e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?=
 <davidcorreafjb2001@gmail.com>
Date: Thu, 31 Aug 2023 12:18:16 +0200
Subject: [PATCH] Added tasks to verify SHA512 checksum

---
 .../ansible-wazuh-agent/tasks/Windows.yml     | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
index bcf6e1f0..15b27f72 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
@@ -30,16 +30,29 @@
   when:
     - not wazuh_package_downloaded.stat.exists
 
+- name: Windows | Download SHA512 checksum file
+  win_get_url:
+    url: "{{ wazuh_winagent_sha512_url }}"
+    dest: "{{ wazuh_winagent_config.download_dir }}"
+  when:
+    - not wazuh_package_downloaded.stat.exists
+  
+- name: Extract checksum from SHA512 file
+  win_shell: Get-Content "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}.sha512" | ForEach-Object { $_.Split(' ')[0] }
+  register: extracted_checksum
+  when:
+    - not wazuh_package_downloaded.stat.exists
+
 - name: Windows | Verify the Wazuh Agent installer
   win_stat:
     path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}"
     get_checksum: true
-    checksum_algorithm: md5
+    checksum_algorithm: sha512
   register: wazuh_agent_status
   failed_when:
-    - wazuh_agent_status.stat.checksum != wazuh_winagent_config.md5
+    - wazuh_agent_status.stat.checksum != extracted_checksum.stdout
   when:
-    - wazuh_winagent_config.check_md5
+    - wazuh_winagent_config.check_sha512
 
 
 - name: Windows | Install Agent if not already installed