Fixed Intel AMT ACM cert auto-ordering.

2020-08-19 11:22:19 -07:00 · 2020-08-19 11:22:19 -07:00 · 1c97377194
parent a22647892d
commit 1c97377194
1 changed files with 16 additions and 14 deletions
--- a/certoperations.js
+++ b/certoperations.js
@ -97,6 +97,22 @@ module.exports.CertificateOperations = function (parent) {
                    if ((r.certs.length < 2) || (r.keys.length != 1)) continue;
                }

+                // Reorder the certificates from leaf to root.
+                var orderedCerts = [], or = [], currenthash = null, orderingError = false;;
+                while ((orderingError == false) && (orderedCerts.length < r.certs.length)) {
+                    orderingError = true;
+                    for (var k in r.certs) {
+                        if (((currenthash == null) && (r.certs[k].subject.hash == r.certs[k].issuer.hash)) || ((r.certs[k].issuer.hash == currenthash) && (r.certs[k].subject.hash != r.certs[k].issuer.hash))) {
+                            currenthash = r.certs[k].subject.hash;
+                            orderedCerts.unshift(Buffer.from(obj.forge.asn1.toDer(obj.pki.certificateToAsn1(r.certs[k])).data, 'binary').toString('base64'));
+                            or.unshift(r.certs[k]);
+                            orderingError = false;
+                        }
+                    }
+                }
+                if (orderingError == true) continue;
+                r.certs = or;
+
                /*
                // Debug: Display all certs & key as PEM
                for (var k in r.certs) {
@ -139,20 +155,6 @@ module.exports.CertificateOperations = function (parent) {
                    acmconfig.cn = certCommonName.value;
                }

-                // Reorder the certificates from leaf to root.
-                var orderedCerts = [], currenthash = null, orderingError = false;;
-                while ((orderingError == false) && (orderedCerts.length < r.certs.length)) {
-                    orderingError = true;
-                    for (var k in r.certs) {
-                        if (((currenthash == null) && (r.certs[k].subject.hash == r.certs[k].issuer.hash)) || ((r.certs[k].issuer.hash == currenthash) && (r.certs[k].subject.hash != r.certs[k].issuer.hash))) {
-                            currenthash = r.certs[k].subject.hash;
-                            orderedCerts.unshift(Buffer.from(obj.forge.asn1.toDer(obj.pki.certificateToAsn1(r.certs[k])).data, 'binary').toString('base64'));
-                            orderingError = false;
-                        }
-                    }
-                }
-                if (orderingError == true) continue;
-
                delete acmconfig.cert;
                delete acmconfig.certpass;
                acmconfig.certs = orderedCerts;