MyFavMirrors
/
MeshCentral
mirror of https://github.com/Ylianst/MeshCentral.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed Intel AMT ACM cert auto-ordering.

This commit is contained in:
Ylian Saint-Hilaire 2020-08-19 11:22:19 -07:00
parent a22647892d
commit 1c97377194
1 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
certoperations.js
View File

@ -97,6 +97,22 @@ module.exports.CertificateOperations = function (parent) {
if ((r.certs.length < 2) || (r.keys.length != 1)) continue; if ((r.certs.length < 2) || (r.keys.length != 1)) continue;
} }
// Reorder the certificates from leaf to root.
var orderedCerts = [], or = [], currenthash = null, orderingError = false;;
while ((orderingError == false) && (orderedCerts.length < r.certs.length)) {
orderingError = true;
for (var k in r.certs) {
if (((currenthash == null) && (r.certs[k].subject.hash == r.certs[k].issuer.hash)) || ((r.certs[k].issuer.hash == currenthash) && (r.certs[k].subject.hash != r.certs[k].issuer.hash))) {
currenthash = r.certs[k].subject.hash;
orderedCerts.unshift(Buffer.from(obj.forge.asn1.toDer(obj.pki.certificateToAsn1(r.certs[k])).data, 'binary').toString('base64'));
or.unshift(r.certs[k]);
orderingError = false;
}
}
}
if (orderingError == true) continue;
r.certs = or;
/* /*
// Debug: Display all certs & key as PEM // Debug: Display all certs & key as PEM
for (var k in r.certs) { for (var k in r.certs) {
@ -139,20 +155,6 @@ module.exports.CertificateOperations = function (parent) {
acmconfig.cn = certCommonName.value; acmconfig.cn = certCommonName.value;
} }
// Reorder the certificates from leaf to root.
var orderedCerts = [], currenthash = null, orderingError = false;;
while ((orderingError == false) && (orderedCerts.length < r.certs.length)) {
orderingError = true;
for (var k in r.certs) {
if (((currenthash == null) && (r.certs[k].subject.hash == r.certs[k].issuer.hash)) || ((r.certs[k].issuer.hash == currenthash) && (r.certs[k].subject.hash != r.certs[k].issuer.hash))) {
currenthash = r.certs[k].subject.hash;
orderedCerts.unshift(Buffer.from(obj.forge.asn1.toDer(obj.pki.certificateToAsn1(r.certs[k])).data, 'binary').toString('base64'));
orderingError = false;
}
}
}
if (orderingError == true) continue;
delete acmconfig.cert; delete acmconfig.cert;
delete acmconfig.certpass; delete acmconfig.certpass;
acmconfig.certs = orderedCerts; acmconfig.certs = orderedCerts;