mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2025-01-26 14:13:14 -05:00
First working Intel AMT ACM activation.
This commit is contained in:
parent
2bc14decd2
commit
1d96f89f9d
@ -531,7 +531,7 @@ function AmtManager(agent, db, isdebug) {
|
||||
else { acmdata.index++; performAcmActivation(acmdata); }
|
||||
});
|
||||
} else {
|
||||
//debug('Calling AdminSetup()');
|
||||
debug('Calling AdminSetup() ' + JSON.stringify(acmdata));
|
||||
osamtstack.IPS_HostBasedSetupService_AdminSetup(2, acmdata.password, acmdata.nonce, 2, acmdata.signature,
|
||||
function (stack, name, responses, status) {
|
||||
debug('AdminSetup Status: ' + status);
|
||||
|
File diff suppressed because one or more lines are too long
@ -30,14 +30,12 @@ module.exports.CertificateOperations = function (parent) {
|
||||
|
||||
// Sign a Intel AMT ACM activation request
|
||||
obj.signAcmRequest = function (domain, request, user, pass) {
|
||||
console.log('signAcmRequest', request);
|
||||
if ((domain == null) || (domain.amtacmactivation == null) || (domain.amtacmactivation.certs == null) || (request == null) || (request.nonce == null) || (request.realm == null) || (request.fqdn == null) || (request.hash == null)) return null;
|
||||
if (parent.common.validateString(request.nonce, 16, 256) == false) return null;
|
||||
if (parent.common.validateString(request.realm, 16, 256) == false) return null;
|
||||
if (parent.common.validateString(request.fqdn, 4, 256) == false) return null;
|
||||
if (parent.common.validateString(request.hash, 16, 256) == false) return null;
|
||||
|
||||
console.log('a1');
|
||||
// Look for the signing certificate
|
||||
var signkey = null, certChain = null, hashAlgo = null, certIndex = null;
|
||||
for (var i in domain.amtacmactivation.certs) {
|
||||
@ -45,16 +43,13 @@ module.exports.CertificateOperations = function (parent) {
|
||||
if ((certEntry.sha256 == request.hash) && ((certEntry.cn == '*') || (certEntry.cn == request.fqdn))) { hashAlgo = 'sha256'; signkey = certEntry.key; certChain = certEntry.certs; certIndex = i; break; }
|
||||
if ((certEntry.sha1 == request.hash) && ((certEntry.cn == '*') || (certEntry.cn == request.fqdn))) { hashAlgo = 'sha1'; signkey = certEntry.key; certChain = certEntry.certs; certIndex = i; break; }
|
||||
}
|
||||
console.log('as', signkey);
|
||||
if (signkey == null) return null; // Did not find a match.
|
||||
|
||||
console.log('aa');
|
||||
// If the matching certificate is a root cert, issue a leaf cert that matches the fqdn
|
||||
if (domain.amtacmactivation.certs[certIndex].cn == '*') return; // TODO: Add support for this mode
|
||||
console.log('ab');
|
||||
|
||||
// Setup both nonces, ready to be signed
|
||||
const mcNonce = Buffer.from(obj.crypto.randomBytes(32), 'binary');
|
||||
const mcNonce = Buffer.from(obj.crypto.randomBytes(20), 'binary');
|
||||
const fwNonce = Buffer.from(request.nonce, 'base64');
|
||||
|
||||
// Sign the request
|
||||
|
Loading…
x
Reference in New Issue
Block a user