external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-03-09 15:40:18 +00:00
Code Issues Releases Wiki Activity

Added strictCommonName option for matching the Intel AMT ACM activation cert.

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2022-08-15 21:49:01 -07:00
parent 9ef31ce418
commit 15a76d3932
3 changed files with 15 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

20
certoperations.js
View file

@ -247,14 +247,20 @@ module.exports.CertificateOperations = function (parent) {
// Get the certificate common name
var certCommonName = r.certs[0].subject.getField('CN');
if (certCommonName == null) { amtacmactivation.acmCertErrors.push("Unable to get Intel AMT activation certificate common name."); continue; }
var certCommonNameSplit = certCommonName.value.split('.');
var topLevel = certCommonNameSplit[certCommonNameSplit.length - 1].toLowerCase();
var topLevelNum = TopLevelDomainExtendedSupport[topLevel];
if (topLevelNum != null) {
while (certCommonNameSplit.length > topLevelNum) { certCommonNameSplit.shift(); }
acmconfig.cn = certCommonNameSplit.join('.');
} else {
if (amtacmactivation.strictcommonname == true) {
// Use the certificate common name exactly
acmconfig.cn = certCommonName.value;
} else {
// Check if Intel AMT will allow some flexibility in the certificate common name
var certCommonNameSplit = certCommonName.value.split('.');
var topLevel = certCommonNameSplit[certCommonNameSplit.length - 1].toLowerCase();
var topLevelNum = TopLevelDomainExtendedSupport[topLevel];
if (topLevelNum != null) {
while (certCommonNameSplit.length > topLevelNum) { certCommonNameSplit.shift(); }
acmconfig.cn = certCommonNameSplit.join('.');
} else {
acmconfig.cn = certCommonName.value;
}
}
delete acmconfig.cert;