more Intel AMT ACM work.

agents/modules_meshcore/amt-manage.js

@@ -471,22 +471,22 @@ function AmtManager(agent, db, isdebug) {
                 }
             }
         }
-        if (trustedFqdn == null) return; // No trusted DNS suffix.
         //debug('TrustedFqdn: ' + trustedFqdn);
+        if (trustedFqdn == null) return; // No trusted DNS suffix.
 
         // Check if we have a ACM policy match
-        var hashMatch = false;
+        var hashMatch = null;
         for (var i in amtpolicy.match) { var m = amtpolicy.match[i]; if (m.cn == trustedFqdn) { for (var j in trustedHashes) { if ((trustedHashes[j] == m.sha256) || (trustedHashes[j] == m.sha1)) { hashMatch = trustedHashes[j]; } } } }
         if (hashMatch == null) return; // No certificate / FQDN match
-        debug('Policy: ' + JSON.stringify(amtpolicy));
-        debug('HashMatch: ' + hashMatch);
+        //debug('Policy: ' + JSON.stringify(amtpolicy));
+        //debug('HashMatch: ' + hashMatch);
 
         // Fetch Intel AMT realm and activation nonce and get ready to ACM activation...
         if (osamtstack != null) {
-            debug('Trying to get Intel AMT activation information (1)...');
+            //debug('Trying to get Intel AMT activation information (1)...');
             osamtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], activeToACM2, { fqdn: trustedFqdn, hash: hashMatch });
         } else {
-            debug('ACM Activation: Trying to get local account info...');
+            //debug('ACM Activation: Trying to get local account info...');
             amtMei.getLocalSystemAccount(function (x) {
                 if ((x != null) && x.user && x.pass) {
                     //debug('Intel AMT local account info: User=' + x.user + ', Pass=' + x.pass + '.');
@@ -495,17 +495,17 @@ function AmtManager(agent, db, isdebug) {
                     var amt = require('amt');
                     oswsstack = new wsman(transport, '127.0.0.1', 16992, x.user, x.pass, false);
                     osamtstack = new amt(oswsstack);
-                    debug('Trying to get Intel AMT activation information (2)...');
+                    //debug('Trying to get Intel AMT activation information (2)...');
                     osamtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], activeToACM2, { fqdn: trustedFqdn, hash: hashMatch });
                 } else {
-                    debug('Unable to get $$OsAdmin password.');
+                    //debug('Unable to get $$OsAdmin password.');
                 }
             });
         }
     }
 
     function activeToACM2(stack, name, responses, status, tag) {
-        debug('activeToACM2 status=' + status);
+        //debug('activeToACM2 status=' + status);
         if (status != 200) return;
         var fwNonce = responses['IPS_HostBasedSetupService'].response['ConfigurationNonce'];
         var digestRealm = responses['AMT_GeneralSettings'].response['DigestRealm'];
@@ -514,27 +514,29 @@ function AmtManager(agent, db, isdebug) {
 
     // Called when the server responds with a ACM activation signature.
     obj.setAcmResponse = function (acmdata) {
-        debug('setAcmResponse=' + JSON.stringify(acmdata));
+        //debug('setAcmResponse=' + JSON.stringify(acmdata));
         acmdata.index = 0;
-        //performAcmActivation(acmdata);
+        performAcmActivation(acmdata);
     }
 
     // Recursive function to inject the provisioning certificates into AMT in the proper order and completes ACM activation
     function performAcmActivation(acmdata) {
-        var leaf = (acmdata.index == 0), root = (acmdata.index == (acmdata.certChain.length - 1));
-        if (acmdata.index < acmdata.certChain.length) {
-            if (acmdata.certChain[acmdata.index] != null) {
-                debug('Calling AddNextCertInChain(' + acmdata.index + ')');
-                osamtstack.IPS_HostBasedSetupService_AddNextCertInChain(acmdata.certChain[acmdata.index], leaf, root, function (stack, name, responses, status) {
-                    if (status !== 200) { debug('AddNextCertInChain status=' + status); return; }
-                    else if (responses['Body']['ReturnValue'] !== 0) { debug('AddNextCertInChain error=' + responses['Body']['ReturnValue']); return; }
-                    else { acmdata.index++; performAcmActivation(acmdata); }
-                });
-            }
+        //debug('performAcmActivation(' + JSON.stringify(acmdata) + ')');
+        var leaf = (acmdata.index == 0), root = (acmdata.index == (acmdata.certs.length - 1));
+        if ((acmdata.index < acmdata.certs.length) && (acmdata.certs[acmdata.index] != null)) {
+            //debug('Calling AddNextCertInChain(' + acmdata.index + ', ' + acmdata.certs[acmdata.index] + ')');
+            osamtstack.IPS_HostBasedSetupService_AddNextCertInChain(acmdata.certs[acmdata.index], leaf, root, function (stack, name, responses, status) {
+                if (status !== 200) { debug('AddNextCertInChain status=' + status); return; }
+                else if (responses['Body']['ReturnValue'] !== 0) { debug('AddNextCertInChain error=' + responses['Body']['ReturnValue']); return; }
+                else { acmdata.index++; performAcmActivation(acmdata); }
+            });
         } else {
-            debug('Calling AdminSetup()');
+            //debug('Calling AdminSetup()');
             osamtstack.IPS_HostBasedSetupService_AdminSetup(2, acmdata.password, acmdata.nonce, 2, acmdata.signature,
-                function (stack, name, responses, status) { debug('DONE: ' + status); }
+                function (stack, name, responses, status) {
+                    debug('AdminSetup Status: ' + status);
+                    if (status == 200) { debug('AdminSetup ReturnValue: ' + responses['Body']['ReturnValue']); }
+                }
             );
         }
     }