mirror of
https://github.com/Ylianst/MeshCommander
synced 2025-12-06 06:03:20 +00:00
Improved Authentic CSME
This commit is contained in:
Ylian Saint-Hilaire
@@ -179,3 +179,32 @@ function _arrayBufferToString(buffer) {
|
|||||||
for (var i = 0; i < len; i++) { binary += String.fromCharCode(bytes[i]); }
|
for (var i = 0; i < len; i++) { binary += String.fromCharCode(bytes[i]); }
|
||||||
return binary;
|
return binary;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function certCetAsn1Values(node, list) {
|
||||||
|
if ((typeof node === 'string') && (node.indexOf('https://') == 0)) { list.push(node); return; }
|
||||||
|
if (Array.isArray(node)) { for (var i in node) { certCetAsn1Values(node[i], list); } return; }
|
||||||
|
if (node && typeof node === 'object') { certCetAsn1Values(node.value, list) }
|
||||||
|
}
|
||||||
|
|
||||||
|
function getExtensionUrls(cert, val) {
|
||||||
|
var list = [], ext = cert.getExtension(val);
|
||||||
|
if (ext != null) { certCetAsn1Values(forge.asn1.fromDer(ext.value), list); }
|
||||||
|
return list;
|
||||||
|
}
|
||||||
|
|
||||||
|
var certUrlCache = null;
|
||||||
|
var certUrlCacheFile = null;
|
||||||
|
function getCertUrl(url, func) {
|
||||||
|
if (certUrlCacheFile == null) { if (process.env.LOCALAPPDATA != null) { certUrlCacheFile = require('path').join(process.env.LOCALAPPDATA, 'mccache.json'); } else { certUrlCacheFile = 'mccache.json'; } }
|
||||||
|
if (certUrlCache == null) { try { certUrlCache = JSON.parse(require('fs').readFileSync(certUrlCacheFile)); } catch (ex) { certUrlCache = {}; } }
|
||||||
|
if ((certUrlCache[url] != null) && (certUrlCache[url].data != null)) { var timeout = 0; if (url.endsWith('.crl')) { timeout = Date.now() - (14 * 86400000); } if (certUrlCache[url].time > timeout) { func(url, atob(certUrlCache[url].data)); return; } }
|
||||||
|
console.log('Loading: ' + url);
|
||||||
|
var u = require('url').parse(url);
|
||||||
|
var req = require('https').get({ hostname: u.hostname, port: u.port?u.port:443, path: u.path, method: 'GET', rejectUnauthorized: false
|
||||||
|
}, function (resp) {
|
||||||
|
var data = '';
|
||||||
|
resp.on('data', function (chunk) { if (data != null) { data += chunk.toString('binary'); } if (data.length > 500000) { data = null; } });
|
||||||
|
resp.on('end', function () { certUrlCache[url] = { data: btoa(data), time: Date.now() }; try { require('fs').writeFileSync(certUrlCacheFile, JSON.stringify(certUrlCache, null, 2)); } catch (ex) { } func(url, data); });
|
||||||
|
});
|
||||||
|
req.on('error', function (err) { console.log('Error: ' + err.message); func(url, null); });
|
||||||
|
}
|
||||||
@@ -109,9 +109,10 @@ var WsmanStackCreateService = function (host, port, user, pass, tls, extra) {
|
|||||||
// Private method
|
// Private method
|
||||||
obj.ParseWsman = function (xml) {
|
obj.ParseWsman = function (xml) {
|
||||||
if (xml == null) return null;
|
if (xml == null) return null;
|
||||||
|
var r = { Header: {} };
|
||||||
try {
|
try {
|
||||||
if (!xml.childNodes) xml = _turnToXml(xml);
|
if (!xml.childNodes) xml = _turnToXml(xml);
|
||||||
var r = { Header: {} }, header = xml.getElementsByTagName('Header')[0], t;
|
var header = xml.getElementsByTagName('Header')[0], t;
|
||||||
if (!header) header = xml.getElementsByTagName('a:Header')[0];
|
if (!header) header = xml.getElementsByTagName('a:Header')[0];
|
||||||
if (!header) return null;
|
if (!header) return null;
|
||||||
for (var i = 0; i < header.childNodes.length; i++) {
|
for (var i = 0; i < header.childNodes.length; i++) {
|
||||||
@@ -129,11 +130,11 @@ var WsmanStackCreateService = function (host, port, user, pass, tls, extra) {
|
|||||||
r.Body = _ParseWsmanRec(body.childNodes[0]);
|
r.Body = _ParseWsmanRec(body.childNodes[0]);
|
||||||
} catch (ex) { console.log('_ParseWsmanRec failed', body, ex); return null; }
|
} catch (ex) { console.log('_ParseWsmanRec failed', body, ex); return null; }
|
||||||
}
|
}
|
||||||
return r;
|
|
||||||
} catch (ex) {
|
} catch (ex) {
|
||||||
console.log('Unable to parse XML: ' + xml + ', ' + ex);
|
console.log('Unable to parse XML: ' + xml + ', ' + ex);
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Private method
|
// Private method
|
||||||
|
|||||||
69
index.html
69
index.html
@@ -4843,20 +4843,60 @@
|
|||||||
if ((amtversion >= 15) && (wsstack.comm.xtlsCertificate != null)) {
|
if ((amtversion >= 15) && (wsstack.comm.xtlsCertificate != null)) {
|
||||||
stack.amtauthnonce = require('crypto').randomBytes(10).toString('hex');
|
stack.amtauthnonce = require('crypto').randomBytes(10).toString('hex');
|
||||||
stack.AMT_GeneralSettings_AMTAuthenticate(stack.amtauthnonce, function (stack, name, response, status) {
|
stack.AMT_GeneralSettings_AMTAuthenticate(stack.amtauthnonce, function (stack, name, response, status) {
|
||||||
|
//status = 200;
|
||||||
|
//response = JSON.parse('{"Header":{"To":"http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous","RelatesTo":"15","Action":"http://intel.com/wbem/wscim/1/amt-schema/1/AMT_GeneralSettings/AMTAuthenticateResponse","MessageID":"uuid:00000000-8086-8086-8086-00000000008E","ResourceURI":"http://intel.com/wbem/wscim/1/amt-schema/1/AMT_GeneralSettings","Method":"AMTAuthenticate"},"Body":{"Nonce":"s5PzXOyJqlPwnE/FJ1Imk2tLc2s=","UUID":"465A544C39335830B0304A51465A544C","FQDN":"","FWVersion":"15.0.10.7000","AMTSVN":1,"Signature":"cT4DpT2VpDi0jq+3tIswntXIIitCQV6QxMbXMZryob7RYRyazW9YFKrX5nfu0tPpTqLEP9P+C8pVT4ZngU1TIrn2ptVw/xCKmOn56Y62U0Gv+fQSG1+AJFRej+W7Clv4","LengthOfCertificates":[602,638,631,708],"Certificates":"MIICVjCCAd2gAwIBAgIQSsxzEcw7W5elVuRWfkbN1zAKBggqhkjOPQQDAzAeMRwwGgYDVQQDDBNDU01FIFRHTCBBTVQgIDAxU0RFMB4XDTIwMDcyMzAwMDAwMFoXDTQ5MTIzMTIzNTk1OVowFTETMBEGA1UEAwwKQU1UIFdTLU1BTjB2MBAGByqGSM49AgEGBSuBBAAiA2IABOiUImnj9foD828QWknCF47SuIhwKn+AzhcgPz7IaUb/Z9KTPn57VfxahHBObijKRodtcxao0Jip/0sM3wbXkHvF03BLdxP6/ab5uMYLH+ZDjdlwC69qkjQtXciIzml8u6OB6DCB5TAfBgNVHSMEGDAWgBS4jxQZFu/qvArLmfxFoa+HO3ZPhjAPBgNVHRMBAf8EBTADAQEAMA4GA1UdDwEB/wQEAwIGgDCBoAYDVR0fBIGYMIGVMIGSoEqgSIZGaHR0cHM6Ly90c0RFLmludGVsLmNvbS9jb250ZW50L09uRGllQ0EvY3Jscy9PbkRpZV9DQV9DU01FX0luZGlyZWN0LmNybKJEpEIwQDEmMCQGA1UECwwdT25EaWUgQ0EgQ1NNRSBJbnRlcm1lZGlhdGUgQ0ExFjAUBgNVBAMMDXd3dy5pbnRlbC5jb20wCgYIKoZIzj0EAwMDZwAwZAIwMlkcpHt5ydDt2hmnF+pJxLzH6oF3K2XPviuudyQ8DtHfuziWXgI7t2KS/Y5tOFEAAjBxLW0MkEcpDlsKNS0ASNxOhi6neEEQaxT93EJh3J/Z0SU8qYdE2/qtfe087XhCvlowggJ6MIICAaADAgECAgUBBBwAIDAKBggqhkjOPQQDAzAjMSEwHwYDVQQDDBhDU01FIFRHTCBTVk4wMSBLZXJuZWwgREUwHhcNMjAwNzIzMDAwMDAwWhcNNDkxMjMxMjM1OTU5WjAeMRwwGgYDVQQDDBNDU01FIFRHTCBBTVQgIDAxU0RFMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAES/XBgK8rDlDycUzCocI1TrrrcQzD2Okq2BJhfqSg6MKxRMyei903Ewl94yl+tFsWoLuPiZDVE/bfxJghTynuGxk38YI8Qn8L3mPL+ahh3tSxWxC3kdszrU9dgObLF+2Io4IBCDCCAQQwHwYDVR0jBBgwFoAUzxraD/dMy5Zf2FiUKGctnPWwk30wHQYDVR0OBBYEFLiPFBkW7+q8CsuZ/EWhr4c7dk+GMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMIGgBgNVHR8EgZgwgZUwgZKgSqBIhkZodHRwczovL3RzREUuaW50ZWwuY29tL2NvbnRlbnQvT25EaWVDQS9jcmxzL09uRGllX0NBX0NTTUVfSW5kaXJlY3QuY3JsokSkQjBAMSYwJAYDVQQLDB1PbkRpZSBDQSBDU01FIEludGVybWVkaWF0ZSBDQTEWMBQGA1UEAwwNd3d3LmludGVsLmNvbTAKBggqhkjOPQQDAwNnADBkAjBiU4sHamrnSkvkwpTbVJah30CSGycVSwlUCUnXxFBFcCmXQeuXdElJiXhZyO5CQf8CMBxnQghoKlmUCKhzEYHjDMdXAKJcIapz6ksRDuYycxOlEpyBjei5tU5Nq16qDdt0njCCAnMwggH5oAMCAQICAQEwCgYIKoZIzj0EAwMwGjEYMBYGA1UEAwwPQ1NNRSBUR0wgUk9NIERFMB4XDTIwMDcyMzAwMDAwMFoXDTQ5MTIzMTIzNTk1OVowIzEhMB8GA1UEAwwYQ1NNRSBUR0wgU1ZOMDEgS2VybmVsIERFMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEtfPOoxER7WKkOQQFPnDBikHOrIkNZA1si7sFV1Y1tSBF4HCCl0BfXo5GqsOxzwJ2JcJLiP16ZP3rMcOOpufVLwPwN/0jmP1/KDeANgmwGLLvjAuHfx/KRU3MqkDdSLbfo4IBCDCCAQQwHwYDVR0jBBgwFoAUsd+j/J4YMaOrY0I0x9dKYND8mMQwHQYDVR0OBBYEFM8a2g/3TMuWX9hYlChnLZz1sJN9MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgKsMIGgBgNVHR8EgZgwgZUwgZKgSqBIhkZodHRwczovL3RzREUuaW50ZWwuY29tL2NvbnRlbnQvT25EaWVDQS9jcmxzL09uRGllX0NBX0NTTUVfSW5kaXJlY3QuY3JsokSkQjBAMSYwJAYDVQQLDB1PbkRpZSBDQSBDU01FIEludGVybWVkaWF0ZSBDQTEWMBQGA1UEAwwNd3d3LmludGVsLmNvbTAKBggqhkjOPQQDAwNoADBlAjB0WjT9RuE7v+dm2EM2uf7uZ3Pv3KAKZzBkpvokIbuO1qE3FS36mf3kKfl58hMhfosCMQD4NyxKd28cm9ZfW7eOEetEwXXDgCtq+rfzCXbJWDQvkYpnS4LPxIXxEsiN6/scTH0wggLAMIICRqADAgECAhBAAAAAAAAAAAAAAAAAAAAAMAoGCCqGSM49BAMDMEgxLjAsBgNVBAsMJU9uIERpZSBDU01FIERfVEdMIERFQlVHMDAwIElzc3VpbmcgQ0ExFjAUBgNVBAMMDXd3dy5pbnRlbC5jb20wHhcNMTkwMTAxMDAwMDAwWhcNNDkxMjMxMjM1OTU5WjAaMRgwFgYDVQQDDA9DU01FIFRHTCBST00gREUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQ4g65/2ziA9osYJXOdQ81/PobyJmcTqSU8CMcVk3OyWhGjaczREvl+DvZpd5+2CYAxSr3ItlK5Jn3z1xG4mwHRzH0FFdu7Ooxf7kSH5dXnSO7hv6q/y97+KTy6odfzRuqjggEhMIIBHTAfBgNVHSMEGDAWgBQ7McrVw0uS10jI/ZKqda6dMkoGQjAdBgNVHQ4EFgQUsd+j/J4YMaOrY0I0x9dKYND8mMQwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAa4wYgYIKwYBBQUHAQEEVjBUMFIGCCsGAQUFBzAChkZodHRwczovL3RzREUuaW50ZWwuY29tL2NvbnRlbnQvT25EaWVDQS9jZXJ0cy9UR0xfREVCVUcwMDBfT25EaWVfQ0EuY2VyMFYGA1UdHwRPME0wS6BJoEeGRWh0dHBzOi8vdHNERS5pbnRlbC5jb20vY29udGVudC9PbkRpZUNBL2NybHMvVEdMX0RFQlVHMDAwX09uRGllX0NBLmNybDAKBggqhkjOPQQDAwNoADBlAjAjX8BHXjQGsr1uqkCDdqRRzT2yQNLU4i85H+mJboRaAB2h09mISKagGU0m3DXywmICMQDmTjjpPjCJye9m2u/csfkUAn7rP1FLmdJHtT9qN968CACWQQ356e8s3XgNpNtexJU=","ReturnValue":0,"ReturnValueStr":"SUCCESS"}}'); // Sample Response 1
|
||||||
|
//response = JSON.parse('{"Header":{"To":"http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous","RelatesTo":"15","Action":"http://intel.com/wbem/wscim/1/amt-schema/1/AMT_GeneralSettings/AMTAuthenticateResponse","MessageID":"uuid:00000000-8086-8086-8086-0000000000F8","ResourceURI":"http://intel.com/wbem/wscim/1/amt-schema/1/AMT_GeneralSettings","Method":"AMTAuthenticate"},"Body":{"Nonce":"NlfyHfo322EtefP1q5s92K+szBw=","UUID":"465A544C39335830B0304A51465A544C","FQDN":"","FWVersion":"15.0.10.7000","AMTSVN":1,"Signature":"9jBx0HfvNECPrMrg16px2RGDu/qdgrUyguOamlJ5hpiYgt9ZPrMz6/WgYY5nbnT6zBxSTUP+AqEzcmA6oWunYHZQJprY9iDdew4PPIHWqGZGgqh/10m3aYHwy+TKk/Ab","LengthOfCertificates":[603,638,631,708],"Certificates":"MIICVzCCAd2gAwIBAgIQSsxzEcw7W5elVuRWfkbN1zAKBggqhkjOPQQDAzAeMRwwGgYDVQQDDBNDU01FIFRHTCBBTVQgIDAxU0RFMB4XDTIwMDcyMzAwMDAwMFoXDTQ5MTIzMTIzNTk1OVowFTETMBEGA1UEAwwKQU1UIFdTLU1BTjB2MBAGByqGSM49AgEGBSuBBAAiA2IABOiUImnj9foD828QWknCF47SuIhwKn+AzhcgPz7IaUb/Z9KTPn57VfxahHBObijKRodtcxao0Jip/0sM3wbXkHvF03BLdxP6/ab5uMYLH+ZDjdlwC69qkjQtXciIzml8u6OB6DCB5TAfBgNVHSMEGDAWgBS4jxQZFu/qvArLmfxFoa+HO3ZPhjAPBgNVHRMBAf8EBTADAQEAMA4GA1UdDwEB/wQEAwIGgDCBoAYDVR0fBIGYMIGVMIGSoEqgSIZGaHR0cHM6Ly90c0RFLmludGVsLmNvbS9jb250ZW50L09uRGllQ0EvY3Jscy9PbkRpZV9DQV9DU01FX0luZGlyZWN0LmNybKJEpEIwQDEmMCQGA1UECwwdT25EaWUgQ0EgQ1NNRSBJbnRlcm1lZGlhdGUgQ0ExFjAUBgNVBAMMDXd3dy5pbnRlbC5jb20wCgYIKoZIzj0EAwMDaAAwZQIwYCfw7GuUi9XxfBfhO/LYUbSb3pd65tkpRSLjIhsj9uMG9DFbMVUy9aicvZt7NYwXAjEAtAdHvcmoI/fZfw2Mo7TooojLe+xfHzZ5NyZyVlPaVyya25K/3kE05gvQO1jvk/ZcMIICejCCAgGgAwIBAgIFAQQcACAwCgYIKoZIzj0EAwMwIzEhMB8GA1UEAwwYQ1NNRSBUR0wgU1ZOMDEgS2VybmVsIERFMB4XDTIwMDcyMzAwMDAwMFoXDTQ5MTIzMTIzNTk1OVowHjEcMBoGA1UEAwwTQ1NNRSBUR0wgQU1UICAwMVNERTB2MBAGByqGSM49AgEGBSuBBAAiA2IABEv1wYCvKw5Q8nFMwqHCNU6663EMw9jpKtgSYX6koOjCsUTMnovdNxMJfeMpfrRbFqC7j4mQ1RP238SYIU8p7hsZN/GCPEJ/C95jy/moYd7UsVsQt5HbM61PXYDmyxftiKOCAQgwggEEMB8GA1UdIwQYMBaAFM8a2g/3TMuWX9hYlChnLZz1sJN9MB0GA1UdDgQWBBS4jxQZFu/qvArLmfxFoa+HO3ZPhjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwICBDCBoAYDVR0fBIGYMIGVMIGSoEqgSIZGaHR0cHM6Ly90c0RFLmludGVsLmNvbS9jb250ZW50L09uRGllQ0EvY3Jscy9PbkRpZV9DQV9DU01FX0luZGlyZWN0LmNybKJEpEIwQDEmMCQGA1UECwwdT25EaWUgQ0EgQ1NNRSBJbnRlcm1lZGlhdGUgQ0ExFjAUBgNVBAMMDXd3dy5pbnRlbC5jb20wCgYIKoZIzj0EAwMDZwAwZAIwYlOLB2pq50pL5MKU21SWod9AkhsnFUsJVAlJ18RQRXApl0Hrl3RJSYl4WcjuQkH/AjAcZ0IIaCpZlAiocxGB4wzHVwCiXCGqc+pLEQ7mMnMTpRKcgY3oubVOTateqg3bdJ4wggJzMIIB+aADAgECAgEBMAoGCCqGSM49BAMDMBoxGDAWBgNVBAMMD0NTTUUgVEdMIFJPTSBERTAeFw0yMDA3MjMwMDAwMDBaFw00OTEyMzEyMzU5NTlaMCMxITAfBgNVBAMMGENTTUUgVEdMIFNWTjAxIEtlcm5lbCBERTB2MBAGByqGSM49AgEGBSuBBAAiA2IABLXzzqMREe1ipDkEBT5wwYpBzqyJDWQNbIu7BVdWNbUgReBwgpdAX16ORqrDsc8CdiXCS4j9emT96zHDjqbn1S8D8Df9I5j9fyg3gDYJsBiy74wLh38fykVNzKpA3Ui236OCAQgwggEEMB8GA1UdIwQYMBaAFLHfo/yeGDGjq2NCNMfXSmDQ/JjEMB0GA1UdDgQWBBTPGtoP90zLll/YWJQoZy2c9bCTfTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwICrDCBoAYDVR0fBIGYMIGVMIGSoEqgSIZGaHR0cHM6Ly90c0RFLmludGVsLmNvbS9jb250ZW50L09uRGllQ0EvY3Jscy9PbkRpZV9DQV9DU01FX0luZGlyZWN0LmNybKJEpEIwQDEmMCQGA1UECwwdT25EaWUgQ0EgQ1NNRSBJbnRlcm1lZGlhdGUgQ0ExFjAUBgNVBAMMDXd3dy5pbnRlbC5jb20wCgYIKoZIzj0EAwMDaAAwZQIwdFo0/UbhO7/nZthDNrn+7mdz79ygCmcwZKb6JCG7jtahNxUt+pn95Cn5efITIX6LAjEA+DcsSndvHJvWX1u3jhHrRMF1w4Aravq38wl2yVg0L5GKZ0uCz8SF8RLIjev7HEx9MIICwDCCAkagAwIBAgIQQAAAAAAAAAAAAAAAAAAAADAKBggqhkjOPQQDAzBIMS4wLAYDVQQLDCVPbiBEaWUgQ1NNRSBEX1RHTCBERUJVRzAwMCBJc3N1aW5nIENBMRYwFAYDVQQDDA13d3cuaW50ZWwuY29tMB4XDTE5MDEwMTAwMDAwMFoXDTQ5MTIzMTIzNTk1OVowGjEYMBYGA1UEAwwPQ1NNRSBUR0wgUk9NIERFMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEOIOuf9s4gPaLGCVznUPNfz6G8iZnE6klPAjHFZNzsloRo2nM0RL5fg72aXeftgmAMUq9yLZSuSZ989cRuJsB0cx9BRXbuzqMX+5Eh+XV50ju4b+qv8ve/ik8uqHX80bqo4IBITCCAR0wHwYDVR0jBBgwFoAUOzHK1cNLktdIyP2SqnWunTJKBkIwHQYDVR0OBBYEFLHfo/yeGDGjq2NCNMfXSmDQ/JjEMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGuMGIGCCsGAQUFBwEBBFYwVDBSBggrBgEFBQcwAoZGaHR0cHM6Ly90c0RFLmludGVsLmNvbS9jb250ZW50L09uRGllQ0EvY2VydHMvVEdMX0RFQlVHMDAwX09uRGllX0NBLmNlcjBWBgNVHR8ETzBNMEugSaBHhkVodHRwczovL3RzREUuaW50ZWwuY29tL2NvbnRlbnQvT25EaWVDQS9jcmxzL1RHTF9ERUJVRzAwMF9PbkRpZV9DQS5jcmwwCgYIKoZIzj0EAwMDaAAwZQIwI1/AR140BrK9bqpAg3akUc09skDS1OIvOR/piW6EWgAdodPZiEimoBlNJtw18sJiAjEA5k446T4wicnvZtrv3LH5FAJ+6z9RS5nSR7U/ajfevAgAlkEN+envLN14DaTbXsSV","ReturnValue":0,"ReturnValueStr":"SUCCESS"}}'); // Sample Response 2
|
||||||
|
|
||||||
if (status == 200) {
|
if (status == 200) {
|
||||||
stack.amtauth = response.Body;
|
stack.amtauth = response.Body;
|
||||||
stack.amtauth.CertificatesDer = [];
|
stack.amtauth.CertificatesDer = [];
|
||||||
var certs = [], certsbin = atob(stack.amtauth.Certificates), cptr = 0;
|
var certs = [], urlList = [], certsbin = atob(stack.amtauth.Certificates), cptr = 0;
|
||||||
for (var i = 0; i < stack.amtauth.LengthOfCertificates.length; i++) {
|
for (var i = 0; i < stack.amtauth.LengthOfCertificates.length; i++) {
|
||||||
var bin = certsbin.substring(cptr, cptr + stack.amtauth.LengthOfCertificates[i]);
|
var bin = certsbin.substring(cptr, cptr + stack.amtauth.LengthOfCertificates[i]);
|
||||||
stack.amtauth.CertificatesDer.push(bin);
|
stack.amtauth.CertificatesDer.push(bin);
|
||||||
certs.push(forge.pki.certificateFromAsn1(forge.asn1.fromDer(bin))); // Node-forge does not support ECC, but we are using a modified Node-forge that can still parse the cert.
|
var cert = forge.pki.certificateFromAsn1(forge.asn1.fromDer(bin)); // Node-forge does not support ECC, but we are using a modified Node-forge that can still parse the cert.
|
||||||
|
cert.xCrlUrls = getExtensionUrls(cert, 'cRLDistributionPoints');
|
||||||
|
cert.xParentUrls = getExtensionUrls(cert, { id: '1.3.6.1.5.5.7.1.1' });
|
||||||
|
cert.xFingerprint = forge.md.sha256.create().update(bin).digest().toHex().toUpperCase();
|
||||||
cptr += stack.amtauth.LengthOfCertificates[i];
|
cptr += stack.amtauth.LengthOfCertificates[i];
|
||||||
|
certs.push(cert);
|
||||||
|
if ((cert.xCrlUrls.length > 0) && (urlList.indexOf(cert.xCrlUrls[0]) == -1)) { urlList.push(cert.xCrlUrls[0]); }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If the top certificate has a parent URL, add it to the list of URL's to fetch.
|
||||||
|
if ((certs.length > 0) && (certs[certs.length - 1].xParentUrls.length > 0) && (urlList.indexOf(certs[certs.length - 1].xParentUrls[0]) == -1)) {
|
||||||
|
urlList.push(certs[certs.length - 1].xParentUrls[0]);
|
||||||
|
}
|
||||||
|
|
||||||
stack.amtauth.Certificates = certs;
|
stack.amtauth.Certificates = certs;
|
||||||
stack.amtauth.ClientNonce = stack.amtauthnonce;
|
stack.amtauth.ClientNonce = stack.amtauthnonce;
|
||||||
delete stack.amtauth.LengthOfCertificates;
|
delete stack.amtauth.LengthOfCertificates;
|
||||||
stack.amtauth.uuidStr = guidToStr(stack.amtauth.UUID).toLowerCase();
|
stack.amtauth.uuidStr = guidToStr(stack.amtauth.UUID).toLowerCase();
|
||||||
|
|
||||||
|
var trustedCsmeRoots = [
|
||||||
|
'3BA13766B1889DCB1E2D55BACCC9EC087452F78783E2EBAFD918FF4ED6ACC840' // www.intel.com / OnDie CA DEBUG Root Cert Signing CA
|
||||||
|
];
|
||||||
|
|
||||||
|
// Load the entire certificate chain and CRL's
|
||||||
|
var urlLoad = function (url, data) {
|
||||||
|
if (data == null) return;
|
||||||
|
for (var j in certs) {
|
||||||
|
if ((certs[j].xCrlUrls.length > 0) && (certs[j].xCrlUrls[0] == url)) { certs[j].xCrl = data; }
|
||||||
|
if ((j == (certs.length - 1)) && (certs[j].xParentUrls.length > 0) && (certs[j].xParentUrls[0] == url)) {
|
||||||
|
var xcert = forge.pki.certificateFromAsn1(forge.asn1.fromDer(data)); // Node-forge does not support ECC, but we are using a modified Node-forge that can still parse the cert.
|
||||||
|
xcert.xCrlUrls = getExtensionUrls(xcert, 'cRLDistributionPoints');
|
||||||
|
xcert.xParentUrls = getExtensionUrls(xcert, { id: '1.3.6.1.5.5.7.1.1' });
|
||||||
|
xcert.xFingerprint = forge.md.sha256.create().update(data).digest().toHex().toUpperCase();
|
||||||
|
if (trustedCsmeRoots.indexOf(xcert.xFingerprint) >= 0) { xcert.xTrusted = true; }
|
||||||
|
certs.push(xcert);
|
||||||
|
stack.amtauth.CertificatesDer.push(data);
|
||||||
|
if ((xcert.xCrlUrls.length > 0) && (urlList.indexOf(xcert.xCrlUrls[0]) == -1)) { getCertUrl(xcert.xCrlUrls[0], urlLoad); }
|
||||||
|
if ((xcert.xParentUrls.length > 0) && (urlList.indexOf(xcert.xParentUrls[0]) == -1)) { urlList.push(xcert.xParentUrls[0]); getCertUrl(xcert.xParentUrls[0], urlLoad); }
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
for (var i in urlList) { getCertUrl(urlList[i], urlLoad); }
|
||||||
}
|
}
|
||||||
delete stack.amtauthnonce;
|
delete stack.amtauthnonce;
|
||||||
});
|
});
|
||||||
@@ -5681,23 +5721,40 @@
|
|||||||
var x = '<div style=margin-top:8px>' + "Intel® AMT supports authentic CSME feature, however MeshCommander cannot verify the authenticity yet." + '</div><hr style=margin-top:8px;margin-bottom:8px;height:2px;border-width:0;color:gray;background-color:gray />';
|
var x = '<div style=margin-top:8px>' + "Intel® AMT supports authentic CSME feature, however MeshCommander cannot verify the authenticity yet." + '</div><hr style=margin-top:8px;margin-bottom:8px;height:2px;border-width:0;color:gray;background-color:gray />';
|
||||||
x += addHtmlValue("FW Version", amtstack.amtauth.FWVersion);
|
x += addHtmlValue("FW Version", amtstack.amtauth.FWVersion);
|
||||||
x += addHtmlValue("FQDN", amtstack.amtauth.FQDN ? amtstack.amtauth.FQDN : ('<i>' + "None" + '</i>'));
|
x += addHtmlValue("FQDN", amtstack.amtauth.FQDN ? amtstack.amtauth.FQDN : ('<i>' + "None" + '</i>'));
|
||||||
x += '<hr style=margin-top:8px;margin-bottom:8px;height:2px;border-width:0;color:gray;background-color:gray /><table>';
|
x += '<hr style=margin-top:8px;margin-bottom:8px;height:2px;border-width:0;color:gray;background-color:gray /><div style=max-height:200px;overflow-y:auto><table>';
|
||||||
for (var i in amtstack.amtauth.Certificates) {
|
for (var i in amtstack.amtauth.Certificates) {
|
||||||
var cert = amtstack.amtauth.Certificates[i];
|
var cert = amtstack.amtauth.Certificates[i];
|
||||||
x += '<tr><td style=width:32px><img src=images-commander/cert1.png height=32 width=32 />';
|
x += '<tr><td style=width:32px;vertical-align:top><img src=images-commander/cert1.png height=32 width=32 />';
|
||||||
x += '<td>' + EscapeHtml(cert.subject.getField('CN').value) + '<br />';
|
x += '<td style=padding-bottom:6px><b>' + EscapeHtml(cert.subject.getField('CN').value) + ((cert.xTrusted === true) ? ', <span style=color:#080>' + "Trusted" + '</span>' : '') + '</b><br />';
|
||||||
|
if (cert.subject.getField('OU')) { x += EscapeHtml(cert.subject.getField('OU').value) + '<br />'; }
|
||||||
// ###BEGIN###{FileSaver}
|
// ###BEGIN###{FileSaver}
|
||||||
x += amtstack.amtauth.CertificatesDer[i].length + " bytes, " + '<a style=cursor:pointer;color:blue onclick=downloadAuthCert(' + i + ')>' + "Download" + '</a>';
|
x += amtstack.amtauth.CertificatesDer[i].length + " bytes, " + '<a style=cursor:pointer;color:blue onclick=downloadAuthCert(' + i + ')>' + "Download" + '</a>';
|
||||||
|
if (cert.xCrl) { x += '<br />' + "CRL " + cert.xCrl.length + " bytes, " + '<a style=cursor:pointer;color:blue onclick=downloadCertCrl(' + i + ')>' + "Download" + '</a>'; }
|
||||||
// ###END###{FileSaver}
|
// ###END###{FileSaver}
|
||||||
// ###BEGIN###{!FileSaver}
|
// ###BEGIN###{!FileSaver}
|
||||||
x += amtstack.amtauth.CertificatesDer[i].length + " bytes";
|
x += amtstack.amtauth.CertificatesDer[i].length + " bytes";
|
||||||
|
if (cert.xCrl) { x += '<br />' + "CRL " + cert.xCrl.length + " bytes"; }
|
||||||
// ###END###{!FileSaver}
|
// ###END###{!FileSaver}
|
||||||
}
|
}
|
||||||
x += '</table>';
|
x += '</table><div>';
|
||||||
setDialogMode(11, "Authentic CSME", 1, null, x);
|
setDialogMode(11, "Authentic CSME", 1, null, x);
|
||||||
}
|
}
|
||||||
|
|
||||||
// ###BEGIN###{FileSaver}
|
// ###BEGIN###{FileSaver}
|
||||||
|
function downloadCertCrl(h) {
|
||||||
|
h = parseInt(h);
|
||||||
|
// ###BEGIN###{!Mode-NodeWebkit}
|
||||||
|
saveAs(data2blob(amtstack.amtauth.Certificates[h].xCrl), amtstack.amtauth.Certificates[h].subject.getField('CN').value + '.crl');
|
||||||
|
// ###END###{!Mode-NodeWebkit}
|
||||||
|
// ###BEGIN###{Mode-NodeWebkit}
|
||||||
|
var chooser = document.createElement('input');
|
||||||
|
chooser.setAttribute('type', 'file');
|
||||||
|
chooser.setAttribute('nwsaveas', amtstack.amtauth.Certificates[h].subject.getField('CN').value + '.crl');
|
||||||
|
chooser.addEventListener('change', function () { require('fs').writeFile(this.value, amtstack.amtauth.Certificates[h].xCrl, 'binary', function () { }); }, false);
|
||||||
|
chooser.click();
|
||||||
|
// ###END###{Mode-NodeWebkit}
|
||||||
|
}
|
||||||
|
|
||||||
function downloadAuthCert(h) {
|
function downloadAuthCert(h) {
|
||||||
h = parseInt(h);
|
h = parseInt(h);
|
||||||
// ###BEGIN###{!Mode-NodeWebkit}
|
// ###BEGIN###{!Mode-NodeWebkit}
|
||||||
|
|||||||
Reference in New Issue
Block a user