From f7c21183d35ec8031214ba1167786b414976acd7 Mon Sep 17 00:00:00 2001
From: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Date: Wed, 4 May 2022 20:28:36 -0700
Subject: [PATCH] Fixed certificate/key matching.

---
 amt-certificates-0.0.1.js | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/amt-certificates-0.0.1.js b/amt-certificates-0.0.1.js
index 21ae5aa..3e6494d 100644
--- a/amt-certificates-0.0.1.js
+++ b/amt-certificates-0.0.1.js
@@ -4,6 +4,7 @@
 * @version v0.2.0b
 */
 
+/*
 // Check which key pair matches the public key in the certificate
 function amtcert_linkCertPrivateKey(certs, keys) {
     for (var i in certs) {
@@ -20,6 +21,25 @@ function amtcert_linkCertPrivateKey(certs, keys) {
         } catch (e) { console.log(e); }
     }
 }
+*/
+
+// Check which key pair matches the public key in the certificate
+function amtcert_linkCertPrivateKey(certs, keys) {
+    for (var i in certs) {
+        var cert = certs[i];
+        try {
+            if (keys.length == 0) return;
+            var publicKeyPEM = forge.pki.publicKeyToPem(forge.pki.certificateFromAsn1(forge.asn1.fromDer(cert.X509Certificate)).publicKey).substring(28 + 32).replace(/(\r\n|\n|\r)/gm, "");
+            publicKeyPEM = publicKeyPEM.substring(0, publicKeyPEM.length - 24); // Remove the PEM footer
+            for (var j = 0; j < keys.length; j++) {
+                if ((publicKeyPEM === (keys[j]['DERKey'])) || (publicKeyPEM == btoa(atob(keys[j]['DERKey']).substring(24)))) { // Match directly or, new version of Intel AMT put the key type OID in the private key, skip that and match.
+                    keys[j].XCert = cert; // Link the key pair to the certificate
+                    cert.XPrivateKey = keys[j]; // Link the certificate to the key pair
+                }
+            }
+        } catch (e) { console.log(e); }
+    }
+}
 
 // Load a P12 file, decodes it using the password and returns the private key handle
 function amtcert_loadP12File(file, password, func) {