Intel AMT ACM activation fully working.

This commit is contained in:
Ylian Saint-Hilaire 2019-06-20 18:23:52 -07:00
parent 554bbf80f7
commit 0d424e4265
6 changed files with 39 additions and 14 deletions

View File

@ -83,11 +83,28 @@ module.exports.CertificateOperations = function (parent) {
var acmCerts = [], acmmatch = [];
if (amtacmactivation.certs != null) {
for (var j in amtacmactivation.certs) {
var acmconfig = amtacmactivation.certs[j];
if (typeof acmconfig.cert != 'string') continue;
var r = null;
try { r = obj.loadPfxCertificate(obj.parent.path.join(obj.parent.datapath, acmconfig.cert), acmconfig.certpass); } catch (ex) { console.log(ex); }
if ((r == null) || (r.certs == null) || (r.keys == null) || (r.certs.length < 2) || (r.keys.length != 1)) continue;
var acmconfig = amtacmactivation.certs[j], r = null;
if ((typeof acmconfig.certpfx == 'string') && (typeof acmconfig.certpfxpass == 'string')) {
// P12 format, certpfx and certpfxpass
try { r = obj.loadPfxCertificate(obj.parent.path.join(obj.parent.datapath, acmconfig.certpfx), acmconfig.certpfxpass); } catch (ex) { console.log(ex); }
if ((r == null) || (r.certs == null) || (r.keys == null) || (r.certs.length < 2) || (r.keys.length != 1)) continue;
} else if ((typeof acmconfig.certfiles == 'object') && (typeof acmconfig.keyfile == 'string')) {
// PEM format, certfiles and keyfile
r = { certs: [], keys: [] };
for (var k in acmconfig.certfiles) { r.certs.push(obj.pki.certificateFromPem(obj.fs.readFileSync(obj.parent.path.join(obj.parent.datapath, acmconfig.certfiles[k])))); }
r.keys.push(obj.pki.privateKeyFromPem(obj.fs.readFileSync(obj.parent.path.join(obj.parent.datapath, acmconfig.keyfile))));
if ((r.certs.length < 2) || (r.keys.length != 1)) continue;
}
/*
// Debug: Display all certs & key as PEM
for (var k in r.certs) {
var cn = r.certs[k].subject.getField('CN');
if (cn != null) { console.log(cn.value + '\r\n' + obj.pki.certificateToPem(r.certs[k])); } else { console.log(obj.pki.certificateToPem(r.certs[k])); }
}
console.log(obj.pki.privateKeyToPem(r.keys[0]));
*/
// Check if the right OU or OID is present for Intel AMT activation
var validActivationCert = false;
@ -164,14 +181,13 @@ module.exports.CertificateOperations = function (parent) {
// Return the certificate of the remote HTTPS server
obj.loadPfxCertificate = function (filename, password) {
var r = { certs: [], keys: [] };
var pfxbuf = obj.fs.readFileSync(filename);
var pfxb64 = Buffer.from(pfxbuf).toString('base64');
var pfxder = obj.forge.util.decode64(pfxb64);
var asn = obj.forge.asn1.fromDer(pfxder);
var pfx = obj.forge.pkcs12.pkcs12FromAsn1(asn, true, password);
var pfxb64 = Buffer.from(obj.fs.readFileSync(filename)).toString('base64');
var pfx = obj.forge.pkcs12.pkcs12FromAsn1(obj.forge.asn1.fromDer(obj.forge.util.decode64(pfxb64)), true, password);
// Get the certs from certbags
var bags = pfx.getBags({ bagType: obj.forge.pki.oids.certBag });
for (var i = 0; i < bags[obj.forge.pki.oids.certBag].length; i++) { r.certs.push(bags[obj.forge.pki.oids.certBag][i].cert); }
// Get shrouded key from key bags
bags = pfx.getBags({ bagType: obj.forge.pki.oids.pkcs8ShroudedKeyBag });
for (var i = 0; i < bags[obj.forge.pki.oids.pkcs8ShroudedKeyBag].length; i++) { r.keys.push(bags[obj.forge.pki.oids.pkcs8ShroudedKeyBag][i].key); }

View File

@ -1232,7 +1232,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
ChangeAgentCoreInfo({ "intelamt": { user: 'admin', pass: amtpassword, uuid: command.uuid, realm: command.realm } });
// Send the activation response
//obj.send(JSON.stringify(signResponse));
obj.send(JSON.stringify(signResponse));
}
break;
}

View File

@ -1,6 +1,6 @@
{
"name": "meshcentral",
"version": "0.3.6-r",
"version": "0.3.6-s",
"keywords": [
"Remote Management",
"Intel AMT",

View File

@ -82,6 +82,15 @@
"_MaxAgentSessions": 100,
"MaxSingleUserSessions": 10
},
"_AmtAcmActivation": {
"log": "amtactivation.log",
"certs": {
"mycertname": {
"certfiles": [ "amtacm-leafcert.crt", "amtacm-intermediate1.crt", "amtacm-intermediate2.crt", "amtacm-rootcert.crt" ],
"keyfile": "amtacm-leafcert.key"
}
}
},
"_Redirects": {
"meshcommander": "https://www.meshcommander.com/"
},

View File

@ -9885,7 +9885,7 @@ var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this
}
// Attribute: Mesh Agent
var agentsStr = ['Unknown', 'Windows 32bit console', 'Windows 64bit console', 'Windows 32bit service', 'Windows 64bit service', 'Linux 32bit', 'Linux 64bit', 'MIPS', 'XENx86', 'Android ARM', 'Linux ARM', 'MacOS 32bit', 'Android x86', 'PogoPlug ARM', 'Android APK', 'Linux Poky x86-32bit', 'MacOS 64bit', 'ChromeOS', 'Linux Poky x86-64bit', 'Linux NoKVM x86-32bit', 'Linux NoKVM x86-64bit', 'Windows MinCore console', 'Windows MinCore service', 'NodeJS', 'ARM-Linaro', 'ARMv6l / ARMv7l', 'ARMv8 64bit'];
var agentsStr = ['Unknown', 'Windows 32bit console', 'Windows 64bit console', 'Windows 32bit service', 'Windows 64bit service', 'Linux 32bit', 'Linux 64bit', 'MIPS', 'XENx86', 'Android ARM', 'Linux ARM', 'MacOS 32bit', 'Android x86', 'PogoPlug ARM', 'Android APK', 'Linux Poky x86-32bit', 'MacOS 64bit', 'ChromeOS', 'Linux Poky x86-64bit', 'Linux NoKVM x86-32bit', 'Linux NoKVM x86-64bit', 'Windows MinCore console', 'Windows MinCore service', 'NodeJS', 'ARM-Linaro', 'ARMv6l / ARMv7l', 'ARMv8 64bit', 'Unknown', 'Unknown', 'Unknown', 'FreeBSD x86-64'];
if ((node.agent != null) && (node.agent.id != null) && (node.agent.ver != null)) {
var str = '';
if (node.agent.id <= agentsStr.length) { str = agentsStr[node.agent.id]; } else { str = agentsStr[0]; }

View File

@ -3830,7 +3830,7 @@
}
// Attribute: Mesh Agent
var agentsStr = ['Unknown', 'Windows 32bit console', 'Windows 64bit console', 'Windows 32bit service', 'Windows 64bit service', 'Linux 32bit', 'Linux 64bit', 'MIPS', 'XENx86', 'Android ARM', 'Linux ARM', 'MacOS 32bit', 'Android x86', 'PogoPlug ARM', 'Android APK', 'Linux Poky x86-32bit', 'MacOS 64bit', 'ChromeOS', 'Linux Poky x86-64bit', 'Linux NoKVM x86-32bit', 'Linux NoKVM x86-64bit', 'Windows MinCore console', 'Windows MinCore service', 'NodeJS', 'ARM-Linaro', 'ARMv6l / ARMv7l', 'ARMv8 64bit'];
var agentsStr = ['Unknown', 'Windows 32bit console', 'Windows 64bit console', 'Windows 32bit service', 'Windows 64bit service', 'Linux 32bit', 'Linux 64bit', 'MIPS', 'XENx86', 'Android ARM', 'Linux ARM', 'MacOS 32bit', 'Android x86', 'PogoPlug ARM', 'Android APK', 'Linux Poky x86-32bit', 'MacOS 64bit', 'ChromeOS', 'Linux Poky x86-64bit', 'Linux NoKVM x86-32bit', 'Linux NoKVM x86-64bit', 'Windows MinCore console', 'Windows MinCore service', 'NodeJS', 'ARM-Linaro', 'ARMv6l / ARMv7l', 'ARMv8 64bit', 'Unknown', 'Unknown', 'Unknown', 'FreeBSD x86-64'];
if ((node.agent != null) && (node.agent.id != null) && (node.agent.ver != null)) {
var str = '';
if (node.agent.id <= agentsStr.length) { str = agentsStr[node.agent.id]; } else { str = agentsStr[0]; }