Rephl3x/cert-management
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Parse INF CN and SANs explicitly

Browse Source
This commit is contained in:
Zak Bearman
2026-01-30 12:57:42 +13:00
parent ad735ff4aa
commit 61db7ea651
1 changed files with 44 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
certy.ps1
View File

@@ -234,30 +234,55 @@ function Get-DefaultValue {
return $prop.Value return $prop.Value
} }
function Get-HostsFromInfLines { function Get-InfRequestFromLines {
param([string[]]$Lines) param([string[]]$Lines)
$set = New-Object System.Collections.Generic.HashSet[string] ([System.StringComparer]::OrdinalIgnoreCase)
if (-not $Lines) { return @() } $commonName = $null
$sans = New-Object System.Collections.Generic.List[string]
$sanSet = New-Object System.Collections.Generic.HashSet[string] ([System.StringComparer]::OrdinalIgnoreCase)
if (-not $Lines) {
return [pscustomobject]@{
CommonName = $null
Sans = @()
Hosts = @()
}
}
foreach ($line in $Lines) { foreach ($line in $Lines) {
if ([string]::IsNullOrWhiteSpace($line)) { continue } if ([string]::IsNullOrWhiteSpace($line)) { continue }
if ($line.TrimStart() -match '^[;#]') { continue } if ($line.TrimStart() -match '^[;#]') { continue }
if (-not $commonName -and ($line -match '(?i)^\s*subject\s*=\s*"?([^"]+)"?')) {
$subject = $Matches[1]
if ($subject -match '(?i)\bCN\s*=\s*([^,"]+)') {
$commonName = $Matches[1].Trim()
}
}
$matches = [regex]::Matches($line, '(?i)\bdns\s*=\s*([^&",\s]+)') $matches = [regex]::Matches($line, '(?i)\bdns\s*=\s*([^&",\s]+)')
foreach ($match in $matches) { foreach ($match in $matches) {
$value = $match.Groups[1].Value.Trim() $value = $match.Groups[1].Value.Trim()
if ($value) { [void]$set.Add($value) } if ($value -and $sanSet.Add($value)) {
$sans.Add($value)
}
} }
} }
if ($set.Count -gt 0) { return $set | Sort-Object } $hosts = New-Object System.Collections.Generic.List[string]
if ($commonName) {
$subjectLine = $Lines | Where-Object { $_ -match '(?i)^\s*subject\s*=' } | Select-Object -First 1 $hosts.Add($commonName)
if ($subjectLine -and ($subjectLine -match '(?i)\bCN\s*=\s*([^,"]+)')) { }
$cn = $Matches[1].Trim() foreach ($san in $sans) {
if ($cn) { [void]$set.Add($cn) } if ($commonName -and $san.Equals($commonName, [System.StringComparison]::OrdinalIgnoreCase)) { continue }
$hosts.Add($san)
} }
return $set | Sort-Object return [pscustomobject]@{
CommonName = $commonName
Sans = $sans
Hosts = $hosts
}
} }
function Remove-InfSubjectLines { function Remove-InfSubjectLines {
@@ -1463,7 +1488,8 @@ $infImportBtn.Add_Click({
foreach ($infFile in $infFiles) { foreach ($infFile in $infFiles) {
$lines = Get-Content -Path $infFile.FullName $lines = Get-Content -Path $infFile.FullName
$hosts = @(Get-HostsFromInfLines -Lines $lines) $reqData = Get-InfRequestFromLines -Lines $lines
$hosts = @($reqData.Hosts)
$sanitize = Remove-InfSubjectLines -Lines $lines $sanitize = Remove-InfSubjectLines -Lines $lines
$sanitizedPath = Save-SanitizedInf -FileName $infFile.Name -Lines $sanitize.Lines -Subdir "inf-sanitized" $sanitizedPath = Save-SanitizedInf -FileName $infFile.Name -Lines $sanitize.Lines -Subdir "inf-sanitized"
if ($sanitize.Removed) { $subjectRemovedCount++ } if ($sanitize.Removed) { $subjectRemovedCount++ }
@@ -1478,10 +1504,16 @@ $infImportBtn.Add_Click({
$script:infRequests += [pscustomobject]@{ $script:infRequests += [pscustomobject]@{
File = $infFile.FullName File = $infFile.FullName
Hosts = $hosts Hosts = $hosts
CommonName = $reqData.CommonName
Sans = @($reqData.Sans)
Sanitized = $sanitizedPath Sanitized = $sanitizedPath
CsrInf = $csrInfPath CsrInf = $csrInfPath
} }
$infHosts += $hosts $infHosts += $hosts
if ($reqData.CommonName) {
$sanList = if ($reqData.Sans.Count -gt 0) { $reqData.Sans -join ", " } else { "none" }
& $logAction "INF $($infFile.Name): CN=$($reqData.CommonName); SANs=$sanList"
}
} }
$infHosts = @($infHosts | Where-Object { $_ } | Sort-Object -Unique) $infHosts = @($infHosts | Where-Object { $_ } | Sort-Object -Unique)