Parse INF CN and SANs explicitly

2026-01-30 12:57:42 +13:00
parent ad735ff4aa
commit 61db7ea651
1 changed files with 44 additions and 12 deletions
--- a/certy.ps1
+++ b/certy.ps1
@@ -234,30 +234,55 @@ function Get-DefaultValue {
    return $prop.Value
 }

-function Get-HostsFromInfLines {
+function Get-InfRequestFromLines {
    param([string[]]$Lines)
-    $set = New-Object System.Collections.Generic.HashSet[string] ([System.StringComparer]::OrdinalIgnoreCase)
-    if (-not $Lines) { return @() }
+
+    $commonName = $null
+    $sans = New-Object System.Collections.Generic.List[string]
+    $sanSet = New-Object System.Collections.Generic.HashSet[string] ([System.StringComparer]::OrdinalIgnoreCase)
+
+    if (-not $Lines) {
+        return [pscustomobject]@{
+            CommonName = $null
+            Sans       = @()
+            Hosts      = @()
+        }
+    }

    foreach ($line in $Lines) {
        if ([string]::IsNullOrWhiteSpace($line)) { continue }
        if ($line.TrimStart() -match '^[;#]') { continue }
+
+        if (-not $commonName -and ($line -match '(?i)^\s*subject\s*=\s*"?([^"]+)"?')) {
+            $subject = $Matches[1]
+            if ($subject -match '(?i)\bCN\s*=\s*([^,"]+)') {
+                $commonName = $Matches[1].Trim()
+            }
+        }
+
        $matches = [regex]::Matches($line, '(?i)\bdns\s*=\s*([^&",\s]+)')
        foreach ($match in $matches) {
            $value = $match.Groups[1].Value.Trim()
-            if ($value) { [void]$set.Add($value) }
+            if ($value -and $sanSet.Add($value)) {
+                $sans.Add($value)
+            }
        }
    }

-    if ($set.Count -gt 0) { return $set | Sort-Object }
-
-    $subjectLine = $Lines | Where-Object { $_ -match '(?i)^\s*subject\s*=' } | Select-Object -First 1
-    if ($subjectLine -and ($subjectLine -match '(?i)\bCN\s*=\s*([^,"]+)')) {
-        $cn = $Matches[1].Trim()
-        if ($cn) { [void]$set.Add($cn) }
+    $hosts = New-Object System.Collections.Generic.List[string]
+    if ($commonName) {
+        $hosts.Add($commonName)
+    }
+    foreach ($san in $sans) {
+        if ($commonName -and $san.Equals($commonName, [System.StringComparison]::OrdinalIgnoreCase)) { continue }
+        $hosts.Add($san)
    }

-    return $set | Sort-Object
+    return [pscustomobject]@{
+        CommonName = $commonName
+        Sans       = $sans
+        Hosts      = $hosts
+    }
 }

 function Remove-InfSubjectLines {
@@ -1463,7 +1488,8 @@ $infImportBtn.Add_Click({

        foreach ($infFile in $infFiles) {
            $lines = Get-Content -Path $infFile.FullName
-            $hosts = @(Get-HostsFromInfLines -Lines $lines)
+            $reqData = Get-InfRequestFromLines -Lines $lines
+            $hosts = @($reqData.Hosts)
            $sanitize = Remove-InfSubjectLines -Lines $lines
            $sanitizedPath = Save-SanitizedInf -FileName $infFile.Name -Lines $sanitize.Lines -Subdir "inf-sanitized"
            if ($sanitize.Removed) { $subjectRemovedCount++ }
@@ -1478,10 +1504,16 @@ $infImportBtn.Add_Click({
            $script:infRequests += [pscustomobject]@{
                File = $infFile.FullName
                Hosts = $hosts
+                CommonName = $reqData.CommonName
+                Sans = @($reqData.Sans)
                Sanitized = $sanitizedPath
                CsrInf = $csrInfPath
            }
            $infHosts += $hosts
+            if ($reqData.CommonName) {
+                $sanList = if ($reqData.Sans.Count -gt 0) { $reqData.Sans -join ", " } else { "none" }
+                & $logAction "INF $($infFile.Name): CN=$($reqData.CommonName); SANs=$sanList"
+            }
        }

        $infHosts = @($infHosts | Where-Object { $_ } | Sort-Object -Unique)