Merge pull request #2148 from codefori/fix/certificateDNS

Added simple hostname to debug certificate subjectAltName
codefori · Jul 1, 2024 · e789fc3 · e789fc3
2 parents ab4d38c + c0a325e
commit e789fc3
Showing 1 changed file with 17 additions and 12 deletions.
diff --git a/src/api/debug/certificates.ts b/src/api/debug/certificates.ts
@@ -13,7 +13,7 @@ import { DEBUG_CONFIG_FILE, DebugConfiguration, getDebugServiceDetails, getJavaH
 
 type HostInfo = {
   ip: string
-  hostName: string
+  hostNames: string[]
 }
 
 export type ImportedCertificate = {
@@ -31,35 +31,40 @@ export const CLIENT_CERTIFICATE = `debug_service.crt`;
 export const LEGACY_CERT_DIRECTORY = `/QIBM/ProdData/IBMiDebugService/bin/certs`;
 
 async function getHostInfo(connection: IBMi): Promise<HostInfo> {
-  const hostName = (await connection.sendCommand({ command: `hostname` })).stdout;
-  if (!hostName) {
+  const hostNames = [
+    (await connection.sendCommand({ command: `hostname` })).stdout,
+    (await connection.sendCommand({ command: `hostname -s` })).stdout
+  ]
+    .filter(Tools.distinct)
+    .filter(Boolean);
+
+  if (!hostNames.length) {
     throw new Error(`Hostname is undefined on ${connection.currentHost}; please fix the TCP/IP configuration.`);
   }
 
   let ip;
   try {
-    ip = (await dnsLookup(hostName)).address
+    ip = (await dnsLookup(hostNames[0])).address
   }
   catch (error) {
     if (IP_REGEX.test(connection.currentHost)) {
       ip = connection.currentHost;
     }
     else {
-      throw new Error(`IP address for ${hostName} could not be resolved: ${error}`);
+      throw new Error(`IP address for ${hostNames[0]} could not be resolved: ${error}`);
     }
   }
 
-  return { hostName, ip };
+  return { hostNames, ip };
 }
 
 async function getExtFileContent(hostInfo: HostInfo) {
   let extFileContent;
-  if (hostInfo.ip && hostInfo.hostName) {
-    extFileContent = `subjectAltName=DNS:${hostInfo.hostName},IP:${hostInfo.ip}`;
-  } else if (hostInfo.hostName) {
-    extFileContent = `subjectAltName=DNS:${hostInfo.hostName}`;
+  const dns = hostInfo.hostNames.map(hostName => `DNS:${hostName}`).join(',');
+  if (hostInfo.ip) {
+    extFileContent = `subjectAltName=${dns},IP:${hostInfo.ip}`;
   } else {
-    extFileContent = `subjectAltName=IP:${hostInfo.ip}`;
+    extFileContent = `subjectAltName=${dns}`;
   }
 
   return extFileContent;
@@ -139,7 +144,7 @@ export async function setup(connection: IBMi, imported?: ImportedCertificate) {
       //This will generate everything at once and keep only the .pfx (keystore) and .crt (client certificate) files.
       const commands = [
         `openssl genrsa -out debug_service.key 2048`,
-        `openssl req -new -key debug_service.key -out debug_service.csr -subj '/CN=${hostInfo.hostName}'`,
+        `openssl req -new -key debug_service.key -out debug_service.csr -subj '/CN=${hostInfo.hostNames[0]}'`,
         `openssl x509 -req -in debug_service.csr -signkey debug_service.key -out ${CLIENT_CERTIFICATE} -days 1095 -sha256 -req -extfile <(printf "${extFileContent}")`,
         `openssl pkcs12 -export -out ${SERVICE_CERTIFICATE} -inkey debug_service.key -in ${CLIENT_CERTIFICATE} -password pass:${password}`,
         `rm debug_service.key debug_service.csr`