Merge pull request #47 from Keyfactor/wildcard

dgaley · web-flow · commit 724ca9acc04c · 2025-11-11T10:23:36.000-05:00
better handling of wildcard/www prefixes
diff --git a/src/GlobalSignCAProxy/Api/GlobalSignEnrollRequest.cs b/src/GlobalSignCAProxy/Api/GlobalSignEnrollRequest.cs
@@ -90,10 +90,26 @@ public BmV2PvOrderRequest Request
 								Logger.Info($"SAN Entry {item} matches CN, removing from request");
 								continue;
 							}
-							if (string.Equals(item, $"*.{CommonName}", System.StringComparison.OrdinalIgnoreCase)
-								|| string.Equals($"*.{item}", CommonName, System.StringComparison.OrdinalIgnoreCase))
+							string trimCN = CommonName, trimItem = item;
+							if (trimCN.StartsWith("*."))
 							{
-								Logger.Info($"SAN Entry {item} is equivalent to CN ignoring wildcards, removing from request");
+								trimCN = trimCN.Substring(2);
+							}
+							else if (trimCN.StartsWith("www."))
+							{
+								trimCN = trimCN.Substring(4);
+							}
+							if (trimItem.StartsWith("*."))
+							{
+								trimItem = trimItem.Substring(2);
+							}
+							else if (trimItem.StartsWith("www."))
+							{
+								trimItem = trimItem.Substring(4);
+							}
+							if (string.Equals(trimCN, trimItem, System.StringComparison.OrdinalIgnoreCase))
+							{
+								Logger.Info($"SAN Entry {item} is equivalent to CN ignoring wildcards or www prefix, removing from request");
 								continue;
 							}
 							SANEntry entry = new SANEntry();
diff --git a/src/GlobalSignCAProxy/Api/GlobalSignRenewRequest.cs b/src/GlobalSignCAProxy/Api/GlobalSignRenewRequest.cs
@@ -44,10 +44,26 @@ public GlobalSignRenewRequest(GlobalSignCAConfig config) : base(config) { }
 								Logger.Info($"SAN Entry {item} matches CN, removing from request");
 								continue;
 							}
-							if (string.Equals(item, $"*.{CommonName}", System.StringComparison.OrdinalIgnoreCase)
-								|| string.Equals($"*.{item}", CommonName, System.StringComparison.OrdinalIgnoreCase))
+							string trimCN = CommonName, trimItem = item;
+							if (trimCN.StartsWith("*."))
 							{
-								Logger.Info($"SAN Entry {item} is the same base domain as the wildcard CN, removing from request");
+								trimCN = trimCN.Substring(2);
+							}
+							else if (trimCN.StartsWith("www."))
+							{
+								trimCN = trimCN.Substring(4);
+							}
+							if (trimItem.StartsWith("*."))
+							{
+								trimItem = trimItem.Substring(2);
+							}
+							else if (trimItem.StartsWith("www."))
+							{
+								trimItem = trimItem.Substring(4);
+							}
+							if (string.Equals(trimCN, trimItem, System.StringComparison.OrdinalIgnoreCase))
+							{
+								Logger.Info($"SAN Entry {item} is equivalent to CN ignoring wildcards or www prefix, removing from request");
 								continue;
 							}
 							SANEntry entry = new SANEntry();
