allow san/cn to be an exact match for the domain name

dgaley · dgaley · commit e25e4360aa64 · 2025-12-04T05:09:36.000-05:00
diff --git a/src/GlobalSignCAProxy/GlobalSignCAProxy.cs b/src/GlobalSignCAProxy/GlobalSignCAProxy.cs
@@ -28,6 +28,7 @@
 using System.Linq;
 using System.Security.Policy;
 using System.Text;
+using System.Text.RegularExpressions;
 using System.Threading;
 using System.Web.Services.Configuration;
 
@@ -139,13 +140,15 @@ public override EnrollmentResult Enroll(ICertificateDataReader certificateDataRe
 					if (sanDict["dns"].Count() > 0)
 					{
 						string dnsSan = sanDict["dns"][0];
-						matchedDomains = validDomains.Where(d => dnsSan.EndsWith($".{d.DomainName}", StringComparison.OrdinalIgnoreCase)).ToList();
+						matchedDomains = validDomains.Where(d => dnsSan.Equals(d.DomainName, StringComparison.OrdinalIgnoreCase)
+								|| dnsSan.EndsWith($".{d.DomainName}", StringComparison.OrdinalIgnoreCase)).ToList();
 						commonName = dnsSan;
 					}
 				}
 				else
 				{
-					matchedDomains = validDomains.Where(d => commonName.EndsWith($".{d.DomainName}", StringComparison.OrdinalIgnoreCase)).ToList();
+					matchedDomains = validDomains.Where(d => commonName.Equals(d.DomainName, StringComparison.OrdinalIgnoreCase)
+							|| commonName.EndsWith($".{d.DomainName}", StringComparison.OrdinalIgnoreCase)).ToList();
 				}
 
 				if (matchedDomains == null || matchedDomains.Count == 0)

Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,7 @@`
`28`	`28`	`using System.Linq;`
`29`	`29`	`using System.Security.Policy;`
`30`	`30`	`using System.Text;`
	`31`	`+using System.Text.RegularExpressions;`
`31`	`32`	`using System.Threading;`
`32`	`33`	`using System.Web.Services.Configuration;`
`33`	`34`
`@@ -139,13 +140,15 @@ public override EnrollmentResult Enroll(ICertificateDataReader certificateDataRe`
`139`	`140`	`if (sanDict["dns"].Count() > 0)`
`140`	`141`	`{`
`141`	`142`	`string dnsSan = sanDict["dns"][0];`
`142`		`- matchedDomains = validDomains.Where(d => dnsSan.EndsWith($".{d.DomainName}", StringComparison.OrdinalIgnoreCase)).ToList();`
	`143`	`+ matchedDomains = validDomains.Where(d => dnsSan.Equals(d.DomainName, StringComparison.OrdinalIgnoreCase)`
	`144`	`+ \|\| dnsSan.EndsWith($".{d.DomainName}", StringComparison.OrdinalIgnoreCase)).ToList();`
`143`	`145`	`commonName = dnsSan;`
`144`	`146`	`}`
`145`	`147`	`}`
`146`	`148`	`else`
`147`	`149`	`{`
`148`		`- matchedDomains = validDomains.Where(d => commonName.EndsWith($".{d.DomainName}", StringComparison.OrdinalIgnoreCase)).ToList();`
	`150`	`+ matchedDomains = validDomains.Where(d => commonName.Equals(d.DomainName, StringComparison.OrdinalIgnoreCase)`
	`151`	`+ \|\| commonName.EndsWith($".{d.DomainName}", StringComparison.OrdinalIgnoreCase)).ToList();`
`149`	`152`	`}`
`150`	`153`
`151`	`154`	`if (matchedDomains == null \|\| matchedDomains.Count == 0)`