Fix unreleased bug when parsing distinguished name from host certificates (#27070)

2026-05-24 09:28:54 +00:00 · 2025-03-12 12:18:41 -05:00 · 2025-03-12 12:18:41 -05:00 · 26c5bc72b1
commit 26c5bc72b1
parent 5451cd13d4
2 changed files with 25 additions and 7 deletions
--- a/server/fleet/host_certificates.go
+++ b/server/fleet/host_certificates.go
@ -4,7 +4,6 @@ import (
 	"crypto/sha1" // nolint:gosec // used for compatibility with existing osquery certificates table schema
 	"crypto/x509"
 	"errors"
-	"fmt"
 	"strings"
 	"time"
 )
@ -190,12 +189,6 @@ type MDMAppleErrorChainItem struct {
 func ExtractDetailsFromOsqueryDistinguishedName(str string) (*HostCertificateNameDetails, error) {
 	str = strings.TrimSpace(str)
 	str = strings.Trim(str, "/")
-
-	fmt.Printf("Certificate: %s\n", str)
-	if !strings.Contains(str, "/") {
-		return nil, errors.New("invalid format, wrong separator")
-	}
-
 	parts := strings.Split(str, "/")

 	var details HostCertificateNameDetails
--- a/server/fleet/host_certificates_test.go
+++ b/server/fleet/host_certificates_test.go
@ -90,6 +90,31 @@ func TestExtractHostCertificateNameDetails(t *testing.T) {
 			input:    "/C=US/O=Fleet Device Management Inc./OU=Fleet Device Management Inc./CN=FleetDM/",
 			expected: &expected,
 		},
+		{
+			name:  "simple common name",
+			input: "/CN=FleetDM",
+			expected: &HostCertificateNameDetails{
+				Country:            "",
+				Organization:       "",
+				OrganizationalUnit: "",
+				CommonName:         "FleetDM",
+			},
+		},
+		{
+			name:  "simple common name with no leading slash",
+			input: "CN=FleetDM",
+			expected: &HostCertificateNameDetails{
+				Country:            "",
+				Organization:       "",
+				OrganizationalUnit: "",
+				CommonName:         "FleetDM",
+			},
+		},
+		{
+			name:  "invalid separator",
+			input: "/C=US,O=Fleet Device Management Inc.,OU=Fleet Device Management Inc.,CN=FleetDM",
+			err:   true,
+		},
 	}
 	for _, tc := range cases {
 		t.Run(tc.name, func(t *testing.T) {