Improved CertURL certificate loading.

This commit is contained in:
Ylian Saint-Hilaire 2020-03-19 13:42:37 -07:00
parent 5aa82aa580
commit 6b1a9d8444
6 changed files with 13 additions and 8 deletions

View File

@ -607,7 +607,7 @@ module.exports.CreateAmtRemoteIder = function (webserver, meshcentral) {
if (g_len > obj.iderinfo.readbfr) { len = obj.iderinfo.readbfr; } if (g_len > obj.iderinfo.readbfr) { len = obj.iderinfo.readbfr; }
g_len -= len; g_len -= len;
g_lba += len; g_lba += len;
var buffer = new Buffer(len); var buffer = Buffer.alloc(len);
fs.read(g_media, buffer, 0, len, lba, function (error, bytesRead, buffer) { fs.read(g_media, buffer, 0, len, lba, function (error, bytesRead, buffer) {
obj.SendDataToHost(g_dev, (g_len == 0), buffer.toString('binary'), featureRegister & 1); obj.SendDataToHost(g_dev, (g_len == 0), buffer.toString('binary'), featureRegister & 1);
if ((g_len > 0) && (g_reset == false)) { if ((g_len > 0) && (g_reset == false)) {

View File

@ -733,7 +733,7 @@ function AmtStackCreateService(wsmanStack) {
e = null; e = null;
try { try {
es = atob(responses.Body['EventRecords'][i]); es = atob(responses.Body['EventRecords'][i]);
e = new Buffer(es); e = Buffer.from(es);
} catch (ex) { } catch (ex) {
console.log(ex + " " + responses.Body['EventRecords'][i]) console.log(ex + " " + responses.Body['EventRecords'][i])
} }

View File

@ -200,12 +200,17 @@ module.exports.CertificateOperations = function (parent) {
if (u.protocol == 'https:') { if (u.protocol == 'https:') {
// Read the certificate from HTTPS // Read the certificate from HTTPS
if (hostname == null) { hostname = u.hostname; } if (hostname == null) { hostname = u.hostname; }
const tlssocket = obj.tls.connect((u.port ? u.port : 443), u.hostname, { servername: hostname, rejectUnauthorized: false }, function () { this.xxcert = this.getPeerCertificate(); this.end(); }); parent.debug('cert', "loadCertificate() - Loading certificate from " + u.hostname + ":" + (u.port ? u.port : 443) + ", Hostname: " + hostname + "...");
const tlssocket = obj.tls.connect((u.port ? u.port : 443), u.hostname, { servername: hostname, rejectUnauthorized: false }, function () {
this.xxcert = this.getPeerCertificate();
parent.debug('cert', "loadCertificate() - TLS connected, " + ((this.xxcert != null) ? "got certificate." : "no certificate."));
try { this.destroy(); } catch (ex) { }
this.xxfunc(this.xxurl, (this.xxcert == null)?null:(this.xxcert.raw.toString('binary')), hostname, this.xxtag);
});
tlssocket.xxurl = url; tlssocket.xxurl = url;
tlssocket.xxfunc = func; tlssocket.xxfunc = func;
tlssocket.xxtag = tag; tlssocket.xxtag = tag;
tlssocket.on('end', function () { this.xxfunc(this.xxurl, this.xxcert.raw.toString('binary'), hostname, this.xxtag); }); tlssocket.on('error', function (error) { try { this.destroy(); } catch (ex) { } parent.debug('cert', "loadCertificate() - TLS error: " + error); this.xxfunc(this.xxurl, null, hostname, this.xxtag); });
tlssocket.on('error', function () { this.xxfunc(this.xxurl, null, hostname, this.xxtag); });
} else if (u.protocol == 'file:') { } else if (u.protocol == 'file:') {
// Read the certificate from a file // Read the certificate from a file
obj.fs.readFile(url.substring(7), 'utf8', function (err, data) { obj.fs.readFile(url.substring(7), 'utf8', function (err, data) {

View File

@ -398,7 +398,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
parent.parent.updateProxyCertificates(false); parent.parent.updateProxyCertificates(false);
} }
parent.agentStats.agentBadWebCertHashCount++; parent.agentStats.agentBadWebCertHashCount++;
console.log('Agent bad web cert hash (Agent:' + (Buffer.from(msg.substring(2, 50), 'binary').toString('hex').substring(0, 10)) + ' != Server:' + (Buffer.from(getWebCertHash(domain), 'binary').toString('hex').substring(0, 10)) + ' or ' + (new Buffer(getWebCertFullHash(domain), 'binary').toString('hex').substring(0, 10)) + '), holding connection (' + obj.remoteaddrport + ').'); console.log('Agent bad web cert hash (Agent:' + (Buffer.from(msg.substring(2, 50), 'binary').toString('hex').substring(0, 10)) + ' != Server:' + (Buffer.from(getWebCertHash(domain), 'binary').toString('hex').substring(0, 10)) + ' or ' + (Buffer.from(getWebCertFullHash(domain), 'binary').toString('hex').substring(0, 10)) + '), holding connection (' + obj.remoteaddrport + ').');
console.log('Agent reported web cert hash:' + (Buffer.from(msg.substring(2, 50), 'binary').toString('hex')) + '.'); console.log('Agent reported web cert hash:' + (Buffer.from(msg.substring(2, 50), 'binary').toString('hex')) + '.');
return; return;
} }

View File

@ -124,7 +124,7 @@ module.exports.CreateMQTTBroker = function (parent, db, args) {
// Look for any MQTT connections to send this to // Look for any MQTT connections to send this to
var clients = obj.connections[nodeid]; var clients = obj.connections[nodeid];
if (clients == null) return; if (clients == null) return;
if (typeof message == 'string') { message = new Buffer(message); } if (typeof message == 'string') { message = Buffer.from(message); }
for (var i in clients) { for (var i in clients) {
// Only publish to client that subscribe to the topic // Only publish to client that subscribe to the topic
if (clients[i].subscriptions[topic] != null) { clients[i].publish({ cmd: 'publish', qos: 0, topic: topic, payload: message, retain: false }); } if (clients[i].subscriptions[topic] != null) { clients[i].publish({ cmd: 'publish', qos: 0, topic: topic, payload: message, retain: false }); }

View File

@ -251,7 +251,7 @@ module.exports.CreateWebAuthnModule = function () {
function ASN1toPEM(pkBuffer) { function ASN1toPEM(pkBuffer) {
if (!Buffer.isBuffer(pkBuffer)) { throw new Error("ASN1toPEM: pkBuffer must be Buffer."); } if (!Buffer.isBuffer(pkBuffer)) { throw new Error("ASN1toPEM: pkBuffer must be Buffer."); }
let type; let type;
if (pkBuffer.length == 65 && pkBuffer[0] == 0x04) { pkBuffer = Buffer.concat([new Buffer.from("3059301306072a8648ce3d020106082a8648ce3d030107034200", "hex"), pkBuffer]); type = 'PUBLIC KEY'; } else { type = 'CERTIFICATE'; } if (pkBuffer.length == 65 && pkBuffer[0] == 0x04) { pkBuffer = Buffer.concat([Buffer.from("3059301306072a8648ce3d020106082a8648ce3d030107034200", "hex"), pkBuffer]); type = 'PUBLIC KEY'; } else { type = 'CERTIFICATE'; }
const b64cert = pkBuffer.toString('base64'); const b64cert = pkBuffer.toString('base64');
let PEMKey = ''; let PEMKey = '';
for (let i = 0; i < Math.ceil(b64cert.length / 64); i++) { const start = 64 * i; PEMKey += b64cert.substr(start, 64) + '\n'; } for (let i = 0; i < Math.ceil(b64cert.length / 64); i++) { const start = 64 * i; PEMKey += b64cert.substr(start, 64) + '\n'; }