mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-11-22 22:17:31 +03:00
Improved CertURL certificate loading.
This commit is contained in:
parent
5aa82aa580
commit
6b1a9d8444
@ -607,7 +607,7 @@ module.exports.CreateAmtRemoteIder = function (webserver, meshcentral) {
|
|||||||
if (g_len > obj.iderinfo.readbfr) { len = obj.iderinfo.readbfr; }
|
if (g_len > obj.iderinfo.readbfr) { len = obj.iderinfo.readbfr; }
|
||||||
g_len -= len;
|
g_len -= len;
|
||||||
g_lba += len;
|
g_lba += len;
|
||||||
var buffer = new Buffer(len);
|
var buffer = Buffer.alloc(len);
|
||||||
fs.read(g_media, buffer, 0, len, lba, function (error, bytesRead, buffer) {
|
fs.read(g_media, buffer, 0, len, lba, function (error, bytesRead, buffer) {
|
||||||
obj.SendDataToHost(g_dev, (g_len == 0), buffer.toString('binary'), featureRegister & 1);
|
obj.SendDataToHost(g_dev, (g_len == 0), buffer.toString('binary'), featureRegister & 1);
|
||||||
if ((g_len > 0) && (g_reset == false)) {
|
if ((g_len > 0) && (g_reset == false)) {
|
||||||
|
@ -733,7 +733,7 @@ function AmtStackCreateService(wsmanStack) {
|
|||||||
e = null;
|
e = null;
|
||||||
try {
|
try {
|
||||||
es = atob(responses.Body['EventRecords'][i]);
|
es = atob(responses.Body['EventRecords'][i]);
|
||||||
e = new Buffer(es);
|
e = Buffer.from(es);
|
||||||
} catch (ex) {
|
} catch (ex) {
|
||||||
console.log(ex + " " + responses.Body['EventRecords'][i])
|
console.log(ex + " " + responses.Body['EventRecords'][i])
|
||||||
}
|
}
|
||||||
|
@ -200,12 +200,17 @@ module.exports.CertificateOperations = function (parent) {
|
|||||||
if (u.protocol == 'https:') {
|
if (u.protocol == 'https:') {
|
||||||
// Read the certificate from HTTPS
|
// Read the certificate from HTTPS
|
||||||
if (hostname == null) { hostname = u.hostname; }
|
if (hostname == null) { hostname = u.hostname; }
|
||||||
const tlssocket = obj.tls.connect((u.port ? u.port : 443), u.hostname, { servername: hostname, rejectUnauthorized: false }, function () { this.xxcert = this.getPeerCertificate(); this.end(); });
|
parent.debug('cert', "loadCertificate() - Loading certificate from " + u.hostname + ":" + (u.port ? u.port : 443) + ", Hostname: " + hostname + "...");
|
||||||
|
const tlssocket = obj.tls.connect((u.port ? u.port : 443), u.hostname, { servername: hostname, rejectUnauthorized: false }, function () {
|
||||||
|
this.xxcert = this.getPeerCertificate();
|
||||||
|
parent.debug('cert', "loadCertificate() - TLS connected, " + ((this.xxcert != null) ? "got certificate." : "no certificate."));
|
||||||
|
try { this.destroy(); } catch (ex) { }
|
||||||
|
this.xxfunc(this.xxurl, (this.xxcert == null)?null:(this.xxcert.raw.toString('binary')), hostname, this.xxtag);
|
||||||
|
});
|
||||||
tlssocket.xxurl = url;
|
tlssocket.xxurl = url;
|
||||||
tlssocket.xxfunc = func;
|
tlssocket.xxfunc = func;
|
||||||
tlssocket.xxtag = tag;
|
tlssocket.xxtag = tag;
|
||||||
tlssocket.on('end', function () { this.xxfunc(this.xxurl, this.xxcert.raw.toString('binary'), hostname, this.xxtag); });
|
tlssocket.on('error', function (error) { try { this.destroy(); } catch (ex) { } parent.debug('cert', "loadCertificate() - TLS error: " + error); this.xxfunc(this.xxurl, null, hostname, this.xxtag); });
|
||||||
tlssocket.on('error', function () { this.xxfunc(this.xxurl, null, hostname, this.xxtag); });
|
|
||||||
} else if (u.protocol == 'file:') {
|
} else if (u.protocol == 'file:') {
|
||||||
// Read the certificate from a file
|
// Read the certificate from a file
|
||||||
obj.fs.readFile(url.substring(7), 'utf8', function (err, data) {
|
obj.fs.readFile(url.substring(7), 'utf8', function (err, data) {
|
||||||
|
@ -398,7 +398,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
|
|||||||
parent.parent.updateProxyCertificates(false);
|
parent.parent.updateProxyCertificates(false);
|
||||||
}
|
}
|
||||||
parent.agentStats.agentBadWebCertHashCount++;
|
parent.agentStats.agentBadWebCertHashCount++;
|
||||||
console.log('Agent bad web cert hash (Agent:' + (Buffer.from(msg.substring(2, 50), 'binary').toString('hex').substring(0, 10)) + ' != Server:' + (Buffer.from(getWebCertHash(domain), 'binary').toString('hex').substring(0, 10)) + ' or ' + (new Buffer(getWebCertFullHash(domain), 'binary').toString('hex').substring(0, 10)) + '), holding connection (' + obj.remoteaddrport + ').');
|
console.log('Agent bad web cert hash (Agent:' + (Buffer.from(msg.substring(2, 50), 'binary').toString('hex').substring(0, 10)) + ' != Server:' + (Buffer.from(getWebCertHash(domain), 'binary').toString('hex').substring(0, 10)) + ' or ' + (Buffer.from(getWebCertFullHash(domain), 'binary').toString('hex').substring(0, 10)) + '), holding connection (' + obj.remoteaddrport + ').');
|
||||||
console.log('Agent reported web cert hash:' + (Buffer.from(msg.substring(2, 50), 'binary').toString('hex')) + '.');
|
console.log('Agent reported web cert hash:' + (Buffer.from(msg.substring(2, 50), 'binary').toString('hex')) + '.');
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -124,7 +124,7 @@ module.exports.CreateMQTTBroker = function (parent, db, args) {
|
|||||||
// Look for any MQTT connections to send this to
|
// Look for any MQTT connections to send this to
|
||||||
var clients = obj.connections[nodeid];
|
var clients = obj.connections[nodeid];
|
||||||
if (clients == null) return;
|
if (clients == null) return;
|
||||||
if (typeof message == 'string') { message = new Buffer(message); }
|
if (typeof message == 'string') { message = Buffer.from(message); }
|
||||||
for (var i in clients) {
|
for (var i in clients) {
|
||||||
// Only publish to client that subscribe to the topic
|
// Only publish to client that subscribe to the topic
|
||||||
if (clients[i].subscriptions[topic] != null) { clients[i].publish({ cmd: 'publish', qos: 0, topic: topic, payload: message, retain: false }); }
|
if (clients[i].subscriptions[topic] != null) { clients[i].publish({ cmd: 'publish', qos: 0, topic: topic, payload: message, retain: false }); }
|
||||||
|
@ -251,7 +251,7 @@ module.exports.CreateWebAuthnModule = function () {
|
|||||||
function ASN1toPEM(pkBuffer) {
|
function ASN1toPEM(pkBuffer) {
|
||||||
if (!Buffer.isBuffer(pkBuffer)) { throw new Error("ASN1toPEM: pkBuffer must be Buffer."); }
|
if (!Buffer.isBuffer(pkBuffer)) { throw new Error("ASN1toPEM: pkBuffer must be Buffer."); }
|
||||||
let type;
|
let type;
|
||||||
if (pkBuffer.length == 65 && pkBuffer[0] == 0x04) { pkBuffer = Buffer.concat([new Buffer.from("3059301306072a8648ce3d020106082a8648ce3d030107034200", "hex"), pkBuffer]); type = 'PUBLIC KEY'; } else { type = 'CERTIFICATE'; }
|
if (pkBuffer.length == 65 && pkBuffer[0] == 0x04) { pkBuffer = Buffer.concat([Buffer.from("3059301306072a8648ce3d020106082a8648ce3d030107034200", "hex"), pkBuffer]); type = 'PUBLIC KEY'; } else { type = 'CERTIFICATE'; }
|
||||||
const b64cert = pkBuffer.toString('base64');
|
const b64cert = pkBuffer.toString('base64');
|
||||||
let PEMKey = '';
|
let PEMKey = '';
|
||||||
for (let i = 0; i < Math.ceil(b64cert.length / 64); i++) { const start = 64 * i; PEMKey += b64cert.substr(start, 64) + '\n'; }
|
for (let i = 0; i < Math.ceil(b64cert.length / 64); i++) { const start = 64 * i; PEMKey += b64cert.substr(start, 64) + '\n'; }
|
||||||
|
Loading…
Reference in New Issue
Block a user