From 2ab89dc8a9a926a679224f3c32b76be644c799b7 Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Tue, 19 Nov 2019 11:18:08 -0800 Subject: [PATCH] Added extra checking for Let's Encrypt NodeJS version. --- letsEncrypt.js | 64 ++++++-------------------------------------------- meshcentral.js | 4 ++-- 2 files changed, 9 insertions(+), 59 deletions(-) diff --git a/letsEncrypt.js b/letsEncrypt.js index 9825b3a0..4f61782d 100644 --- a/letsEncrypt.js +++ b/letsEncrypt.js @@ -25,8 +25,9 @@ module.exports.CreateLetsEncrypt = function (parent) { parent.debug('cert', "Initializing Let's Encrypt support, using GreenLock v" + greenLockVersion); } - // Check the current node version - if (Number(process.version.match(/^v(\d+\.\d+)/)[1]) < 8) { return null; } + // Check the current node version and support for generateKeyPair + if (require('crypto').generateKeyPair == null) { return null; } + if (Number(process.version.match(/^v(\d+\.\d+)/)[1]) < 10) { return null; } // Try to delete the "./ursa-optional" or "./node_modules/ursa-optional" folder if present. // This is an optional module that GreenLock uses that causes issues. @@ -217,59 +218,12 @@ module.exports.CreateLetsEncrypt = function (parent) { // Check if we need to renew the certificate, call this every day. obj.checkRenewCertificate = function () { - obj.certCheckStart = Date.now(); - - // Check if there is anything in the let's encrypt folder - var somethingIsinFolder = false; - try { - var filesinFolder = require('fs').readdirSync(obj.runAsProduction ? obj.configPath : obj.configPathStaging); - somethingIsinFolder = (filesinFolder.indexOf(obj.runAsProduction ? 'live' : 'staging') != -1); - } catch (ex) { console.log(ex); } + parent.debug('cert', "Checking certificate for " + obj.leDomains[0] + " (" + (obj.runAsProduction ? "Production" : "Staging") + ")"); // Setup renew options + obj.certCheckStart = Date.now(); const xle = (obj.runAsProduction === true) ? obj.le : obj.leStaging; var renewOptions = { servername: obj.leDomains[0], altnames: obj.leDomains }; - - // Add the domains - if (somethingIsinFolder == false) { - try { - var addOptions = { subject: obj.leDomains[0], altnames: obj.leDomains }; - parent.debug('cert', "Adding domains: " + JSON.stringify(addOptions)); - xle.add(addOptions); - } catch (ex) { - parent.debug('cert', "add certificate exception: (" + JSON.stringify(ex) + ")"); - console.log(ex); - } - } - - /* - if (somethingIsinFolder == false) { - parent.debug('cert', "Getting certificate for " + obj.leDomains[0] + " (" + (obj.runAsProduction ? "Production" : "Staging") + ")"); - xle.get({ servername: obj.leDomains[0] }) - .then(function (results) { - if ((results == null) || (typeof results != 'object') || (results.length == 0) || (results[0].error != null)) { - parent.debug('cert', "Unable to get a certificate (" + (obj.runAsProduction ? "Production" : "Staging") + ", " + (Date.now() - obj.certCheckStart) + "ms): " + JSON.stringify(results)); - } else { - parent.debug('cert', "Get certificate completed (" + (obj.runAsProduction ? "Production" : "Staging") + ", " + (Date.now() - obj.certCheckStart) + "ms): " + JSON.stringify(results)); - if (obj.performRestart === true) { parent.debug('cert', "Certs changed, restarting..."); obj.parent.performServerCertUpdate(); } // Reset the server, TODO: Reset all peers - else if (obj.performMoveToProduction == true) { - parent.debug('cert', "Staging certificate received, moving to production..."); - obj.runAsProduction = true; - obj.performMoveToProduction = false; - obj.performRestart = true; - setTimeout(obj.checkRenewCertificate, 10000); // Check the certificate in 10 seconds. - } - } - }) - .catch(function (ex) { - parent.debug('cert', "getCertificate exception: (" + JSON.stringify(ex) + ")"); - console.log(ex); - }); - return; - } - */ - - parent.debug('cert', "Checking certificate for " + obj.leDomains[0] + " (" + (obj.runAsProduction ? "Production" : "Staging") + ")"); try { xle.renew(renewOptions) .then(function (results) { @@ -332,19 +286,15 @@ module.exports.create = function (options) { //console.log('LE-DEFAULTS-Production', options); if (options != null) { for (var i in options) { if (manager.parent.leDefaults[i] == null) { manager.parent.leDefaults[i] = options[i]; } } } r = manager.parent.leDefaults; - var mainsite = { subject: manager.parent.leDomains[0] }; - if (manager.parent.leDomains.length > 0) { mainsite.altnames = manager.parent.leDomains; } r.subscriberEmail = manager.parent.parent.config.letsencrypt.email; - r.sites = { mainsite: mainsite }; + r.sites = { mainsite: { subject: manager.parent.leDomains[0], altnames: manager.parent.leDomains } }; } else { // Staging //console.log('LE-DEFAULTS-Staging', options); if (options != null) { for (var i in options) { if (manager.parent.leDefaultsStaging[i] == null) { manager.parent.leDefaultsStaging[i] = options[i]; } } } r = manager.parent.leDefaultsStaging; - var mainsite = { subject: manager.parent.leDefaultsStaging[0] }; - if (manager.parent.leDefaultsStaging.length > 0) { mainsite.altnames = manager.parent.leDefaultsStaging; } r.subscriberEmail = manager.parent.parent.config.letsencrypt.email; - r.sites = { mainsite: mainsite }; + r.sites = { mainsite: { subject: manager.parent.leDomains[0], altnames: manager.parent.leDomains } }; } return r; }; diff --git a/meshcentral.js b/meshcentral.js index d6fbf206..ae319cf7 100644 --- a/meshcentral.js +++ b/meshcentral.js @@ -833,7 +833,7 @@ function CreateMeshCentralServer(config, args) { obj.certificateOperations.GetMeshServerCertificate(obj.args, obj.config, function (certs) { // Get the current node version const nodeVersion = Number(process.version.match(/^v(\d+\.\d+)/)[1]); - if ((nodeVersion < 8) || (obj.config.letsencrypt == null) || (obj.redirserver == null)) { + if ((nodeVersion < 8) || (require('crypto').generateKeyPair == null) || (obj.config.letsencrypt == null) || (obj.redirserver == null)) { obj.StartEx3(certs); // Just use the configured certificates } else { var le = require('./letsencrypt.js'); @@ -2040,7 +2040,7 @@ function mainStart() { if (require('os').platform() == 'win32') { modules.push('node-windows'); if (sspi == true) { modules.push('node-sspi'); } } // Add Windows modules if (ldap == true) { modules.push('ldapauth-fork'); } //if (config.letsencrypt != null) { modules.push('greenlock@2.8.8'); modules.push('le-store-certbot'); modules.push('le-challenge-fs'); modules.push('le-acme-core'); } // Add Greenlock Modules - if (config.letsencrypt != null) { if (nodeVersion < 8) { console.log("WARNING: Let's Encrypt support requires Node v8 or higher."); } else { modules.push('greenlock'); } } // Add Greenlock Module + if (config.letsencrypt != null) { if ((nodeVersion < 10) || (require('crypto').generateKeyPair == null)) { console.log("WARNING: Let's Encrypt support requires Node v10.12.0 or higher."); } else { modules.push('greenlock'); } } // Add Greenlock Module if (config.settings.mqtt != null) { modules.push('aedes'); } // Add MQTT Modules if (config.settings.mongodb != null) { modules.push('mongodb'); } // Add MongoDB, official driver. if (config.settings.vault != null) { modules.push('node-vault'); } // Add official HashiCorp's Vault module.