From 38b24e256ca98068eb3c0e7b8b3c81600a966e31 Mon Sep 17 00:00:00 2001
From: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Date: Fri, 11 Jan 2019 14:01:36 -0800
Subject: [PATCH] Fixed CR end-of-line certificate loading.

---
 MeshCentralServer.njsproj |  1 -
 certoperations.js         | 38 ++++++++++++++++++++++----------------
 letsEncrypt.js            | 10 +++++++++-
 meshcentral.js            |  2 +-
 package.json              |  2 +-
 5 files changed, 33 insertions(+), 20 deletions(-)

diff --git a/MeshCentralServer.njsproj b/MeshCentralServer.njsproj
index 06ac071e..8fad80da 100644
--- a/MeshCentralServer.njsproj
+++ b/MeshCentralServer.njsproj
@@ -139,7 +139,6 @@
     <Content Include="agents\meshagent_arm" />
     <Content Include="agents\meshagent_arm-linaro" />
     <Content Include="agents\meshagent_osx-x86-64" />
-    <Content Include="agents\meshagent_pi" />
     <Content Include="agents\meshagent_pogo" />
     <Content Include="agents\meshagent_poky" />
     <Content Include="agents\meshagent_poky64" />
diff --git a/certoperations.js b/certoperations.js
index 50da59ff..6b44ee93 100644
--- a/certoperations.js
+++ b/certoperations.js
@@ -146,6 +146,12 @@ module.exports.CertificateOperations = function () {
         return { cert: cert, key: keys.privateKey };
     };
 
+    // Make sure a string with Mac style CR endo of line is changed to Linux LF style.
+    function fixEndOfLines(str) {
+        if ((typeof(str) != 'string') || (str.indexOf('\n') > 0)) return str; // If there is a \n in the file, keep the file as-is.
+        return str.split('\r').join('\n'); // If there is no \n, replace all \r with \n.
+    }
+
     // Returns the web server TLS certificate and private key, if not present, create demonstration ones.
     obj.GetMeshServerCertificate = function (parent, args, config, func) {
         var i = 0;
@@ -166,8 +172,8 @@ module.exports.CertificateOperations = function () {
 
         // If the root certificate already exist, load it
         if (obj.fileExists(parent.getConfigFilePath("root-cert-public.crt")) && obj.fileExists(parent.getConfigFilePath("root-cert-private.key"))) {
-            var rootCertificate = obj.fs.readFileSync(parent.getConfigFilePath("root-cert-public.crt"), "utf8");
-            var rootPrivateKey = obj.fs.readFileSync(parent.getConfigFilePath("root-cert-private.key"), "utf8");
+            var rootCertificate = fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("root-cert-public.crt"), "utf8"));
+            var rootPrivateKey = fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("root-cert-private.key"), "utf8"));
             r.root = { cert: rootCertificate, key: rootPrivateKey };
             rcount++;
         }
@@ -175,44 +181,44 @@ module.exports.CertificateOperations = function () {
         if (args.tlsoffload) {
             // If the web certificate already exist, load it. Load just the certificate since we are in TLS offload situation
             if (obj.fileExists(parent.getConfigFilePath("webserver-cert-public.crt"))) {
-                r.web = { cert: obj.fs.readFileSync(parent.getConfigFilePath("webserver-cert-public.crt"), "utf8") };
+                r.web = { cert: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("webserver-cert-public.crt"), "utf8")) };
                 rcount++;
             }
         } else {
             // If the web certificate already exist, load it. Load both certificate and private key
             if (obj.fileExists(parent.getConfigFilePath("webserver-cert-public.crt")) && obj.fileExists(parent.getConfigFilePath("webserver-cert-private.key"))) {
-                r.web = { cert: obj.fs.readFileSync(parent.getConfigFilePath("webserver-cert-public.crt"), "utf8"), key: obj.fs.readFileSync(parent.getConfigFilePath("webserver-cert-private.key"), "utf8") };
+                r.web = { cert: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("webserver-cert-public.crt"), "utf8")), key: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("webserver-cert-private.key"), "utf8")) };
                 rcount++;
             }
         }
 
         // If the mps certificate already exist, load it
         if (obj.fileExists(parent.getConfigFilePath("mpsserver-cert-public.crt")) && obj.fileExists(parent.getConfigFilePath("mpsserver-cert-private.key"))) {
-            r.mps = { cert: obj.fs.readFileSync(parent.getConfigFilePath("mpsserver-cert-public.crt"), "utf8"), key: obj.fs.readFileSync(parent.getConfigFilePath("mpsserver-cert-private.key"), "utf8") };
+            r.mps = { cert: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("mpsserver-cert-public.crt")), "utf8"), key: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("mpsserver-cert-private.key"), "utf8")) };
             rcount++;
         }
 
         // If the agent certificate already exist, load it
         if (obj.fileExists(parent.getConfigFilePath("agentserver-cert-public.crt")) && obj.fileExists(parent.getConfigFilePath("agentserver-cert-private.key"))) {
-            r.agent = { cert: obj.fs.readFileSync(parent.getConfigFilePath("agentserver-cert-public.crt"), "utf8"), key: obj.fs.readFileSync(parent.getConfigFilePath("agentserver-cert-private.key"), "utf8") };
+            r.agent = { cert: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("agentserver-cert-public.crt")), "utf8"), key: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("agentserver-cert-private.key"), "utf8")) };
             rcount++;
         }
 
         // If the swarm server certificate exist, load it (This is an optional certificate)
         if (obj.fileExists(parent.getConfigFilePath("swarmserver-cert-public.crt")) && obj.fileExists(parent.getConfigFilePath("swarmserver-cert-private.key"))) {
-            r.swarmserver = { cert: obj.fs.readFileSync(parent.getConfigFilePath("swarmserver-cert-public.crt"), "utf8"), key: obj.fs.readFileSync(parent.getConfigFilePath("swarmserver-cert-private.key"), "utf8") };
+            r.swarmserver = { cert: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("swarmserver-cert-public.crt"), "utf8")), key: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("swarmserver-cert-private.key"), "utf8")) };
         }
 
         // If the swarm server root certificate exist, load it (This is an optional certificate)
         if (obj.fileExists(parent.getConfigFilePath("swarmserverroot-cert-public.crt"))) {
-            r.swarmserverroot = { cert: obj.fs.readFileSync(parent.getConfigFilePath("swarmserverroot-cert-public.crt"), "utf8") };
+            r.swarmserverroot = { cert: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("swarmserverroot-cert-public.crt"), "utf8")) };
         }
 
         // If CA certificates are present, load them
         do {
             caok = false;
             if (obj.fileExists(parent.getConfigFilePath("webserver-cert-chain" + caindex + ".crt"))) {
-                calist.push(obj.fs.readFileSync(parent.getConfigFilePath("webserver-cert-chain" + caindex + ".crt"), "utf8"));
+                calist.push(fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("webserver-cert-chain" + caindex + ".crt"), "utf8")));
                 caok = true;
             }
             caindex++;
@@ -251,7 +257,7 @@ module.exports.CertificateOperations = function () {
                 if (args.tlsoffload) {
                     // If the web certificate already exist, load it. Load just the certificate since we are in TLS offload situation
                     if (obj.fileExists(parent.getConfigFilePath("webserver-" + i + "-cert-public.crt"))) {
-                        r.dns[i] = { cert: obj.fs.readFileSync(parent.getConfigFilePath("webserver-" + i + "-cert-public.crt"), "utf8") };
+                        r.dns[i] = { cert: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("webserver-" + i + "-cert-public.crt"), "utf8")) };
                         config.domains[i].certs = r.dns[i];
                     } else {
                         console.log("WARNING: File \"webserver-" + i + "-cert-public.crt\" missing, domain \"" + i + "\" will not work correctly.");
@@ -259,7 +265,7 @@ module.exports.CertificateOperations = function () {
                 } else {
                     // If the web certificate already exist, load it. Load both certificate and private key
                     if (obj.fileExists(parent.getConfigFilePath("webserver-" + i + "-cert-public.crt")) && obj.fileExists(parent.getConfigFilePath("webserver-" + i + "-cert-private.key"))) {
-                        r.dns[i] = { cert: obj.fs.readFileSync(parent.getConfigFilePath("webserver-" + i + "-cert-public.crt"), "utf8"), key: obj.fs.readFileSync(parent.getConfigFilePath("webserver-" + i + "-cert-private.key"), "utf8") };
+                        r.dns[i] = { cert: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("webserver-" + i + "-cert-public.crt"), "utf8")), key: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("webserver-" + i + "-cert-private.key"), "utf8")) };
                         config.domains[i].certs = r.dns[i];
                         // If CA certificates are present, load them
                         caindex = 1;
@@ -267,7 +273,7 @@ module.exports.CertificateOperations = function () {
                         do {
                             caok = false;
                             if (obj.fileExists(parent.getConfigFilePath("webserver-" + i + "-cert-chain" + caindex + ".crt"))) {
-                                r.dns[i].ca.push(obj.fs.readFileSync(parent.getConfigFilePath("webserver-" + i + "-cert-chain" + caindex + ".crt"), "utf8"));
+                                r.dns[i].ca.push(fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("webserver-" + i + "-cert-chain" + caindex + ".crt"), "utf8")));
                                 caok = true;
                             }
                             caindex++;
@@ -413,7 +419,7 @@ module.exports.CertificateOperations = function () {
                         do {
                             caok = false;
                             if (obj.fileExists(parent.getConfigFilePath("webserver-" + i + "-cert-chain" + caindex + ".crt"))) {
-                                r.dns[i].ca.push(obj.fs.readFileSync(parent.getConfigFilePath("webserver-" + i + "-cert-chain" + caindex + ".crt"), "utf8"));
+                                r.dns[i].ca.push(fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("webserver-" + i + "-cert-chain" + caindex + ".crt"), "utf8")));
                                 caok = true;
                             }
                             caindex++;
@@ -425,12 +431,12 @@ module.exports.CertificateOperations = function () {
 
         // If the swarm server certificate exist, load it (This is an optional certificate)
         if (obj.fileExists(parent.getConfigFilePath("swarmserver-cert-public.crt")) && obj.fileExists(parent.getConfigFilePath("swarmserver-cert-private.key"))) {
-            r.swarmserver = { cert: obj.fs.readFileSync(parent.getConfigFilePath("swarmserver-cert-public.crt"), "utf8"), key: obj.fs.readFileSync(parent.getConfigFilePath("swarmserver-cert-private.key"), "utf8") };
+            r.swarmserver = { cert: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("swarmserver-cert-public.crt"), "utf8")), key: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("swarmserver-cert-private.key"), "utf8")) };
         }
 
         // If the swarm server root certificate exist, load it (This is an optional certificate)
         if (obj.fileExists(parent.getConfigFilePath("swarmserverroot-cert-public.crt"))) {
-            r.swarmserverroot = { cert: obj.fs.readFileSync(parent.getConfigFilePath("swarmserverroot-cert-public.crt"), "utf8") };
+            r.swarmserverroot = { cert: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("swarmserverroot-cert-public.crt"), "utf8")) };
         }
 
         // If CA certificates are present, load them
@@ -440,7 +446,7 @@ module.exports.CertificateOperations = function () {
             do {
                 caok = false;
                 if (obj.fileExists(parent.getConfigFilePath("webserver-cert-chain" + caindex + ".crt"))) {
-                    r.web.ca.push(obj.fs.readFileSync(parent.getConfigFilePath("webserver-cert-chain" + caindex + ".crt"), "utf8"));
+                    r.web.ca.push(fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("webserver-cert-chain" + caindex + ".crt"), "utf8")));
                     caok = true;
                 }
                 caindex++;
diff --git a/letsEncrypt.js b/letsEncrypt.js
index c486e5d8..35d6881a 100644
--- a/letsEncrypt.js
+++ b/letsEncrypt.js
@@ -16,8 +16,16 @@
 
 module.exports.CreateLetsEncrypt = function (parent) {
     try {
-        const greenlock = require('greenlock');
+        // Try to delete the "./ursa-optional" or "./node_modules/ursa-optional" folder if present.
+        // This is an optional module that GreenLock uses that causes issues.
+        try {
+            const fs = require('fs');
+            if (fs.existsSync(obj.path.join(__dirname, 'ursa-optional'))) { fs.unlinkSync(obj.path.join(__dirname, 'ursa-optional')); }
+            if (fs.existsSync(obj.path.join(__dirname, 'node_modules', 'ursa-optional'))) { fs.unlinkSync(obj.path.join(__dirname, 'node_modules', 'ursa-optional')); }
+        } catch (ex) { }
 
+        // Get GreenLock setup and running.
+        const greenlock = require('greenlock');
         var obj = {};
         obj.parent = parent;
         obj.redirWebServerHooked = false;
diff --git a/meshcentral.js b/meshcentral.js
index 21d686b5..ae7b6f0c 100644
--- a/meshcentral.js
+++ b/meshcentral.js
@@ -1297,7 +1297,7 @@ function InstallModule(modulename, func, tag1, tag2) {
     } catch (e) {
         console.log('Installing ' + modulename + '...');
         var child_process = require('child_process');
-        child_process.exec('npm install ' + modulename + ' --save', { maxBuffer: 512000 }, function (error, stdout, stderr) {
+        child_process.exec('npm install ' + modulename + ' --no-optional --save', { maxBuffer: 512000 }, function (error, stdout, stderr) {
             if (error != null) { console.log('ERROR: Unable to install missing package \'' + modulename + '\', make sure npm is installed.'); process.exit(); return; }
             func(tag1, tag2);
             return;
diff --git a/package.json b/package.json
index 800fe3c8..e3aa42f1 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "meshcentral",
-  "version": "0.2.6-d",
+  "version": "0.2.6-e",
   "keywords": [
     "Remote Management",
     "Intel AMT",