jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

reverseproxy: cert/key/csr are all pem

Browse Source 
just use strings instead of binary/string confusion
This commit is contained in:
Girish Ramakrishnan
2022-11-29 13:57:58 +01:00
parent 1cf613dca6
commit d23c65a7e7
2 changed files with 39 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/reverseproxy.js
View File

@@ -63,7 +63,7 @@ function nginxLocation(s) {
}
function getExpiryDateSync(cert) {
assert(Buffer.isBuffer(cert));
assert.strictEqual(typeof cert, 'string');
const result = safe.child_process.spawnSync('/usr/bin/openssl', [ 'x509', '-enddate', '-noout' ], { input: cert });
if (!result) return null; // some error
@@ -91,7 +91,7 @@ async function isOcspEnabled(certFilePath) {
// checks if the certificate matches the options provided by user (like wildcard, le-staging etc)
function providerMatchesSync(domainObject, cert) {
assert.strictEqual(typeof domainObject, 'object');
assert(Buffer.isBuffer(cert));
assert.strictEqual(typeof cert, 'string');
const subjectAndIssuer = safe.child_process.execSync('/usr/bin/openssl x509 -noout -subject -issuer', { encoding: 'utf8', input: cert });
if (!subjectAndIssuer) return false; // something bad happenned
@@ -238,7 +238,7 @@ function getAcmeCertificateNameSync(fqdn, domainObject) {
}
function needsRenewalSync(cert) {
assert(Buffer.isBuffer(cert));
assert.strictEqual(typeof cert, 'string');
const notAfter = getExpiryDateSync(cert);
const isExpiring = (notAfter - new Date()) <= (30 * 24 * 60 * 60 * 1000); // expiring in a month
@@ -257,8 +257,8 @@ async function getCertificate(location) {
if (domainObject.tlsConfig.provider === 'fallback') return domainObject.fallbackCertificate;
const certName = getAcmeCertificateNameSync(fqdn, domainObject);
const cert = await blobs.get(`${blobs.CERT_PREFIX}-${certName}.cert`);
const key = await blobs.get(`${blobs.CERT_PREFIX}-${certName}.key`);
const cert = await blobs.getString(`${blobs.CERT_PREFIX}-${certName}.cert`);
const key = await blobs.getString(`${blobs.CERT_PREFIX}-${certName}.key`);
if (!key || !cert) return domainObject.fallbackCertificate;
return { key, cert };
@@ -330,8 +330,8 @@ async function writeCertificate(location) {
}
const certName = getAcmeCertificateNameSync(fqdn, domainObject);
let cert = await blobs.get(`${blobs.CERT_PREFIX}-${certName}.cert`);
let key = await blobs.get(`${blobs.CERT_PREFIX}-${certName}.key`);
let cert = await blobs.getString(`${blobs.CERT_PREFIX}-${certName}.cert`);
let key = await blobs.getString(`${blobs.CERT_PREFIX}-${certName}.key`);
if (!key || !cert) { // use fallback certs if we didn't manage to get acme certs
debug(`writeCertificate: ${fqdn} will use fallback certs because acme is missing`);
@@ -367,8 +367,8 @@ async function ensureCertificate(location, auditSource) {
}
const certName = getAcmeCertificateNameSync(fqdn, domainObject);
const key = await blobs.get(`${blobs.CERT_PREFIX}-${certName}.key`);
const cert = await blobs.get(`${blobs.CERT_PREFIX}-${certName}.cert`);
const key = await blobs.getString(`${blobs.CERT_PREFIX}-${certName}.key`);
const cert = await blobs.getString(`${blobs.CERT_PREFIX}-${certName}.cert`);
if (key && cert) {
if (providerMatchesSync(domainObject, cert) && !needsRenewalSync(cert)) {
@@ -564,7 +564,7 @@ async function cleanupCerts(locations, auditSource, progressCallback) {
const certName = certId.match(new RegExp(`${blobs.CERT_PREFIX}-(.*).cert`))[0];
if (certNamesInUse.has(certName)) continue;
const cert = await blobs.get(certId);
const cert = await blobs.getString(certId);
const notAfter = getExpiryDateSync(cert);
if (!notAfter) continue; // some error