1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
/**
* Module that exports an instance of CertMon
* see class definition to see what it does.
*
* Requires global var '__datadir' to be set.
*
* @author jakobst1n.
* @since 14.16.2019
*/
let logger = require("../Logger/index.cjs");
const fs = require("fs");
const { execSync } = require("child_process");
var neoModules;
/**
* This checks if the server has a valid certificate, if not,
* it will generate one.
*/
class CertMon {
constructor(configPath, certPath, httpsConfig) {
this.certPath = __configdir + "/certs/";
let valid = this.checkValidity();
if (!valid) {
logger.notice("No valid certificate found, creating one now.");
this.generateCert();
}
let interval = setInterval(() => {
let certIsValid = this.checkValidity();
if (!valid) {
logger.crit("Certificate no longer valid, server should reboot to make a new one.");
}
}, 1440000); // Run once every day
}
checkValidity() {
let sslConfig = this.getConfig();
if (!sslConfig["certMade"]) {
logger.debug("'certMade' in config is false, assuming no valid certificate");
return false;
}
let expire = ((sslConfig["certExpire"] - Date.now()) / 86400000).toFixed(2);
if (expire > 0) {
logger.debug(`Certificate should be valid for ${expire} more days.`);
} else {
expire = Math.abs(expire);
logger.debug(`Certificate expired ${expire} days ago`);
return false;
}
return true;
}
getConfig() {
return neoModules.userData.config.SSLCert;
}
updateConfig(parameters) {
neoModules.userData.config.set(parameters);
}
generateCert() {
let certPath = this.certPath;
let config = this.getConfig();
// Create Root Certificate Autority
let res = openssl(
`genrsa ` +
`-out "${certPath}/root-CA.key.pem" ` +
`4096`
);
// Self sign the Root Certificate Autority
res = openssl(
`req ` +
`-x509 ` +
`-new ` +
`-nodes ` +
`-key "${certPath}/root-CA.key.pem" ` +
`-days 1024 ` +
`-out "${certPath}/root-CA.crt.pem" ` +
`-sha256 ` +
`-subj "/C=NO/ST=Oslo/L=Oslo/O=Luxcena Neo Self-Signing Authority/CN=${config.CN}"`
);
// Create a Device Certificate for each domain,
// such as example.com, *.example.com, awesome.example.com
// NOTE: You MUST match CN to the domain name or ip address you want to use
res = openssl(
`genrsa ` +
`-out "${certPath}/privkey.pem" ` +
`4096`
);
// Create a request from your Device, which your Root CA will sign
res = openssl(
`req ` +
`-new ` +
`-key "${certPath}/privkey.pem" ` +
`-out "${certPath}/csr.pem" ` +
`-subj "/C=NO/ST=Oslo/L=Oslo/O=Luxcena Neo Self-Signing Autohity/CN=${config.CN}"`
);
// Sign the request from Device with your Root CA
// -CAserial certs/ca/my-root-ca.srl
res = openssl(
`x509 ` +
`-req ` +
`-in "${certPath}/csr.pem" ` +
`-CA "${certPath}/root-CA.crt.pem" ` +
`-CAkey "${certPath}/root-CA.key.pem" ` +
`-CAcreateserial ` +
`-out "${certPath}/cert.pem" ` +
`-sha256 ` +
`-days 500`
);
let creationDate = Date.now();
config.certMade = true;
config.certDate = creationDate;
config.certExpire = creationDate + (500*86400000);
config.certCN = config.CN;
logger.info("Self-signed certificate created.");
}
}
function openssl(command) {
try {
let stdout = execSync("openssl " + command);
return true
} catch (e) {
return false
}
}
module.exports = (_neoModules) => {
neoModules = _neoModules;
return new CertMon();
};
|
