|
|
|
@ -1,5 +1,15 @@
|
|
|
|
|
const tlsUtils = require('./tlsUtils')
|
|
|
|
|
const https = require('https')
|
|
|
|
|
// const https = require('https')
|
|
|
|
|
const log = require('../../../utils/util.log')
|
|
|
|
|
|
|
|
|
|
function arraysHaveSameElements (arr1, arr2) {
|
|
|
|
|
if (arr1.length !== arr2.length) {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
const sortedArr1 = [...arr1].sort()
|
|
|
|
|
const sortedArr2 = [...arr2].sort()
|
|
|
|
|
return sortedArr1.every((value, index) => value === sortedArr2[index])
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
module.exports = class CertAndKeyContainer {
|
|
|
|
|
constructor ({
|
|
|
|
@ -26,17 +36,20 @@ module.exports = class CertAndKeyContainer {
|
|
|
|
|
getCertPromise (hostname, port) {
|
|
|
|
|
for (let i = 0; i < this.queue.length; i++) {
|
|
|
|
|
const _certPromiseObj = this.queue[i]
|
|
|
|
|
const mappingHostNames = _certPromiseObj.mappingHostNames
|
|
|
|
|
for (let j = 0; j < mappingHostNames.length; j++) {
|
|
|
|
|
const DNSName = mappingHostNames[j]
|
|
|
|
|
if (tlsUtils.isMappingHostName(DNSName, hostname)) {
|
|
|
|
|
this.reRankCert(i)
|
|
|
|
|
return _certPromiseObj.promise
|
|
|
|
|
if (_certPromiseObj.port === port) {
|
|
|
|
|
const mappingHostNames = _certPromiseObj.mappingHostNames
|
|
|
|
|
for (let j = 0; j < mappingHostNames.length; j++) {
|
|
|
|
|
const DNSName = mappingHostNames[j]
|
|
|
|
|
if (tlsUtils.isMappingHostName(DNSName, hostname)) {
|
|
|
|
|
this.reRankCert(i)
|
|
|
|
|
return _certPromiseObj.promise
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const certPromiseObj = {
|
|
|
|
|
port,
|
|
|
|
|
mappingHostNames: [hostname] // temporary hostname
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -45,8 +58,13 @@ module.exports = class CertAndKeyContainer {
|
|
|
|
|
const _resolve = (_certObj) => {
|
|
|
|
|
if (once) {
|
|
|
|
|
once = false
|
|
|
|
|
const mappingHostNames = tlsUtils.getMappingHostNamesFromCert(_certObj.cert)
|
|
|
|
|
certPromiseObj.mappingHostNames = mappingHostNames // change
|
|
|
|
|
let newMappingHostNames = tlsUtils.getMappingHostNamesFromCert(_certObj.cert)
|
|
|
|
|
newMappingHostNames = [...new Set(newMappingHostNames)]
|
|
|
|
|
|
|
|
|
|
if (!arraysHaveSameElements(newMappingHostNames, certPromiseObj.mappingHostNames)) {
|
|
|
|
|
log.info(`【getCertPromise - ${hostname}:${port}】Reset mappingHostNames: `, certPromiseObj.mappingHostNames, '变更为', newMappingHostNames)
|
|
|
|
|
certPromiseObj.mappingHostNames = newMappingHostNames // change
|
|
|
|
|
}
|
|
|
|
|
resolve(_certObj)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
@ -57,41 +75,41 @@ module.exports = class CertAndKeyContainer {
|
|
|
|
|
_resolve(certObj)
|
|
|
|
|
} else {
|
|
|
|
|
// 这个太慢了
|
|
|
|
|
const preReq = https.request({
|
|
|
|
|
port: port,
|
|
|
|
|
hostname: hostname,
|
|
|
|
|
path: '/',
|
|
|
|
|
method: 'HEAD'
|
|
|
|
|
}, (preRes) => {
|
|
|
|
|
try {
|
|
|
|
|
const realCert = preRes.socket.getPeerCertificate()
|
|
|
|
|
if (realCert) {
|
|
|
|
|
try {
|
|
|
|
|
certObj = tlsUtils.createFakeCertificateByCA(this.caKey, this.caCert, realCert)
|
|
|
|
|
} catch (error) {
|
|
|
|
|
certObj = tlsUtils.createFakeCertificateByDomain(this.caKey, this.caCert, hostname)
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
certObj = tlsUtils.createFakeCertificateByDomain(this.caKey, this.caCert, hostname)
|
|
|
|
|
}
|
|
|
|
|
_resolve(certObj)
|
|
|
|
|
} catch (e) {
|
|
|
|
|
reject(e)
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
preReq.setTimeout(~~this.getCertSocketTimeout, () => {
|
|
|
|
|
if (!certObj) {
|
|
|
|
|
certObj = tlsUtils.createFakeCertificateByDomain(this.caKey, this.caCert, hostname)
|
|
|
|
|
_resolve(certObj)
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
preReq.on('error', (e) => {
|
|
|
|
|
if (!certObj) {
|
|
|
|
|
certObj = tlsUtils.createFakeCertificateByDomain(this.caKey, this.caCert, hostname)
|
|
|
|
|
_resolve(certObj)
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
preReq.end()
|
|
|
|
|
// const preReq = https.request({
|
|
|
|
|
// port: port,
|
|
|
|
|
// hostname: hostname,
|
|
|
|
|
// path: '/',
|
|
|
|
|
// method: 'HEAD'
|
|
|
|
|
// }, (preRes) => {
|
|
|
|
|
// try {
|
|
|
|
|
// const realCert = preRes.socket.getPeerCertificate()
|
|
|
|
|
// if (realCert) {
|
|
|
|
|
// try {
|
|
|
|
|
// certObj = tlsUtils.createFakeCertificateByCA(this.caKey, this.caCert, realCert)
|
|
|
|
|
// } catch (error) {
|
|
|
|
|
// certObj = tlsUtils.createFakeCertificateByDomain(this.caKey, this.caCert, hostname)
|
|
|
|
|
// }
|
|
|
|
|
// } else {
|
|
|
|
|
// certObj = tlsUtils.createFakeCertificateByDomain(this.caKey, this.caCert, hostname)
|
|
|
|
|
// }
|
|
|
|
|
// _resolve(certObj)
|
|
|
|
|
// } catch (e) {
|
|
|
|
|
// reject(e)
|
|
|
|
|
// }
|
|
|
|
|
// })
|
|
|
|
|
// preReq.setTimeout(~~this.getCertSocketTimeout, () => {
|
|
|
|
|
// if (!certObj) {
|
|
|
|
|
// certObj = tlsUtils.createFakeCertificateByDomain(this.caKey, this.caCert, hostname)
|
|
|
|
|
// _resolve(certObj)
|
|
|
|
|
// }
|
|
|
|
|
// })
|
|
|
|
|
// preReq.on('error', (e) => {
|
|
|
|
|
// if (!certObj) {
|
|
|
|
|
// certObj = tlsUtils.createFakeCertificateByDomain(this.caKey, this.caCert, hostname)
|
|
|
|
|
// _resolve(certObj)
|
|
|
|
|
// }
|
|
|
|
|
// })
|
|
|
|
|
// preReq.end()
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|