mirror of
https://github.com/louislam/uptime-kuma.git
synced 2024-11-22 09:26:05 +03:00
Fix: Stop notification check on root certs (#3874)
* Fix: Stop notification check on root certs * Chore: Use Set for optimization * Fix: Manually calculate SHA256 to support node v14
This commit is contained in:
parent
523d137e2b
commit
e64bf0e3fe
2 changed files with 32 additions and 2 deletions
|
@ -6,7 +6,7 @@ const { log, UP, DOWN, PENDING, MAINTENANCE, flipStatus, TimeLogger, MAX_INTERVA
|
||||||
SQL_DATETIME_FORMAT
|
SQL_DATETIME_FORMAT
|
||||||
} = require("../../src/util");
|
} = require("../../src/util");
|
||||||
const { tcping, ping, dnsResolve, checkCertificate, checkStatusCode, getTotalClientInRoom, setting, mssqlQuery, postgresQuery, mysqlQuery, mqttAsync, setSetting, httpNtlm, radius, grpcQuery,
|
const { tcping, ping, dnsResolve, checkCertificate, checkStatusCode, getTotalClientInRoom, setting, mssqlQuery, postgresQuery, mysqlQuery, mqttAsync, setSetting, httpNtlm, radius, grpcQuery,
|
||||||
redisPingAsync, mongodbPing, kafkaProducerAsync, getOidcTokenClientCredentials,
|
redisPingAsync, mongodbPing, kafkaProducerAsync, getOidcTokenClientCredentials, rootCertificatesFingerprints
|
||||||
} = require("../util-server");
|
} = require("../util-server");
|
||||||
const { R } = require("redbean-node");
|
const { R } = require("redbean-node");
|
||||||
const { BeanModel } = require("redbean-node/dist/bean-model");
|
const { BeanModel } = require("redbean-node/dist/bean-model");
|
||||||
|
@ -23,6 +23,8 @@ const Gamedig = require("gamedig");
|
||||||
const jsonata = require("jsonata");
|
const jsonata = require("jsonata");
|
||||||
const jwt = require("jsonwebtoken");
|
const jwt = require("jsonwebtoken");
|
||||||
|
|
||||||
|
const rootCertificates = rootCertificatesFingerprints();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* status:
|
* status:
|
||||||
* 0 = DOWN
|
* 0 = DOWN
|
||||||
|
@ -1428,7 +1430,10 @@ class Monitor extends BeanModel {
|
||||||
let certInfo = tlsInfoObject.certInfo;
|
let certInfo = tlsInfoObject.certInfo;
|
||||||
while (certInfo) {
|
while (certInfo) {
|
||||||
let subjectCN = certInfo.subject["CN"];
|
let subjectCN = certInfo.subject["CN"];
|
||||||
if (certInfo.daysRemaining > targetDays) {
|
if (rootCertificates.has(certInfo.fingerprint256)) {
|
||||||
|
log.debug("monitor", `Known root cert: ${certInfo.certType} certificate "${subjectCN}" (${certInfo.daysRemaining} days valid) on ${targetDays} deadline.`);
|
||||||
|
break;
|
||||||
|
} else if (certInfo.daysRemaining > targetDays) {
|
||||||
log.debug("monitor", `No need to send cert notification for ${certInfo.certType} certificate "${subjectCN}" (${certInfo.daysRemaining} days valid) on ${targetDays} deadline.`);
|
log.debug("monitor", `No need to send cert notification for ${certInfo.certType} certificate "${subjectCN}" (${certInfo.daysRemaining} days valid) on ${targetDays} deadline.`);
|
||||||
} else {
|
} else {
|
||||||
log.debug("monitor", `call sendCertNotificationByTargetDays for ${targetDays} deadline on certificate ${subjectCN}.`);
|
log.debug("monitor", `call sendCertNotificationByTargetDays for ${targetDays} deadline on certificate ${subjectCN}.`);
|
||||||
|
|
|
@ -22,6 +22,7 @@ const protojs = require("protobufjs");
|
||||||
const radiusClient = require("node-radius-client");
|
const radiusClient = require("node-radius-client");
|
||||||
const redis = require("redis");
|
const redis = require("redis");
|
||||||
const oidc = require("openid-client");
|
const oidc = require("openid-client");
|
||||||
|
const tls = require("tls");
|
||||||
|
|
||||||
const {
|
const {
|
||||||
dictionaries: {
|
dictionaries: {
|
||||||
|
@ -1073,6 +1074,30 @@ module.exports.grpcQuery = async (options) => {
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns an array of SHA256 fingerprints for all known root certificates.
|
||||||
|
* @returns {Set} A set of SHA256 fingerprints.
|
||||||
|
*/
|
||||||
|
module.exports.rootCertificatesFingerprints = () => {
|
||||||
|
let fingerprints = tls.rootCertificates.map(cert => {
|
||||||
|
let certLines = cert.split("\n");
|
||||||
|
certLines.shift();
|
||||||
|
certLines.pop();
|
||||||
|
let certBody = certLines.join("");
|
||||||
|
let buf = Buffer.from(certBody, "base64");
|
||||||
|
|
||||||
|
const shasum = crypto.createHash("sha256");
|
||||||
|
shasum.update(buf);
|
||||||
|
|
||||||
|
return shasum.digest("hex").toUpperCase().replace(/(.{2})(?!$)/g, "$1:");
|
||||||
|
});
|
||||||
|
|
||||||
|
fingerprints.push("6D:99:FB:26:5E:B1:C5:B3:74:47:65:FC:BC:64:8F:3C:D8:E1:BF:FA:FD:C4:C2:F9:9B:9D:47:CF:7F:F1:C2:4F"); // ISRG X1 cross-signed with DST X3
|
||||||
|
fingerprints.push("8B:05:B6:8C:C6:59:E5:ED:0F:CB:38:F2:C9:42:FB:FD:20:0E:6F:2F:F9:F8:5D:63:C6:99:4E:F5:E0:B0:27:01"); // ISRG X2 cross-signed with ISRG X1
|
||||||
|
|
||||||
|
return new Set(fingerprints);
|
||||||
|
};
|
||||||
|
|
||||||
module.exports.SHAKE256_LENGTH = 16;
|
module.exports.SHAKE256_LENGTH = 16;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in a new issue