Support hot-swapping HTTPS certificates

2017-04-30 17:20:19 -07:00 · 2017-04-30 17:20:19 -07:00 · 6bfbbc0c01
parent e92afcb203
commit 6bfbbc0c01
3 changed files with 41 additions and 9 deletions
--- a/index.js
+++ b/index.js
@ -117,6 +117,8 @@ function handleLine(line) {
            });
            Logger.eventlog.log("[acp] " + "SYSTEM" + " forced unload of " + name);
        }
+    } else if (line.indexOf("/reloadcert") === 0) {
+        sv.reloadCertificateData();
    }
 }

--- a/package.json
+++ b/package.json
@ -2,7 +2,7 @@
  "author": "Calvin Montgomery",
  "name": "CyTube",
  "description": "Online media synchronizer and chat",
-  "version": "3.35.5",
+  "version": "3.36.0",
  "repository": {
    "url": "http://github.com/calzoneman/sync"
  },
--- a/src/server.js
+++ b/src/server.js
@ -107,14 +107,10 @@ var Server = function () {
    // http/https/sio server init -----------------------------------------
    var key = "", cert = "", ca = undefined;
    if (Config.get("https.enabled")) {
-        key = fs.readFileSync(path.resolve(__dirname, "..",
-                                               Config.get("https.keyfile")));
-        cert = fs.readFileSync(path.resolve(__dirname, "..",
-                                                Config.get("https.certfile")));
-        if (Config.get("https.cafile")) {
-            ca = fs.readFileSync(path.resolve(__dirname, "..",
-                                              Config.get("https.cafile")));
-        }
+        const certData = self.loadCertificateData();
+        key = certData.key;
+        cert = certData.cert;
+        ca = certData.ca;
    }

    var opts = {
@ -166,6 +162,40 @@ var Server = function () {

 Server.prototype = Object.create(EventEmitter.prototype);

+Server.prototype.loadCertificateData = function loadCertificateData() {
+    const data = {
+        key: fs.readFileSync(path.resolve(__dirname, "..",
+                                          Config.get("https.keyfile"))),
+        cert: fs.readFileSync(path.resolve(__dirname, "..",
+                                           Config.get("https.certfile")))
+    };
+
+    if (Config.get("https.cafile")) {
+        data.ca = fs.readFileSync(path.resolve(__dirname, "..",
+                                               Config.get("https.cafile")));
+    }
+
+    return data;
+};
+
+Server.prototype.reloadCertificateData = function reloadCertificateData() {
+    const certData = this.loadCertificateData();
+    Object.keys(this.servers).forEach(key => {
+        const server = this.servers[key];
+        // TODO: Replace with actual node API
+        // once https://github.com/nodejs/node/issues/4464 is implemented.
+        if (server._sharedCreds) {
+            try {
+                server._sharedCreds.context.setCert(certData.cert);
+                server._sharedCreds.context.setKey(certData.key, Config.get("https.passphrase"));
+                LOGGER.info('Reloaded certificate data for %s', key);
+            } catch (error) {
+                LOGGER.error('Failed to reload certificate data for %s: %s', key, error.stack);
+            }
+        }
+    });
+};
+
 Server.prototype.getHTTPIP = function (req) {
    var ip = req.ip;
    if (ip === "127.0.0.1" || ip === "::1") {