-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #17 from cpwood/main
Resolves GitHub Actions issues
- Loading branch information
Showing
5 changed files
with
104 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,6 @@ | ||
| name: CI | ||
| on: | ||
| workflow_dispatch: | ||
| schedule: | ||
| - cron: "0 13 * * 5" # Every Friday at 13:00 UTC | ||
| jobs: | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,102 @@ | ||
| const fs = require("fs"); | ||
| const path = require("path"); | ||
| const tls = require("tls"); | ||
|
|
||
| const rootCAs = []; | ||
|
|
||
| // for node 7.2 and up, trapping method must be used. | ||
| var useTrap = false; | ||
| const parts = process.versions.node.split("."); | ||
| const major = parseInt(parts[0]); | ||
| const minor = parseInt(parts[1]); | ||
| if (major > 7 || (major == 7 && minor >= 2) || (major === 6 && minor >= 10)) { | ||
| useTrap = true; | ||
| } | ||
|
|
||
| // create an empty secure context loaded with the root CAs | ||
| const rootSecureContext = tls.createSecureContext ? tls.createSecureContext() : require("crypto").createCredentials(); | ||
|
|
||
| function addDefaultCA(file) { | ||
| try { | ||
| var cert, match; | ||
| var content = fs.readFileSync(file, { encoding: "ascii" }).trim(); | ||
| content = content.replace(/\r\n/g, "\n"); // Handles certificates that have been created in Windows | ||
| var regex = /-----BEGIN CERTIFICATE-----\n[\s\S]+?\n-----END CERTIFICATE-----/g; | ||
| var results = content.match(regex); | ||
| if (!results) throw new Error("Could not parse certificate"); | ||
| results.forEach(function(match) { | ||
| var cert = match.trim(); | ||
| rootCAs.push(cert); | ||
| // this will add the cert to the root certificate authorities list | ||
| // which will be used by all subsequent secure contexts with root CAs. | ||
| // this only works up to node 6. node 7 and up it has no affect. | ||
| if (!useTrap) { | ||
| rootSecureContext.context.addCACert(cert); | ||
| } | ||
| }); | ||
| } catch (e) { | ||
| if (e.code !== "ENOENT") { | ||
| console.log("failed reading file " + file + ": " + e.message); | ||
| } | ||
| } | ||
| } | ||
|
|
||
| exports.addCAs = function(dirs) { | ||
| if (!dirs) { | ||
| return; | ||
| } | ||
|
|
||
| if (typeof dirs === "string") { | ||
| dirs = dirs.split(",").map(function(dir) { | ||
| return dir.trim(); | ||
| }); | ||
| } | ||
|
|
||
| var files, stat, file, i, j; | ||
| for (i = 0; i < dirs.length; ++i) { | ||
| try { | ||
| stat = fs.statSync(dirs[i]); | ||
| if (stat.isDirectory()) { | ||
| files = fs.readdirSync(dirs[i]); | ||
| for (j = 0; j < files.length; ++j) { | ||
| file = path.resolve(dirs[i], files[j]); | ||
| try { | ||
| stat = fs.statSync(file); | ||
| if (stat.isFile()) { | ||
| addDefaultCA(file); | ||
| } | ||
| } catch (e) { | ||
| if (e.code !== "ENOENT") { | ||
| console.log("failed reading " + file + ": " + e.message); | ||
| } | ||
| } | ||
| } | ||
| } else { | ||
| addDefaultCA(dirs[i]); | ||
| } | ||
| } catch (e) { | ||
| if (e.code !== "ENOENT") { | ||
| console.log("failed reading " + dirs[i] + ": " + e.message); | ||
| } | ||
| } | ||
| } | ||
| }; | ||
|
|
||
| if (useTrap) { | ||
| // trap the createSecureContext method and inject custom root CAs whenever invoked | ||
| const origCreateSecureContext = tls.createSecureContext; | ||
| tls.createSecureContext = function(options) { | ||
| var c = origCreateSecureContext.apply(null, arguments); | ||
| if (!options?.ca && rootCAs.length > 0) { | ||
| rootCAs.forEach(function(ca) { | ||
| // add to the created context our own root CAs | ||
| c.context.addCACert(ca); | ||
| }); | ||
| } | ||
| return c; | ||
| }; | ||
| } | ||
|
|
||
| const defaultCALocations = ["/etc/ssl/ca-node.pem"]; | ||
|
|
||
| exports.addCAs(defaultCALocations); |