MeshCentral/MeshCommander
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCommander synced 2025-12-06 06:03:20 +00:00
Code Issues Releases Wiki Activity

Fixed IDER on IE.

Browse Source
This commit is contained in:
Ylian Saint-Hilaire
2020-07-22 18:18:31 -07:00
parent 9a0bce6bb9
commit 060f012d91
8 changed files with 144 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
amt-0.2.0.js
View File

@@ -500,13 +500,36 @@ function AmtStackCreateService(wsmanStack) {
var _SystemEntityTypes = "Unspecified|Other|Unknown|Processor|Disk|Peripheral|System management module|System board|Memory module|Processor module|Power supply|Add in card|Front panel board|Back panel board|Power system board|Drive backplane|System internal expansion board|Other system board|Processor board|Power unit|Power module|Power management board|Chassis back panel board|System chassis|Sub chassis|Other chassis board|Disk drive bay|Peripheral bay|Device bay|Fan cooling|Cooling unit|Cable interconnect|Memory device|System management software|BIOS|Intel(r) ME|System bus|Group|Intel(r) ME|External environment|Battery|Processing blade|Connectivity switch|Processor/memory module|I/O module|Processor I/O module|Management controller firmware|IPMI channel|PCI bus|PCI express bus|SCSI bus|SATA/SAS bus|Processor front side bus".split('|');
obj.RealmNames = "||Redirection||Hardware Asset|Remote Control|Storage|Event Manager|Storage Admin|Agent Presence Local|Agent Presence Remote|Circuit Breaker|Network Time|General Information|Firmware Update|EIT|LocalUN|Endpoint Access Control|Endpoint Access Control Admin|Event Log Reader|Audit Log|ACL Realm|||Local System".split('|');
obj.WatchdogCurrentStates = { 1: "Not Started", 2: "Stopped", 4: "Running", 8: "Expired", 16: "Suspended" };
var _OCRProgressEvents = ["Boot parameters received from CSME", "CSME Boot Option % added successfully", "HTTPS URI name resolved", "HTTPS connected successfully", "HTTPSBoot download is completed", "Attempt to boot", "Exit boot services"];
var _OCRErrorEvents = ['', "No network connection available", "Name resolution of URI failed", "Connect to URI failed", "OEM app not found at local URI", "HTTPS TLS Auth failed", "HTTPS Digest Auth failed", "Verified boot failed (bad image)", "HTTPS Boot File not found"];
var _OCRSource = { 1: '', 2: "HTTPS", 4: "Local PBA", 8: "WinRE" };
function _GetEventDetailStr(eventSensorType, eventOffset, eventDataField, entity) {
if (eventSensorType == 15) {
if (eventDataField[0] == 235) return "Invalid Data";
if (eventOffset == 0) return _SystemFirmwareError[eventDataField[1]];
return _SystemFirmwareProgress[eventDataField[1]];
if (eventOffset == 0) {
return _SystemFirmwareError[eventDataField[1]];
} else if (eventOffset == 3) {
if ((eventDataField[0] == 170) && (eventDataField[1] == 48)) {
return format("AMT One Click Recovery: {0}", _OCRErrorEvents[eventDataField[2]]);
} else {
return "OEM Specific Firmware Error event";
}
} else if (eventOffset == 5) {
if ((eventDataField[0] == 170) && (eventDataField[1] == 48)) {
if (eventDataField[2] == 1) {
return format("AMT One Click Recovery: CSME Boot Option {0}:{1} added successfully", (eventDataField[3]), _OCRSource[(eventDataField[3])]);
} else if (eventDataField[2] < 7) {
return format("AMT One Click Recovery: {0}", _OCRProgressEvents[eventDataField[2]]);
} else {
return format("AMT One Click Recovery: Unknown progress event {0}", eventDataField[2]);
}
} else {
return "OEM Specific Firmware Progress event";
}
} else {
return _SystemFirmwareProgress[eventDataField[1]];
}
}
if ((eventSensorType == 18) && (eventDataField[0] == 170)) { // System watchdog event

10
amt-desktop-0.0.2.js
View File

@@ -763,11 +763,12 @@ var CreateAmtRemoteDesktop = function (divid, scrolldiv) {
if ((d.length >= 16) && (d.substring(0, 15) == '\0KvmDataChannel')) {
if (obj.kvmDataSupported == false) { obj.kvmDataSupported = true; console.log('KVM Data Channel Supported.'); }
if (((obj.onKvmDataAck == -1) && (d.length == 16)) || (d.charCodeAt(15) != 0)) { obj.onKvmDataAck = true; }
//if (urlvars && urlvars['kvmdatatrace']) { console.log('KVM-Recv(' + (d.length - 16) + '): ' + d.substring(16)); }
if (urlvars && urlvars['kvmdatatrace']) { console.log('KVM-DataChannel-Recv(' + (d.length - 16) + '): ' + d.substring(16)); }
if (d.length >= 16) { obj.onKvmData(d.substring(16)); } // Event the data and ack
if ((obj.onKvmDataAck == true) && (obj.onKvmDataPending.length > 0)) { obj.sendKvmData(obj.onKvmDataPending.shift()); } // Send pending data
} else {
console.log('Got KVM clipboard data:', d);
if (urlvars && urlvars['kvmdatatrace']) { console.log('KVM-ClipBoard-Recv(' + x.length + '): ' + rstr2hex(x) + ', ' + x); }
}
}
// ###END###{DesktopInband}
@@ -779,7 +780,7 @@ var CreateAmtRemoteDesktop = function (divid, scrolldiv) {
if (obj.onKvmDataAck !== true) {
obj.onKvmDataPending.push(x);
} else {
//if (urlvars && urlvars['kvmdatatrace']) { console.log('KVM-Send(' + x.length + '): ' + x); }
if (urlvars && urlvars['kvmdatatrace']) { console.log('KVM-DataChannel-Send(' + x.length + '): ' + x); }
x = '\0KvmDataChannel\0' + x;
obj.send(String.fromCharCode(6, 0, 0, 0) + IntToStr(x.length) + x);
obj.onKvmDataAck = false;
@@ -793,7 +794,10 @@ var CreateAmtRemoteDesktop = function (divid, scrolldiv) {
// ###END###{DesktopInband}
// ###BEGIN###{DesktopClipboard}
obj.sendClipboardData = function (x) { obj.send(String.fromCharCode(6, 0, 0, 0) + IntToStr(x.length) + x); }
obj.sendClipboardData = function (x) {
if (urlvars && urlvars['kvmdatatrace']) { console.log('KVM-ClipBoard-Send(' + x.length + '): ' + rstr2hex(x) + ', ' + x); }
obj.send(String.fromCharCode(6, 0, 0, 0) + IntToStr(x.length) + x);
}
// ###END###{DesktopClipboard}
obj.SendCtrlAltDelMsg = function () { obj.sendcad(); }

8
amt-ider-ws-0.0.1.js
View File

@@ -679,7 +679,9 @@ var CreateAmtRemoteIder = function () {
g_lba += len;
var fr = new FileReader();
fr.onload = function () {
obj.SendDataToHost(g_dev, (g_len == 0), this.result, featureRegister & 1);
var result = this.result;
if (typeof result == 'object') { result = arrToStr(new Uint8Array(result)); }
obj.SendDataToHost(g_dev, (g_len == 0), result, featureRegister & 1);
if ((g_len > 0) && (g_reset == false)) {
sendDiskDataEx(featureRegister);
} else {
@@ -689,8 +691,10 @@ var CreateAmtRemoteIder = function () {
}
};
//console.log('Read from ' + lba + ' to ' + (lba + len) + ', total of ' + len);
fr.readAsBinaryString(g_media.slice(lba, lba + len));
if (fr.readAsBinaryString) { fr.readAsBinaryString(g_media.slice(lba, lba + len)); } else { fr.readAsArrayBuffer(g_media.slice(lba, lba + len)); }
}
function arrToStr(arr) { return String.fromCharCode.apply(null, arr); }
return obj;
}

2
amt-redir-ws-0.1.0.js
View File

@@ -77,7 +77,7 @@ var CreateAmtRedirect = function (module, authCookie) {
// KVM traffic, forward it directly.
if ((obj.connectstate == 1) && ((obj.protocol == 2) || (obj.protocol == 3))) {
return obj.m.ProcessBinaryData ? obj.m.ProcessBinaryData(e.data) : obj.m.ProcessData(arrToStr(e.data));
return obj.m.ProcessBinaryData ? obj.m.ProcessBinaryData(e.data) : obj.m.ProcessData(arrToStr(new Uint8Array(e.data)));
}
// Append to accumulator

3
common-0.0.1.js
View File

@@ -103,4 +103,5 @@ function random(max) { return Math.floor(Math.random() * max); }
// Trademarks
function trademarks(x) { return x.replace(/\(R\)/g, '&reg;').replace(/\(TM\)/g, '&trade;'); }
// Format
function format(format) { var args = Array.prototype.slice.call(arguments, 1); return format.replace(/{(\d+)}/g, function (match, number) { return typeof args[number] != 'undefined' ? args[number] : match; }); };

38
index.html
View File

@@ -813,7 +813,7 @@
</div>
<div id="id_mainarea" class=maincell>
<!-- ###BEGIN###{IDER} -->
<div id="id_iderstatus" style="position:relative;height:21px;background:#8fac8d;padding:5px;margin-bottom:1px;display:none">
<div id="id_iderstatus" style="position:relative;height:21px;background:#8fac8d;padding:5px;margin-bottom:1px;display:none;z-index:1000">
<div style="float:right">
<input id="IDERDiskMapButton" type="button" value="Disk Map" onclick="iderToggleDiskMap()" />
<input type="button" value="Stop IDE-R Session" onclick="iderStop()" />
@@ -1680,7 +1680,7 @@
<!-- ###END###{PowerControl} -->
<script type="text/javascript">
// ###BEGIN###{!Look-BrandedCommander}
var version = '0.8.6';
var version = '0.8.8';
// ###END###{!Look-BrandedCommander}
// ###BEGIN###{Look-BrandedCommander}
var version = '1.2.0';
@@ -1746,6 +1746,10 @@
var webserver = null;
// ###END###{PowerControl-OneClick}
// ###END###{PowerControl-Advanced}
// ###BEGIN###{DesktopClipboard}
var xxKvmClipEnc = null;
var xxKvmClipVal = null;
// ###END###{DesktopClipboard}
function startup() {
// This is a bit freeky, but all HTML input elements are just going to be accessible directly.
@@ -2066,13 +2070,16 @@
Q('p24filetable').addEventListener('dragover', p24fileDragOver, false);
Q('p24filetable').addEventListener('dragleave', p24fileDragLeave, false);
// ###END###{DesktopInbandFiles}
}
// ###BEGIN###{PowerControl-Advanced}
// ###BEGIN###{PowerControl-OneClick}
function setupWebServer() {
if (webserver != null) return;
// ###BEGIN###{PowerControl-Advanced}
// ###BEGIN###{PowerControl-OneClick}
// Create a web server to serve One Client Recovery (OCR) disk image files.
webserver = CreateWebServer();
webserver.generateCertificate();
//webserver.start(function () { webserver.setupBootImage('C:\\temp\\ubuntu-18.04-desktop-amd64.iso', '127.0.0.1'); });
webserver.generateCertificate(urlvars['webcn']);
webserver.start();
webserver.onTransfers = function (webserver, transfers) {
var x = '';
@@ -2083,9 +2090,9 @@
//console.log('WebServer Cert Hash RAW', webserver.certHashRaw);
//console.log('WebServer Cert Hash HEX', webserver.certHashHex);
// ###END###{PowerControl-OneClick}
// ###END###{PowerControl-Advanced}
}
// ###END###{PowerControl-OneClick}
// ###END###{PowerControl-Advanced}
function documentFileSelectHandler(e) {
haltEvent(e);
@@ -6178,7 +6185,7 @@
// ###BEGIN###{CertificateManager}
if ((!xxDragDropCertFiles) && (certificateStore.length > 0)) { x += '<div style=height:26px;margin-top:4px><select onchange=addCertButtonUpdate() id=certoptype style=float:right;width:260px><option value=0>' + "Add from certificate manager" + '</option><option value=1>' + "Add from certificate file" + '</option></select><div style=padding-top:4px>' + "Operation" + '</div></div>'; }
x += '<div id=dxcertfileop1>';
var input = '<input id=certopen onchange=addCertButtonUpdate() type=file style=float:right;width:260px accept=".cer,.pem">';
var input = '<input id=certopen onchange=addCertButtonUpdate() type=file style=float:right;width:260px accept=".crt,.cer,.pem">';
if (xxDragDropCertFiles) { input = '<input style=float:right;width:260px readonly disabled value="' + xxDragDropCertFiles[0].name + '">'; }
x += '<div style=height:26px;margin-top:4px>' + input + '<div style=padding-top:4px>' + "Certificate file" + '</div></div></div>';
if (certificateStore.length > 0) {
@@ -6247,11 +6254,11 @@
function addCertButtonOk2(file) {
var data = file.target.result;
var i = data.indexOf('-----BEGIN CERTIFICATE-----');
if (i > 0) {
if (i >= 0) {
// This is a .PEM file, keep everything between BEGIN/END, clean it up and use as-is. It's already Base64.
data = data.substring(i + 27);
i = data.indexOf('-----END CERTIFICATE-----');
if (i > 0) data = data.substring(0, i)
if (i >= 0) data = data.substring(0, i)
data = data.replace(/\r\n/g, '');
} else {
// This is a .CER file, just base64 encode it and we should be ok.
@@ -8420,9 +8427,13 @@
x += '<textarea id=kvmClipText style=width:100%;height:120px;resize:none;margin-top:8px />';
setDialogMode(11, "Clipboard", 3, deskClipboardEx, x);
focusTextBox('kvmClipText');
if (xxKvmClipEnc != null) { Q('kvmClipEncoding').value = xxKvmClipEnc; }
if (xxKvmClipVal != null) { Q('kvmClipText').value = xxKvmClipVal; }
}
function deskClipboardEx() {
xxKvmClipEnc = Q('kvmClipEncoding').value;
xxKvmClipVal = Q('kvmClipText').value;
if (Q('kvmClipEncoding').value == 0) {
desktop.m.sendClipboardData(Q('kvmClipText').value.split('\\0').join('\0')); // Text encoded input
} else {
@@ -9930,7 +9941,8 @@
setDialogMode(11, "HTTPS Boot", 3, function () {
var files = Q('ocrfile').files;
if (files.length != 1) return;
webserver.setupBootImage(files[0].path, wsstack.comm.localAddress);
setupWebServer();
webserver.setupBootImage(files[0].path, (urlvars['webcn'] ? urlvars['webcn'] : wsstack.comm.localAddress));
powerActionDlg();
}, x);
QE('idx_dlgOkButton', false);
@@ -10250,7 +10262,7 @@
console.log("Boot Action: " + action);
console.log("Setting Boot Settings: " + ObjectToString2(r));
statusbox("Power Action", "Setting boot settings...");
amtstack.Put('AMT_BootSettingData', r, powerActionResponse2, r, 1);
amtstack.Put('AMT_BootSettingData', r, powerActionResponse2, 0, 1);
}
function powerActionResponse2(stack, name, response, status, tag) {

2
package.json
View File

@@ -1,6 +1,6 @@
{
"name": "MeshCommander",
"version": "0.8.5",
"version": "0.8.8",
"description": "Intel(R) Active Management Technology console tool",
"main": "index-nw.html",
"author": "Intel Corporation",

128
webserver-0.0.1.js
View File

@@ -18,6 +18,7 @@ var CreateWebServer = function () {
obj.rootKey = null; // Root certificate private key in PEM format.
obj.cert = null; // TLS certificate in PEM format.
obj.key = null; // TLS certificate private key in PEM format.
obj.certCommonName = null; // TLS certificate common name.
obj.certHashRaw = null; // SHA384 hash of TLS certificate.
obj.certHashHex = null; // SHA384 hash of TLS certificate in HEX.
obj.responses = {}; // Table responses to different url paths.
@@ -35,7 +36,7 @@ var CreateWebServer = function () {
obj.state = 1;
if ((obj.cert != null) && (obj.key != null)) { server = tls.createServer({ cert: obj.cert, key: obj.key, minVersion: 'TLSv1' }, onConnection); } else { server = net.createServer(onConnection); }
server.on('error', function (err) { if (err.code == 'EADDRINUSE') { obj.port = random(33000, 65500); server = null; obj.start(func); } else { console.log('WebServer Listen Error', err.code); } });
server.listen({ port: obj.port }, function (x) { obj.state = 2; console.log('WebServer listening on ' + obj.port); if (func != null) { func(); } });
server.listen({ port: obj.port }, function (x) { obj.state = 2; console.log('WebServer listening on ' + obj.port + ', CN: ' + obj.certCommonName); if (func != null) { func(); } });
}
// Called when a new incoming connection is made
@@ -45,13 +46,15 @@ var CreateWebServer = function () {
socket.xdata = ''; // Accumulator
socket.on('data', function (data) {
this.xdata += data.toString('utf8');
console.log('WebServer, socket received data', this.xdata);
var headersize = this.xdata.indexOf('\r\n\r\n');
if (headersize < 0) { if (this.xdata.length > 4096) { this.close(); } return; }
var headers = this.xdata.substring(0, headersize).split('\r\n');
if (headers.length < 1) { this.close(); return; }
var headerObj = {};
for (var i = 1; i < headers.length; i++) { var j = headers[i].indexOf(': '); if (i > 0) { headerObj[headers[i].substring(0, j).toLowerCase()] = headers[i].substring(j + 2); } }
var hostHeader = (headerObj['host'] != null) ? ('Host: ' + headerObj['host'] + '\r\n') : '';
var directives = headers[0].split(' ');
if ((directives.length != 3) || (directives[0] != 'GET')) { this.end(); return; }
if ((directives.length != 3) || ((directives[0] != 'GET') && (directives[0] != 'HEAD'))) { this.end(); return; }
console.log('WebServer, request', directives[0], directives[1]);
var responseCode = 404, responseType = 'text/html', responseData = 'Invalid request', r = obj.responses[directives[1]];
if (r != null) {
@@ -64,25 +67,31 @@ var CreateWebServer = function () {
if (r.shortfile) { try { responseData = fs.readFileSync(r.shortfile); } catch (ex) { responseCode = 404; responseType = 'text/html'; responseData = 'File not found'; } }
if (r.file) {
// Send the file header and pipe the rest of the file
socket.xfilepath = r.file;
socket.xfilename = path.basename(r.file);
socket.xsize = fs.statSync(r.file).size;
socket.write('HTTP/1.1 200 OK\r\nContent-Type: application/octet-stream\r\nContent-Length: ' + socket.xsize + '\r\nConnection: close\r\n\r\n');
var writable = require('stream').Writable;
socket.progress = new writable({ write: function (chunk, encoding, flush) { this.count += chunk.length; flush(); } });
socket.progress.count = 0;
var ws = fs.createReadStream(r.file, { flags: 'r' });
ws.pipe(socket.progress); ws.pipe(socket);
obj.transfers.push(socket);
this.xfilepath = r.file;
this.xfilename = path.basename(r.file);
this.xsize = fs.statSync(r.file).size;
this.write('HTTP/1.1 200 OK\r\n' + hostHeader + 'Content-Type: application/octet-stream\r\nConnection: keep-alive\r\nContent-Length: ' + this.xsize + '\r\n\r\n');
// Start the progress bar timer
if (obj.onTransfers != null) { obj.onTransfers(obj, obj.transfers); if (obj.transfersTimer == null) { obj.transfersTimer = setInterval(function () { obj.onTransfers(obj, obj.transfers); }, 500); } }
if (directives[0] == 'GET') {
console.log('WebServer, Streaming File: ' + r.file);
var writable = require('stream').Writable;
this.progress = new writable({ write: function (chunk, encoding, flush) { this.count += chunk.length; flush(); } });
this.progress.count = 0;
var ws = fs.createReadStream(r.file, { flags: 'r' });
ws.pipe(this.progress); ws.pipe(this);
obj.transfers.push(this);
// Start the progress bar timer
if (obj.onTransfers != null) { obj.onTransfers(obj, obj.transfers); if (obj.transfersTimer == null) { obj.transfersTimer = setInterval(function () { obj.onTransfers(obj, obj.transfers); }, 500); } }
}
this.xdata = '';
return;
}
}
}
socket.write('HTTP/1.1 ' + responseCode + ' OK\r\nContent-Type: ' + responseType + '\r\nContent-Length: ' + responseData.length + '\r\nConnection: close\r\n\r\n');
socket.write('HTTP/1.1 ' + responseCode + ' OK\r\n' + hostHeader + 'Connection: keep-alive\r\nContent-Type: ' + responseType + '\r\nContent-Length: ' + responseData.length + '\r\n\r\n');
socket.write(responseData);
this.xdata = '';
});
socket.on('end', function () { cleanupSocket(this); console.log('WebServer, socket closed'); });
socket.on('error', function (err) { cleanupSocket(this); console.log('WebServer, socket error', err); });
@@ -102,20 +111,20 @@ var CreateWebServer = function () {
obj.stop = function () { if (server == null) return; server.close(); server = null; }
// Generate a TLS certificate (this is really a root cert)
obj.generateCertificate = function () {
var attrs1 = [{ name: 'commonName', value: 'MeshCommanderRoot' }, { name: 'countryName', value: 'Unknown' }, { shortName: 'ST', value: 'Unknown' }, { name: 'organizationName', value: 'Unknown' }];
var attrs2 = [{ name: 'commonName', value: 'MeshCommander.com' }, { name: 'countryName', value: 'Unknown' }, { shortName: 'ST', value: 'Unknown' }, { name: 'organizationName', value: 'Unknown' }];
obj.generateCertificate = function (commonName) {
var attrs1 = [{ name: 'commonName', value: 'MeshCommanderRoot' }, { name: 'countryName', value: 'unknown' }, { name: 'organizationName', value: 'unknown' }];
var attrs2 = [{ name: 'commonName', value: (commonName ? commonName : 'MeshCommander') }, { name: 'countryName', value: 'unknown' }, { name: 'organizationName', value: 'unknown' }];
if (fs.existsSync('webroot.pem') && fs.existsSync('webroot.key')) {
if (fs.existsSync('webroot.crt') && fs.existsSync('webroot.key')) {
console.log('Read root from file');
obj.rootCert = fs.readFileSync('webroot.pem').toString();
obj.rootCert = fs.readFileSync('webroot.crt').toString();
obj.rootKey = fs.readFileSync('webroot.key').toString();
var rootcert = forge.pki.certificateFromPem(obj.rootCert);
var rootkeys = { privateKey: forge.pki.privateKeyFromPem(obj.rootKey) };
} else {
console.log('Generate root');
console.log('Generate root...');
// Generate a root keypair and create an X.509v3 root certificate
var rootkeys = forge.pki.rsa.generateKeyPair(1024);
var rootkeys = forge.pki.rsa.generateKeyPair(2048);
var rootcert = forge.pki.createCertificate();
rootcert.publicKey = rootkeys.publicKey;
rootcert.serialNumber = '' + Math.floor((Math.random() * 100000) + 1);
@@ -123,24 +132,27 @@ var CreateWebServer = function () {
rootcert.validity.notAfter = new Date(2049, 11, 31);
rootcert.setSubject(attrs1);
rootcert.setIssuer(attrs1);
rootcert.setExtensions([{ name: 'basicConstraints', cA: true }, { name: 'nsCertType', sslCA: true, emailCA: true, objCA: true }, { name: 'subjectKeyIdentifier' }]); // Root extensions
rootcert.sign(rootkeys.privateKey, forge.md.sha256.create());
rootcert.setExtensions([{ name: 'basicConstraints', cA: true }, { name: 'keyUsage', keyCertSign: true }, { name: 'subjectKeyIdentifier' }]); // Root extensions
rootcert.sign(rootkeys.privateKey, forge.md.sha384.create());
obj.rootCert = forge.pki.certificateToPem(rootcert);
obj.rootKey = forge.pki.privateKeyToPem(rootkeys.privateKey);
fs.writeFileSync('webroot.pem', obj.rootCert);
fs.writeFileSync('webroot.crt', obj.rootCert);
fs.writeFileSync('webroot.key', obj.rootKey);
}
if (fs.existsSync('webleaf.pem') && fs.existsSync('webleaf.key')) {
if (fs.existsSync('webleaf.crt') && fs.existsSync('webleaf.key')) {
console.log('Read leaf from file');
obj.cert = fs.readFileSync('webleaf.pem').toString();
obj.cert = fs.readFileSync('webleaf.crt').toString();
obj.key = fs.readFileSync('webleaf.key').toString();
var cert = forge.pki.certificateFromPem(obj.cert);
var keys = { privateKey: forge.pki.privateKeyFromPem(obj.key) };
} else {
console.log('Generate leaf');
obj.certCommonName = forge.pki.certificateFromPem(obj.cert).subject.getField('CN').value;
}
if ((obj.certCommonName == null) || ((commonName != null) && (commonName != obj.certCommonName))) {
console.log('Generate leaf...');
// Generate a keypair and create an X.509v3 certificate
var keys = forge.pki.rsa.generateKeyPair(1024);
var keys = forge.pki.rsa.generateKeyPair(2048);
var cert = forge.pki.createCertificate();
cert.publicKey = keys.publicKey;
cert.serialNumber = '' + Math.floor((Math.random() * 100000) + 1);
@@ -153,13 +165,15 @@ var CreateWebServer = function () {
var extKeyUsage = { name: 'extKeyUsage', serverAuth: true }
// Create a leaf certificate
cert.setExtensions([{ name: 'basicConstraints' }, { name: 'keyUsage', keyCertSign: true, digitalSignature: true, nonRepudiation: true, keyEncipherment: true, dataEncipherment: true }, extKeyUsage, { name: 'nsCertType', server: true }, { name: 'subjectKeyIdentifier' }]);
cert.setExtensions([{ name: 'basicConstraints' }, { name: 'keyUsage', digitalSignature: true, keyEncipherment: true }, extKeyUsage, { name: 'subjectKeyIdentifier' }]);
// Self-sign certificate
cert.sign(rootkeys.privateKey, forge.md.sha256.create());
cert.sign(rootkeys.privateKey, forge.md.sha384.create());
obj.cert = forge.pki.certificateToPem(cert);
obj.key = forge.pki.privateKeyToPem(keys.privateKey);
fs.writeFileSync('webleaf.pem', obj.cert);
obj.certCommonName = (commonName ? commonName : 'MeshCommander');
fs.writeFileSync('webleaf.crt', obj.cert);
fs.writeFileSync('webleaf.key', obj.key);
}
@@ -182,19 +196,6 @@ var CreateWebServer = function () {
console.log('SHA512', md.digest().toHex());
}
// MC 0.8.6
// 8680 0100 2c000000 68747470733a2f2f31302e3135312e3133372e3139383a343133352f34343131313435323237343935353831 // https://10.151.137.198:4135/4411145227495581
// 8680 1400 01000000 00 // OCR_HTTPS_CERT_SYNC_ROOT_CA
// 8680 1700 20000000 ac8adfe3809dc66990040fdaac53765e369c0242f2a789327b57c072d5dd2677
// 8680 1e00 02000000 3c00 // OCR_HTTPS_REQUEST_TIMEOUT (60)
// MC 0.8.3-alpha
// 8680 0100 2c000000 68747470733a2f2f31302e3135312e3133372e3139383a343133352f34343131313435323237343935353831 // https://10.151.137.198:4135/4411145227495581
// 8680 0300 02000000 2c00 // OCR_EFI_FILE_DEVICE_PATH (44)
// 8680 1700 20000000 ac8adfe3809dc66990040fdaac53765e369c0242f2a789327b57c072d5dd2677
// 8680 1400 01000000 00 // OCR_HTTPS_CERT_SYNC_ROOT_CA
// 8680 1e00 02000000 0000 // OCR_HTTPS_REQUEST_TIMEOUT
// Returns a UEFI boot parameter in binary
function makeUefiBootParam(type, data, len) {
if (typeof data == 'number') { if (len == 1) { data = String.fromCharCode(data & 0xFF); } if (len == 2) { data = ShortToStrX(data); } if (len == 4) { data = IntToStrX(data); } }
@@ -204,7 +205,7 @@ var CreateWebServer = function () {
// Setup UEFI boot image
obj.setupBootImage = function(filePath, ip) {
if (fs.existsSync(filePath) == false) return null;
var name = ('' + Math.random()).substring(2);
var name = ('' + Math.random()).substring(2) + '.iso';
obj.responses['/' + name] = { type: 'application/octet-stream', file: filePath };
var url = 'http' + ((obj.cert != null) ? 's' : '') + '://' + ip + ':' + obj.port + '/' + name;
console.log(url);
@@ -215,7 +216,7 @@ var CreateWebServer = function () {
makeUefiBootParam(1, url) + // OCR_EFI_NETWORK_DEVICE_PATH (1)
makeUefiBootParam(3, url.length, 2) + // OCR_EFI_DEVICE_PATH_LEN (3)
makeUefiBootParam(20, 0, 1) + // OCR_HTTPS_CERT_SYNC_ROOT_CA (20) (0 = false)
makeUefiBootParam(21, "MeshCommander.com") + // OCR_HTTPS_CERT_SERVER_NAME (21)
makeUefiBootParam(21, obj.certCommonName) + // OCR_HTTPS_CERT_SERVER_NAME (21)
makeUefiBootParam(22, 1, 2) + // OCR_HTTPS_SERVER_NAME_VERIFY_METHOD (22) (1 = FullName)
makeUefiBootParam(23, obj.certHashRaw) + // OCR_HTTPS_SERVER_CERT_HASH_SHA256 (23)
makeUefiBootParam(30, 0, 2)), // OCR_HTTPS_REQUEST_TIMEOUT (30) (0 seconds = default)
@@ -226,19 +227,42 @@ var CreateWebServer = function () {
args: btoa(
makeUefiBootParam(1, url) + // OCR_EFI_NETWORK_DEVICE_PATH (1)
makeUefiBootParam(20, 0, 1) + // OCR_HTTPS_CERT_SYNC_ROOT_CA (20) (0 = false)
makeUefiBootParam(21, "MeshCommander.com") + // OCR_HTTPS_CERT_SERVER_NAME (21)
makeUefiBootParam(21, obj.certCommonName) + // OCR_HTTPS_CERT_SERVER_NAME (21)
makeUefiBootParam(22, 1, 2) + // OCR_HTTPS_SERVER_NAME_VERIFY_METHOD (22) (1 = FullName)
makeUefiBootParam(23, obj.certHashRaw)), // OCR_HTTPS_SERVER_CERT_HASH_SHA256 (23)
argscount: 5
};
obj.lastBootImageArgs = {
args: btoa(
makeUefiBootParam(1, url) + // OCR_EFI_NETWORK_DEVICE_PATH (1)
makeUefiBootParam(20, 1, 1) + // OCR_HTTPS_CERT_SYNC_ROOT_CA (20) (0 = false)
makeUefiBootParam(21, obj.certCommonName) + // OCR_HTTPS_CERT_SERVER_NAME (21)
makeUefiBootParam(22, 1, 2)), // OCR_HTTPS_SERVER_NAME_VERIFY_METHOD (22) (1 = FullName)
argscount: 4
};
*/
/*
url = 'http' + ((obj.cert != null) ? 's' : '') + '://' + "DESKTOP-NTHM909.jf.intel.com" + ':' + obj.port + '/' + name;
// This works!
obj.lastBootImageArgs = {
args: btoa(
makeUefiBootParam(1, url) + // OCR_EFI_NETWORK_DEVICE_PATH (1)
makeUefiBootParam(23, obj.certHashRaw) + // OCR_HTTPS_SERVER_CERT_HASH_SHA256 (23)
makeUefiBootParam(20, 1, 1) + // OCR_HTTPS_CERT_SYNC_ROOT_CA (20) (0 = false)
makeUefiBootParam(30, 0, 2)), // OCR_HTTPS_REQUEST_TIMEOUT (30) (0 seconds = default)
argscount: 4
};
*/
obj.lastBootImageArgs = {
args: btoa(
makeUefiBootParam(1, url) + // OCR_EFI_NETWORK_DEVICE_PATH (1)
makeUefiBootParam(23, obj.certHashRaw) + // OCR_HTTPS_SERVER_CERT_HASH_SHA256 (23)
makeUefiBootParam(20, 1, 1) + // OCR_HTTPS_CERT_SYNC_ROOT_CA (20) (0 = false)
makeUefiBootParam(21, "MeshCommander.com") + // OCR_HTTPS_CERT_SERVER_NAME (21)
makeUefiBootParam(22, 1, 2)), // OCR_HTTPS_SERVER_NAME_VERIFY_METHOD (22) (1 = FullName)
makeUefiBootParam(30, 0, 2)), // OCR_HTTPS_REQUEST_TIMEOUT (30) (0 seconds = default)
argscount: 4
};