Merge pull request #1 from lenchvolodymyr/fix/connection-via-ssl

fix connection via ssl
hackolade · Nov 9, 2021 · 3bc2d55 · 3bc2d55
2 parents 887d38f + e1d1b2f
commit 3bc2d55
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 236 deletions.
diff --git a/reverse_engineering/helpers/connectionHelper.js b/reverse_engineering/helpers/connectionHelper.js
@@ -42,28 +42,44 @@ const connectViaSsh = info =>
         });
     });
 
-const getSslOptions = connectionInfo => {
+const getSslOptions = (connectionInfo, logger) => {
     const sslType = mapSslType(connectionInfo.sslType);
 
     if (sslType === 'disable') {
         return false;
     }
 
     if (sslType === 'allow') {
-        true;
+        return true;
     }
 
-    if (['prefer', 'require', 'verify-ca', 'verify-full'].includes(sslType)) {
-        return {
-            ca: fs.existsSync(connectionInfo.certAuthority)
-                ? fs.readFileSync(connectionInfo.certAuthority).toString()
-                : '',
-            cert: fs.existsSync(connectionInfo.clientCert) ? fs.readFileSync(connectionInfo.clientCert).toString() : '',
-            key: fs.existsSync(connectionInfo.clientPrivateKey)
-                ? fs.readFileSync(connectionInfo.clientPrivateKey).toString()
-                : '',
-        };
+    let sslOptions = {
+        checkServerIdentity(hostname, cert) {
+            logger.info('Certificate', {
+                hostname,
+                cert: {
+                    subject: cert.subject,
+                    issuer: cert.issuer,
+                    valid_from: cert.valid_from,
+                    valid_to: cert.valid_to,
+                },
+            });
+        }
+    };
+
+    if (fs.existsSync(connectionInfo.certAuthority)) {
+        sslOptions.ca = fs.readFileSync(connectionInfo.certAuthority).toString();
+    }
+
+    if (fs.existsSync(connectionInfo.clientCert)) {
+        sslOptions.cert = fs.readFileSync(connectionInfo.clientCert).toString();
     }
+
+    if (fs.existsSync(connectionInfo.clientPrivateKey)) {
+        sslOptions.key = fs.readFileSync(connectionInfo.clientPrivateKey).toString();
+    }
+
+    return sslOptions;
 };
 
 const mapSslType = sslType => {
@@ -77,7 +93,7 @@ const mapSslType = sslType => {
     return oldToNewSslType[sslType] || sslType;
 };
 
-const createClient = async connectionInfo => {
+const createClient = async (connectionInfo, logger) => {
     let sshTunnel = null;
 
     if (connectionInfo.ssh) {
@@ -92,7 +108,7 @@ const createClient = async connectionInfo => {
         password: connectionInfo.userPassword,
         port: connectionInfo.port,
         keepAlive: true,
-        ssl: getSslOptions(connectionInfo),
+        ssl: getSslOptions(connectionInfo, logger),
         connectionTimeoutMillis: Number(connectionInfo.queryRequestTimeout) || 60000,
         query_timeout: Number(connectionInfo.queryRequestTimeout) || 60000,
         statement_timeout: Number(connectionInfo.queryRequestTimeout) || 60000,

diff --git a/reverse_engineering/helpers/postgresService.js b/reverse_engineering/helpers/postgresService.js
@@ -66,7 +66,7 @@ module.exports = {
             await this.disconnect();
         }
 
-        const { client, sshTunnel } = await createClient(connectionInfo);
+        const { client, sshTunnel } = await createClient(connectionInfo, specificLogger);
 
         db.initializeClient(client, specificLogger);
         currentSshTunnel = sshTunnel;

diff --git a/reverse_engineering/package-lock.json b/reverse_engineering/package-lock.json