This commit is contained in:
Philipp Kunz 2025-05-21 23:37:29 +00:00
parent 2564d0874b
commit d3255a7e14
2 changed files with 125 additions and 20 deletions

View File

@ -93,10 +93,12 @@ export class SMTPServer {
const cert = Buffer.from(optionsArg.cert, 'utf8');
const ca = optionsArg.ca ? Buffer.from(optionsArg.ca, 'utf8') : undefined;
logger.log('debug', 'Creating TLS server with certificates', {
logger.log('warn', 'SMTP SERVER: Creating TLS server with certificates', {
keyBufferLength: key.length,
certBufferLength: cert.length,
caBufferLength: ca ? ca.length : 0
caBufferLength: ca ? ca.length : 0,
keyPreview: key.toString('utf8').substring(0, 50),
certPreview: cert.toString('utf8').substring(0, 50)
});
// TLS configuration for secure connections with broader compatibility

View File

@ -53,26 +53,52 @@ function normalizeCertificate(str: string | Buffer): string {
// Normalize line endings (replace Windows-style \r\n with Unix-style \n)
normalizedStr = normalizedStr.replace(/\r\n/g, '\n');
// Ensure proper line breaks after header and before footer
const beginMatch = normalizedStr.match(/^(-----BEGIN [^-]+-----)(.*)$/s);
const endMatch = normalizedStr.match(/(.*)(-----END [^-]+-----)$/s);
// Only normalize if the certificate appears to have formatting issues
// Check if the certificate is already properly formatted
const lines = normalizedStr.split('\n');
let needsReformatting = false;
if (beginMatch && endMatch) {
const header = beginMatch[1];
const footer = endMatch[2];
let content = normalizedStr.substring(header.length, normalizedStr.length - footer.length);
// Clean up any existing line breaks or spaces in the content
content = content.replace(/[\n\r\s]/g, '');
// Add proper line breaks (every 64 characters)
let formattedContent = '';
for (let i = 0; i < content.length; i += 64) {
formattedContent += content.substring(i, Math.min(i + 64, content.length)) + '\n';
// Check for common formatting issues:
// 1. Missing line breaks after header/before footer
// 2. Lines that are too long or too short (except header/footer)
// 3. Multiple consecutive blank lines
for (let i = 0; i < lines.length; i++) {
const line = lines[i].trim();
if (line.startsWith('-----BEGIN ') || line.startsWith('-----END ')) {
continue; // Skip header/footer lines
}
if (line.length === 0) {
continue; // Skip empty lines
}
// Check if content lines are reasonable length (base64 is typically 64 chars per line)
if (line.length > 76) { // Allow some flexibility beyond standard 64
needsReformatting = true;
break;
}
}
// Only reformat if necessary
if (needsReformatting) {
const beginMatch = normalizedStr.match(/^(-----BEGIN [^-]+-----)(.*)$/s);
const endMatch = normalizedStr.match(/(.*)(-----END [^-]+-----)$/s);
// Reconstruct the certificate
return header + '\n' + formattedContent + footer;
if (beginMatch && endMatch) {
const header = beginMatch[1];
const footer = endMatch[2];
let content = normalizedStr.substring(header.length, normalizedStr.length - footer.length);
// Clean up only line breaks and carriage returns, preserve base64 content
content = content.replace(/[\n\r]/g, '').trim();
// Add proper line breaks (every 64 characters)
let formattedContent = '';
for (let i = 0; i < content.length; i += 64) {
formattedContent += content.substring(i, Math.min(i + 64, content.length)) + '\n';
}
// Reconstruct the certificate
return header + '\n' + formattedContent + footer;
}
}
return normalizedStr;
@ -89,7 +115,77 @@ export function loadCertificatesFromString(options: {
ca?: string | Buffer;
}): ICertificateData {
try {
// Try to fix and normalize certificates
// First try to use certificates without normalization
try {
let keyStr: string;
let certStr: string;
let caStr: string | undefined;
// Convert inputs to strings without aggressive normalization
if (Buffer.isBuffer(options.key)) {
keyStr = options.key.toString('utf8');
} else {
keyStr = options.key;
}
if (Buffer.isBuffer(options.cert)) {
certStr = options.cert.toString('utf8');
} else {
certStr = options.cert;
}
if (options.ca) {
if (Buffer.isBuffer(options.ca)) {
caStr = options.ca.toString('utf8');
} else {
caStr = options.ca;
}
}
// Simple cleanup - only normalize line endings
keyStr = keyStr.trim().replace(/\r\n/g, '\n');
certStr = certStr.trim().replace(/\r\n/g, '\n');
if (caStr) {
caStr = caStr.trim().replace(/\r\n/g, '\n');
}
// Convert to buffers
const keyBuffer = Buffer.from(keyStr, 'utf8');
const certBuffer = Buffer.from(certStr, 'utf8');
const caBuffer = caStr ? Buffer.from(caStr, 'utf8') : undefined;
// Test the certificates first
const secureContext = tls.createSecureContext({
key: keyBuffer,
cert: certBuffer,
ca: caBuffer
});
SmtpLogger.info('Successfully validated certificates without normalization');
return {
key: keyBuffer,
cert: certBuffer,
ca: caBuffer
};
} catch (simpleError) {
SmtpLogger.warn(`Simple certificate loading failed, trying normalization: ${simpleError instanceof Error ? simpleError.message : String(simpleError)}`);
// DEBUG: Log certificate details when simple loading fails
SmtpLogger.warn('Certificate loading failure details', {
keyType: typeof options.key,
certType: typeof options.cert,
keyIsBuffer: Buffer.isBuffer(options.key),
certIsBuffer: Buffer.isBuffer(options.cert),
keyLength: options.key ? options.key.length : 0,
certLength: options.cert ? options.cert.length : 0,
keyPreview: options.key ? (typeof options.key === 'string' ? options.key.substring(0, 50) : options.key.toString('utf8').substring(0, 50)) : 'null',
certPreview: options.cert ? (typeof options.cert === 'string' ? options.cert.substring(0, 50) : options.cert.toString('utf8').substring(0, 50)) : 'null'
});
}
// Fallback: Try to fix and normalize certificates
try {
// Normalize certificates (handles both string and Buffer inputs)
const key = normalizeCertificate(options.key);
@ -119,7 +215,14 @@ export function loadCertificatesFromString(options: {
// If createSecureContext doesn't throw, the certificates are valid
SmtpLogger.info('Successfully validated certificate format');
} catch (validationError) {
// Log detailed error information for debugging
SmtpLogger.error(`Certificate validation error: ${validationError instanceof Error ? validationError.message : String(validationError)}`);
SmtpLogger.debug('Certificate validation details', {
keyPreview: keyBuffer.toString('utf8').substring(0, 100) + '...',
certPreview: certBuffer.toString('utf8').substring(0, 100) + '...',
keyLength: keyBuffer.length,
certLength: certBuffer.length
});
throw validationError;
}