From 00d41c6de2f14aaafe03aadf1e456c6ba5078364 Mon Sep 17 00:00:00 2001
From: bartbutenaers <bart.butenaers@gmail.com>
Date: Sat, 2 May 2020 07:52:20 +0200
Subject: [PATCH] Refresh https settings

---
 packages/node_modules/node-red/red.js | 41 ++++++++++++++++++++++++++-
 1 file changed, 40 insertions(+), 1 deletion(-)

diff --git a/packages/node_modules/node-red/red.js b/packages/node_modules/node-red/red.js
index 26b6d1fc8..92b5b5a36 100755
--- a/packages/node_modules/node-red/red.js
+++ b/packages/node_modules/node-red/red.js
@@ -143,7 +143,46 @@ if (process.env.NODE_RED_ENABLE_PROJECTS) {
 }
 
 if (settings.https) {
-    server = https.createServer(settings.https,function(req,res) {app(req,res);});
+    var startupHttps = settings.https;
+    
+    if (typeof startupHttps === "function") {
+        // Get the result of the function, because createServer doesn't accept functions as input
+        startupHttps = startupHttps(); 
+    }  
+
+    server = https.createServer(startupHttps,function(req,res) {app(req,res);});
+    
+    // Refresh https settings at intervals for NodeJs version 11 and above
+    if (settings.httpsRefreshInterval) {
+        if (typeof startupHttps === "function") {        
+            if (server.setSecureContext) {
+                console.log("Refreshing https settings every " + parseInt(settings.credentialRenewalTime) + " seconds.");
+                setInterval(function () {
+                    try {
+                        // Get the result of the function, because createServer doesn't accept functions as input
+                        var refreshedHttps = settings.https();
+                        
+                        if (!refreshedHttps.key || !refreshedHttps.cert) {
+                            console.log("Cannot refresh the https settings when the https property function doesn't return a 'key' and 'cert'.");
+                            return;
+                        }
+                            
+                        // Only update the credentials in the server when key or cert has changed
+                        if(!server.key || !server.cert || !server.key.equals(refreshedHttps.key) || !server.cert.equals(refreshedHttps.cert)) {
+                            server.setSecureContext(refreshedHttps);
+                            console.log("The https settings have been refreshed.");
+                        }
+                    } catch(err) {
+                        console.log("Failed to refresh the https settings: " + err);
+                    }
+                }, parseInt(settings.credentialRenewalTime) * 1000);
+            } else {
+                console.log("Cannot refresh the https settings automatically, because NodeJs version 11 or above is required.");
+            }
+        } else {
+            console.log("Cannot refresh the https settings automatically (at httpsRefreshInterval), because the https property needs to be a function.");
+        } 
+    }
 } else {
     server = http.createServer(function(req,res) {app(req,res);});
 }