Skip to content

Commit

Permalink
fix: store key - fix: add fullchain - fix: DNS domain names are lower…
Browse files Browse the repository at this point in the history
…case only
  • Loading branch information
mkg20001 committed Oct 30, 2017
1 parent c0bb5ac commit 8cb15d9
Show file tree
Hide file tree
Showing 11 changed files with 70 additions and 17 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,4 @@ node_modules
package-lock.json
config.json
*.pem
*.crt
27 changes: 25 additions & 2 deletions index.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,10 @@

const libp2p = require("libp2p")
const TCP = require("libp2p-tcp")
const WS = require("libp2p-websockets")
const Peer = require("peer-info")
const Id = require("peer-id")
const multiaddr = require("multiaddr")

const SPDY = require('libp2p-spdy')
const MULTIPLEX = require('libp2p-multiplex')
Expand All @@ -22,9 +24,20 @@ map(require("./test/ids.json"), Id.createFromJSON, (e, ids) => {

listen.forEach(addr => peer.multiaddrs.add(addr))

let tcp = new TCP()
let ws = new WS()
let l = []
const create = tcp.createListener.bind(tcp)
tcp.createListener = (options, handler) => {
let n = create(options, handler)
n.handler = handler
l.push(n)
return n
}

const swarm = new libp2p({
transport: [
new TCP()
tcp
],
connection: {
muxer: [
Expand All @@ -44,6 +57,16 @@ map(require("./test/ids.json"), Id.createFromJSON, (e, ids) => {

swarm.start(err => {
if (err) throw err
swarm.nodetrust.enable(console.log)
swarm.nodetrust.enable(err => {
if (err) throw err
let wss = ws.createListener({
cert: swarm.nodetrust.chain,
key: swarm.nodetrust.key
}, l[0].handler)
wss.listen(multiaddr("/ip4/0.0.0.0/tcp/5285/ws"), err => {
if (err) throw err
console.log("Online @ https://localhost:5285")
})
})
})
})
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
"libp2p-secio": "^0.8.1",
"libp2p-spdy": "^0.11.0",
"libp2p-tcp": "^0.11.1",
"libp2p-websockets": "^0.10.4"
"libp2p-websockets": "github:libp2p/js-libp2p-websockets#pass-options"
},
"dependencies": {
"node-forge": "^0.7.1",
Expand Down
7 changes: 6 additions & 1 deletion server/genca.sh
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
#!/bin/sh

openssl req -subj '/' -new -nodes -x509 -days 3650 -extensions v3_ca -keyout cakey.pem -out cacert.pem
openssl req -subj '/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org' -new -nodes -x509 -days 3650 -extensions v3_ca -keyout cakey.pem -out cacert.pem
openssl x509 -in cacert.pem -inform PEM -out ca.crt

# to install ca
# sudo cp ca.crt /usr/share/ca-certificates/extra/nodetrust.crt
# sudo dpkg-reconfigure ca-certificates
6 changes: 4 additions & 2 deletions server/src/ca/forge.js
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ module.exports = class ForgeCA {
if (cn != cn_req) return cb(new Error("Rejecting request: commonName (" + cn + ") and requested commonName (" + cn_req + ") do not match!"))
const cert = pki.createCertificate()

cert.serialNumber = '02'
cert.serialNumber = "03"

cert.validity.notBefore = new Date()
cert.validity.notAfter = new Date()
Expand All @@ -48,6 +48,8 @@ module.exports = class ForgeCA {

log('signing csr for %s', cn)

return cb(null, Buffer.from(pki.certificateToPem(cert)))
const pemout = Buffer.from(pki.certificateToPem(cert))

return cb(null, pemout, Buffer.concat([pemout, Buffer.from(this.cert)]))
}
}
5 changes: 3 additions & 2 deletions server/src/ca/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -29,11 +29,12 @@ module.exports = (swarm, config) => {
log('incomming certificate request from', pi.id.toB58String())
id.pubKey.verify(data.certRequest, data.signature, (err, ok) => {
if (err || !ok) return cb(err)
ca.doCertRequest(data.certRequest, id, pi.id.toB58String() + "." + swarm.zone, data.signature, (err, certificate) => {
ca.doCertRequest(data.certRequest, id, swarm.getCN(id), data.signature, (err, certificate, fullchain) => {
if (err) return cb(err)
return respond({
success: true,
certificate
certificate,
fullchain
})
})
})
Expand Down
2 changes: 1 addition & 1 deletion server/src/config.dev.json
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"zone": "node.libp2p.io",
"zone": "node.libp2p",
"id": {
"id": "QmRQuY14GoeyDx5DoFWq9xnCteSz6pWFKcopvJspei5LXa",
"privKey": "CAASqQkwggSlAgEAAoIBAQDXW+yHJxrvsOVh6EqNowW0CNMZLvDX8Ai+Sy3zDf8LmgOtZaGvQW/5A07peETcYf/pBCw8p2eqZwzouVxXbPteYnGbLX5AV8edzb98PDIRFAb7tInRbzWcaIC6Bwh5hjiUC4smf2ZEuZl0St9zDGYFGYEPam6HSvIph1RfDPbMXU6X+AIqMXKiArc5K43BpEblNht432xR9ywDQUkJuoXM1NkERCjsE0VkO29MZ2IFM9yUp02JqGKNeubgwOsbfmbXsg715aiWoTiT6lTBJ5bgtydE56YO5jaKVuHsQw9u/QoqdygK6N9mK9vK/KANuveLOpQI9tXchHYwV1aY7VdFAgMBAAECggEBAKMTDoZBDFqYHvoGhf2+hmEPlZoqO2God1ZxYzf7Tzefxk0U+lvVN07ePHD6C1q+MqRl7oF3Wj5kjhfj1JK3CZks/k29Iy7hyVwrImaWxmq8OZV73ihjB7uKPn+fN8Gd61Xfb90U94Hu8M5oq89YgiA2cc4Uj+GO1NSxjyfyjyer0z/nOkQRCFgwh5NKxm8rxWHfDdwn3ftjwZglx9cRj3pwZ6g04Cga7HiQMEgZ3LRmwRVHKancqkqfT5woTgzR+8SpGJ4wu+8QVBcHPUWj91Rmt3jm3cLdH4/BBAIIY1RE23k6srWJw7axZOLOJKwgRJDM+qHr4LkYTAn89CoTggECgYEA/s2HqUK9O3S8+0Gf9oUM61GPQBqo8mzEjkeiXF1n2pKr+M0xavtCwj2fWrShpOiIKdXUyM3ANJya+aBDQ4/FPvOjFDGSR0ToQttcWdM+noXq+x6C4yiN/8U533mUKhlG+XzosH7PIaASDVLgKUV57GmbUIEuMEXHruhTHoh+OUECgYEA2F7zvFBPnk+yQGDkYbtrT5RpuqK9qU55ujLO2QuleL7Jm0hvK+/z3cTpuR6Lfn7nPcTl27vCxMLSJvLC/sBEuTcY02u+7PvclD9iBGVdvsXL9NoWBw5xYBXyBOXnQGQKcLhWSlDI4REHWezlcfkZ3Zicx8AqHB4nxaEMbkFG+QUCgYEAnkIHzaBPKluSeThEY3g2Ev6AS9+DKbdWycxCUr4NIBvTRmAkHn9a8owVqt/gOi3XTKysUeBBTiwqsXrR7GeiqjvnAUbcxPlOjR/0FzJ2hT1GOpyzzOVGdSMJk/zOgutaQuFLITxR6F+kdrQP2HJ3jNf3CKSDjKX6pW9VGPTL+UECgYEAg/HbVoHvG45kGAg+HS8qcHwDwbGOURmu95IWO5tzi99kmBIi4TtRjnKPSLlMvZXrs+pHdajZTB22A9RUfv+GqR/lPsBczK2GRM0mG6Io+bYq+ySm/CSdlMetL7l3PPgEudpfnLAI397/iaICBW+vi0eOi+0ugLkO7eCY8P9TpXUCgYAC87u6cHeNecWIjBEsZHoadOYXZTpQIZsVE2c1apcMFp8+xu89Jl4TM4iHYzuzpBuW9q/X7ZYAE35zUpR1iOE1YbWH3nXYj1JCYTuhFS+7acJ4bNfs7qy6AKCbqiw2fv9SNpY0gMn8Y/vLx6FQdzxU2AE8URANgSTA8pA9DaqVEQ==",
Expand Down
2 changes: 1 addition & 1 deletion server/src/dns/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ module.exports = (swarm, config) => {
if (err || !ok) return cb(err)
conn.getObservedAddrs((err, addr) => {
if (err) return cb(err)
const dns = id.toB58String() + "." + swarm.zone + "."
const dns = swarm.getCN(id) + "."
const ips = addr.map(addr => addr.toString()).filter(addr => addr.startsWith("/ip")).map(addr => {
const s = addr.split("/")
return {
Expand Down
6 changes: 6 additions & 0 deletions server/src/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ const SPDY = require('libp2p-spdy')
const MULTIPLEX = require('libp2p-multiplex')
const SECIO = require('libp2p-secio')

const protos = require('./protos')

module.exports = function NodetrustServer(config) {
const self = this

Expand Down Expand Up @@ -39,6 +41,10 @@ module.exports = function NodetrustServer(config) {
}, peer)

swarm.zone = config.zone
swarm.getCN = id => {
if (id.toB58String) id = id.toB58String()
return protos.buildCN(id, swarm.zone)
}

require("./ca")(swarm, config.ca)
require("./dns")(swarm, config.dns)
Expand Down
9 changes: 8 additions & 1 deletion server/src/protos.js
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ const once = require('once')

module.exports = {
info: protobuf('message Request { } message Result { required string zone = 1; }'),
ca: protobuf('message Request { required bytes certRequest = 1; required bytes signature = 2; } message Result { required bool success = 1; bytes certificate = 2; }'),
ca: protobuf('message Request { required bytes certRequest = 1; required bytes signature = 2; } message Result { required bool success = 1; bytes certificate = 2; bytes fullchain = 3; }'),
dns: protobuf('message Request { required int64 time = 1; required bytes signature = 2; } message Result { required bool success = 1; }'),
discovery: protobuf('message Request { required int32 numPeers = 1; repeated bytes multiaddr = 2; } message Peer { required string id = 1; repeated bytes multiaddr = 2; } message Result { required bool success = 1; repeated Peer peers = 2; }'),
server: (conn, def, cb) => {
Expand Down Expand Up @@ -46,5 +46,12 @@ module.exports = {
cb(null, res)
})
)
},
buildCN: (id, zone) => {
id = id.replace(/([A-Z])/g, c => c.toLowerCase() + "-").split("")
let n = []
while (id.length)
n.push(id.splice(0, 60).join(""))
return n.concat([zone]).join(".")
}
}
20 changes: 14 additions & 6 deletions src/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -51,13 +51,18 @@ module.exports = class NodeTrust {
log('enabling')
this.getInfo(err => {
if (err) return cb(err)
this.getCert((err, cert) => {
this.getCert((err, cert, key, chain) => {
if (err) return cb(err)
this.cert = cert
this.chain = chain
this.key = key
if (process.env.NODETRUST_LOG_KEYS)
console.log(chain.toString() + key.toString())
this.loop(err => {
if (err) return cb(err)
this.interval = setInterval(this.loop.bind(this), 5 * 60 * 1000 - 20000).unref()
this.enabled = true
cb()
})
})
})
Expand Down Expand Up @@ -101,11 +106,14 @@ module.exports = class NodeTrust {

getCert(cb) {
log('getting certificate')
this._getCertRequest(this.info, (err, request) => {
this._getCertRequest(this.info, (err, request, key) => {
if (err) return cb(err)
this.id.privKey.sign(request, (err, sign) => {
if (err) return cb(err, sign)
this._getCert(request, sign, cb)
this._getCert(request, sign, (err, cert, chain) => {
if (err) return cb(err)
cb(null, cert, key, chain)
})
})
})
}
Expand All @@ -118,7 +126,7 @@ module.exports = class NodeTrust {
}, (err, res) => {
if (err) return cb(err)
if (!res.success || !res.certificate || !res.certificate.length) return cb(new Error('Server did not complete certificate request'))
cb(null, res.certificate)
cb(null, res.certificate, res.fullchain)
})
})
}
Expand All @@ -128,7 +136,7 @@ module.exports = class NodeTrust {
csr.publicKey = keys.publicKey
csr.setSubject([{
name: 'commonName',
value: this.id.toB58String() + "." + info.zone
value: protos.buildCN(this.id.toB58String(), info.zone)
}, {
name: 'countryName',
value: 'US'
Expand Down Expand Up @@ -170,7 +178,7 @@ module.exports = class NodeTrust {
}]
}])*/
csr.sign(keys.privateKey)
return cb(null, Buffer.from(forge.pki.certificationRequestToPem(csr)))
return cb(null, Buffer.from(forge.pki.certificationRequestToPem(csr)), Buffer.from(forge.pki.privateKeyToPem(keys.privateKey)))
}

// DNS
Expand Down

0 comments on commit 8cb15d9

Please sign in to comment.