feat: Use hshca in domains

mkg20001 · Oct 30, 2017 · e491097 · e491097
1 parent debdaed
commit e491097
Show file tree

Hide file tree

Showing 8 changed files with 84 additions and 70 deletions.
diff --git a/package.json b/package.json
@@ -29,6 +29,8 @@
     "libp2p-websockets": "github:libp2p/js-libp2p-websockets#pass-options"
   },
   "dependencies": {
+    "base32-encode": "^0.1.0",
+    "multihashing-async": "^0.4.7",
     "node-forge": "^0.7.1",
     "protons": "^1.0.0"
   }

diff --git a/server/genca.sh b/server/genca.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-openssl req -subj '/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org' -new -nodes -x509 -days 3650 -extensions v3_ca -keyout cakey.pem -out cacert.pem
+openssl req -subj '/C=US/ST=Oregon/L=Portland/O=Libp2p Nodetrust DEV/OU=Org' -new -nodes -x509 -days 3650 -extensions v3_ca -keyout cakey.pem -out cacert.pem
 openssl x509 -in cacert.pem -inform PEM -out ca.crt
 
 # to install ca

diff --git a/server/package.json b/server/package.json
@@ -20,6 +20,7 @@
     "libp2p-secio": "^0.8.1",
     "libp2p-spdy": "^0.11.0",
     "libp2p-tcp": "^0.11.1",
+    "multihashing-async": "^0.4.7",
     "node-forge": "^0.7.1",
     "protons": "^1.0.0"
   }

diff --git a/server/src/ca/index.js b/server/src/ca/index.js
@@ -29,12 +29,15 @@ module.exports = (swarm, config) => {
         log('incomming certificate request from', pi.id.toB58String())
         id.pubKey.verify(data.certRequest, data.signature, (err, ok) => {
           if (err || !ok) return cb(err)
-          ca.doCertRequest(data.certRequest, id, swarm.getCN(id), data.signature, (err, certificate, fullchain) => {
+          swarm.getCN(id, (err, cn) => {
             if (err) return cb(err)
-            return respond({
-              success: true,
-              certificate,
-              fullchain
+            ca.doCertRequest(data.certRequest, id, cn, data.signature, (err, certificate, fullchain) => {
+              if (err) return cb(err)
+              return respond({
+                success: true,
+                certificate,
+                fullchain
+              })
             })
           })
         })

diff --git a/server/src/dns/index.js b/server/src/dns/index.js
@@ -37,18 +37,21 @@ module.exports = (swarm, config) => {
           if (err || !ok) return cb(err)
           conn.getObservedAddrs((err, addr) => {
             if (err) return cb(err)
-            const dns = swarm.getCN(id) + "."
-            const ips = addr.map(addr => addr.toString()).filter(addr => addr.startsWith("/ip")).map(addr => {
-              const s = addr.split("/")
-              return {
-                dns,
-                type: toDNS[s[1]],
-                value: s[2]
-              }
-            })
-            console.log(ips) //TODO: add dns updates
-            return respond({
-              success: true
+            swarm.getCN(id, (err, dns) => {
+              if (err) return cb(err)
+              dns += "."
+              const ips = addr.map(addr => addr.toString()).filter(addr => addr.startsWith("/ip")).map(addr => {
+                const s = addr.split("/")
+                return {
+                  dns,
+                  type: toDNS[s[1]],
+                  value: s[2]
+                }
+              })
+              console.log(ips) //TODO: add dns updates
+              return respond({
+                success: true
+              })
             })
           })
         })

diff --git a/server/src/index.js b/server/src/index.js
@@ -41,9 +41,9 @@ module.exports = function NodetrustServer(config) {
   }, peer)
 
   swarm.zone = config.zone
-  swarm.getCN = id => {
+  swarm.getCN = (id, cb) => {
     if (id.toB58String) id = id.toB58String()
-    return protos.buildCN(id, swarm.zone)
+    return protos.buildCN(id, swarm.zone, cb)
   }
 
   require("./ca")(swarm, config.ca)

diff --git a/server/src/protos.js b/server/src/protos.js
@@ -5,6 +5,8 @@ const pull = require('pull-stream')
 const debug = require('debug')
 const log = debug('error')
 const once = require('once')
+const multihashing = require('multihashing-async')
+const base32Encode = require('base32-encode')
 
 module.exports = {
   info: protobuf('message Request { } message Result { required string zone = 1; }'),
@@ -47,11 +49,11 @@ module.exports = {
       })
     )
   },
-  buildCN: (id, zone) => {
-    id = id.replace(/([A-Z])/g, c => c.toLowerCase() + "-").split("")
-    let n = []
-    while (id.length)
-      n.push(id.splice(0, 60).join(""))
-    return n.concat([zone]).join(".")
+  buildCN: (id, zone, cb) => {
+    multihashing(Buffer.from(id), 'sha2-256', (err, digest) => {
+      if (err) return cb(err)
+      id = base32Encode(digest, 'RFC4648').replace(/=/g, '').toLowerCase()
+      cb(null, id + "." + zone)
+    })
   }
 }
diff --git a/src/index.js b/src/index.js
@@ -134,51 +134,54 @@ module.exports = class NodeTrust {
     const keys = forge.pki.rsa.generateKeyPair(1024) //TODO: use bigger key and generate async
     const csr = forge.pki.createCertificationRequest()
     csr.publicKey = keys.publicKey
-    csr.setSubject([{
-      name: 'commonName',
-      value: protos.buildCN(this.id.toB58String(), info.zone)
-    }, {
-      name: 'countryName',
-      value: 'US'
-    }, {
-      shortName: 'ST',
-      value: 'Virginia'
-    }, {
-      name: 'localityName',
-      value: 'Blacksburg'
-    }, {
-      name: 'organizationName',
-      value: 'Test'
-    }, {
-      shortName: 'OU',
-      value: 'Test'
-    }])
-    // set (optional) attributes
-    /*csr.setAttributes([{
-      name: 'challengePassword',
-      value: 'password'
-    }, {
-      name: 'unstructuredName',
-      value: 'My Company, Inc.'
-    }, {
-      name: 'extensionRequest',
-      extensions: [{
-        name: 'subjectAltName',
-        altNames: [{
-          // 2 is DNS type
-          type: 2,
-          value: 'test.domain.com'
-        }, {
-          type: 2,
-          value: 'other.domain.com',
-        }, {
-          type: 2,
-          value: 'www.domain.net'
+    protos.buildCN(this.id.toB58String(), info.zone, (err, cn) => {
+      if (err) return cb(err)
+      csr.setSubject([{
+        name: 'commonName',
+        value: cn
+      }, {
+        name: 'countryName',
+        value: 'US'
+      }, {
+        shortName: 'ST',
+        value: 'Virginia'
+      }, {
+        name: 'localityName',
+        value: 'Blacksburg'
+      }, {
+        name: 'organizationName',
+        value: 'Libp2p'
+      }, {
+        shortName: 'OU',
+        value: this.id.toB58String()
+      }])
+      // set (optional) attributes
+      /*csr.setAttributes([{
+        name: 'challengePassword',
+        value: 'password'
+      }, {
+        name: 'unstructuredName',
+        value: 'My Company, Inc.'
+      }, {
+        name: 'extensionRequest',
+        extensions: [{
+          name: 'subjectAltName',
+          altNames: [{
+            // 2 is DNS type
+            type: 2,
+            value: 'test.domain.com'
+          }, {
+            type: 2,
+            value: 'other.domain.com',
+          }, {
+            type: 2,
+            value: 'www.domain.net'
+          }]
         }]
-      }]
-    }])*/
-    csr.sign(keys.privateKey)
-    return cb(null, Buffer.from(forge.pki.certificationRequestToPem(csr)), Buffer.from(forge.pki.privateKeyToPem(keys.privateKey)))
+      }])*/
+      csr.sign(keys.privateKey)
+      return cb(null, Buffer.from(forge.pki.certificationRequestToPem(csr)), Buffer.from(forge.pki.privateKeyToPem(keys.privateKey)))
+    })
   }
 
   // DNS