diff --git a/packages/safe-chain/src/registryProxy/certBundle.js b/packages/safe-chain/src/registryProxy/certBundle.js index 956279d..9b36c80 100644 --- a/packages/safe-chain/src/registryProxy/certBundle.js +++ b/packages/safe-chain/src/registryProxy/certBundle.js @@ -5,7 +5,7 @@ import path from "node:path"; import certifi from "certifi"; import tls from "node:tls"; import { X509Certificate } from "node:crypto"; -import { getCaCertPath } from "./certUtils.js"; +// import { getCaCertPath } from "./certUtils.js"; /** * Check if a PEM string contains only parsable cert blocks. @@ -58,10 +58,10 @@ export function getCombinedCaBundlePath() { const parts = []; // 1) Safe Chain CA (for MITM'd registries) - const safeChainPath = getCaCertPath(); + // const safeChainPath = getCaCertPath(); try { - const safeChainPem = fs.readFileSync(safeChainPath, "utf8"); - if (isParsable(safeChainPem)) parts.push(safeChainPem.trim()); + // const safeChainPem = fs.readFileSync(safeChainPath, "utf8"); + // if (isParsable(safeChainPem)) parts.push(safeChainPem.trim()); } catch { // Ignore if Safe Chain CA is not available } diff --git a/packages/safe-chain/src/registryProxy/certUtils.js b/packages/safe-chain/src/registryProxy/certUtils.js index 178f764..c8f46d6 100644 --- a/packages/safe-chain/src/registryProxy/certUtils.js +++ b/packages/safe-chain/src/registryProxy/certUtils.js @@ -1,13 +1,13 @@ import forge from "node-forge"; import path from "path"; -import fs from "fs"; +// import fs from "fs"; import os from "os"; // @ts-ignore forge.options.usePureJavaScript = true; const certFolder = path.join(os.homedir(), ".safe-chain", "certs"); -const ca = loadCa(); +// const ca = loadCa(); const certCache = new Map(); @@ -35,7 +35,7 @@ export function generateCertForHost(hostname) { const attrs = [{ name: "commonName", value: hostname }]; cert.setSubject(attrs); - cert.setIssuer(ca.certificate.subject.attributes); + // cert.setIssuer(ca.certificate.subject.attributes); cert.setExtensions([ { name: "subjectAltName", @@ -62,7 +62,7 @@ export function generateCertForHost(hostname) { serverAuth: true, }, ]); - cert.sign(ca.privateKey, forge.md.sha256.create()); + // cert.sign(ca.privateKey, forge.md.sha256.create()); const result = { privateKey: forge.pki.privateKeyToPem(keys.privateKey), @@ -74,58 +74,58 @@ export function generateCertForHost(hostname) { return result; } -function loadCa() { - const keyPath = path.join(certFolder, "ca-key.pem"); - const certPath = path.join(certFolder, "ca-cert.pem"); +// function loadCa() { +// const keyPath = path.join(certFolder, "ca-key.pem"); +// const certPath = path.join(certFolder, "ca-cert.pem"); - if (fs.existsSync(keyPath) && fs.existsSync(certPath)) { - const privateKeyPem = fs.readFileSync(keyPath, "utf8"); - const certPem = fs.readFileSync(certPath, "utf8"); - const privateKey = forge.pki.privateKeyFromPem(privateKeyPem); - const certificate = forge.pki.certificateFromPem(certPem); +// if (fs.existsSync(keyPath) && fs.existsSync(certPath)) { +// const privateKeyPem = fs.readFileSync(keyPath, "utf8"); +// const certPem = fs.readFileSync(certPath, "utf8"); +// const privateKey = forge.pki.privateKeyFromPem(privateKeyPem); +// const certificate = forge.pki.certificateFromPem(certPem); - // Don't return a cert that is valid for less than 1 hour - const oneHourFromNow = new Date(Date.now() + 60 * 60 * 1000); - if (certificate.validity.notAfter > oneHourFromNow) { - return { privateKey, certificate }; - } - } +// // Don't return a cert that is valid for less than 1 hour +// const oneHourFromNow = new Date(Date.now() + 60 * 60 * 1000); +// if (certificate.validity.notAfter > oneHourFromNow) { +// return { privateKey, certificate }; +// } +// } - const { privateKey, certificate } = generateCa(); - fs.mkdirSync(certFolder, { recursive: true }); - fs.writeFileSync(keyPath, forge.pki.privateKeyToPem(privateKey)); - fs.writeFileSync(certPath, forge.pki.certificateToPem(certificate)); - return { privateKey, certificate }; -} +// const { privateKey, certificate } = generateCa(); +// fs.mkdirSync(certFolder, { recursive: true }); +// fs.writeFileSync(keyPath, forge.pki.privateKeyToPem(privateKey)); +// fs.writeFileSync(certPath, forge.pki.certificateToPem(certificate)); +// return { privateKey, certificate }; +// } -function generateCa() { - const keys = forge.pki.rsa.generateKeyPair(2048); - const cert = forge.pki.createCertificate(); - cert.publicKey = keys.publicKey; - cert.serialNumber = "01"; - cert.validity.notBefore = new Date(); - cert.validity.notAfter = new Date(); - cert.validity.notAfter.setDate(cert.validity.notBefore.getDate() + 1); +// function generateCa() { +// const keys = forge.pki.rsa.generateKeyPair(2048); +// const cert = forge.pki.createCertificate(); +// cert.publicKey = keys.publicKey; +// cert.serialNumber = "01"; +// cert.validity.notBefore = new Date(); +// cert.validity.notAfter = new Date(); +// cert.validity.notAfter.setDate(cert.validity.notBefore.getDate() + 1); - const attrs = [{ name: "commonName", value: "safe-chain proxy" }]; - cert.setSubject(attrs); - cert.setIssuer(attrs); - cert.setExtensions([ - { - name: "basicConstraints", - cA: true, - }, - { - name: "keyUsage", - keyCertSign: true, - digitalSignature: true, - keyEncipherment: true, - }, - ]); - cert.sign(keys.privateKey, forge.md.sha256.create()); +// const attrs = [{ name: "commonName", value: "safe-chain proxy" }]; +// cert.setSubject(attrs); +// cert.setIssuer(attrs); +// cert.setExtensions([ +// { +// name: "basicConstraints", +// cA: true, +// }, +// { +// name: "keyUsage", +// keyCertSign: true, +// digitalSignature: true, +// keyEncipherment: true, +// }, +// ]); +// cert.sign(keys.privateKey, forge.md.sha256.create()); - return { - privateKey: keys.privateKey, - certificate: cert, - }; -} +// return { +// privateKey: keys.privateKey, +// certificate: cert, +// }; +// }