Comment out cert generation

packages/safe-chain/src/registryProxy/certBundle.js

@@ -5,7 +5,7 @@ import path from "node:path";
 import certifi from "certifi";
 import tls from "node:tls";
 import { X509Certificate } from "node:crypto";
-import { getCaCertPath } from "./certUtils.js";
+// import { getCaCertPath } from "./certUtils.js";
 
 /**
  * Check if a PEM string contains only parsable cert blocks.
@@ -58,10 +58,10 @@ export function getCombinedCaBundlePath() {
   const parts = [];
 
   // 1) Safe Chain CA (for MITM'd registries)
-  const safeChainPath = getCaCertPath();
+  // const safeChainPath = getCaCertPath();
   try {
-    const safeChainPem = fs.readFileSync(safeChainPath, "utf8");
-    if (isParsable(safeChainPem)) parts.push(safeChainPem.trim());
+    // const safeChainPem = fs.readFileSync(safeChainPath, "utf8");
+    // if (isParsable(safeChainPem)) parts.push(safeChainPem.trim());
   } catch {
     // Ignore if Safe Chain CA is not available
   }

packages/safe-chain/src/registryProxy/certUtils.js

@@ -1,13 +1,13 @@
 import forge from "node-forge";
 import path from "path";
-import fs from "fs";
+// import fs from "fs";
 import os from "os";
 
 // @ts-ignore
 forge.options.usePureJavaScript = true;
 
 const certFolder = path.join(os.homedir(), ".safe-chain", "certs");
-const ca = loadCa();
+// const ca = loadCa();
 
 const certCache = new Map();
 
@@ -35,7 +35,7 @@ export function generateCertForHost(hostname) {
 
   const attrs = [{ name: "commonName", value: hostname }];
   cert.setSubject(attrs);
-  cert.setIssuer(ca.certificate.subject.attributes);
+  // cert.setIssuer(ca.certificate.subject.attributes);
   cert.setExtensions([
     {
       name: "subjectAltName",
@@ -62,7 +62,7 @@ export function generateCertForHost(hostname) {
       serverAuth: true,
     },
   ]);
-  cert.sign(ca.privateKey, forge.md.sha256.create());
+  // cert.sign(ca.privateKey, forge.md.sha256.create());
 
   const result = {
     privateKey: forge.pki.privateKeyToPem(keys.privateKey),
@@ -74,58 +74,58 @@ export function generateCertForHost(hostname) {
   return result;
 }
 
-function loadCa() {
-  const keyPath = path.join(certFolder, "ca-key.pem");
-  const certPath = path.join(certFolder, "ca-cert.pem");
+// function loadCa() {
+//   const keyPath = path.join(certFolder, "ca-key.pem");
+//   const certPath = path.join(certFolder, "ca-cert.pem");
 
-  if (fs.existsSync(keyPath) && fs.existsSync(certPath)) {
-    const privateKeyPem = fs.readFileSync(keyPath, "utf8");
-    const certPem = fs.readFileSync(certPath, "utf8");
-    const privateKey = forge.pki.privateKeyFromPem(privateKeyPem);
-    const certificate = forge.pki.certificateFromPem(certPem);
+//   if (fs.existsSync(keyPath) && fs.existsSync(certPath)) {
+//     const privateKeyPem = fs.readFileSync(keyPath, "utf8");
+//     const certPem = fs.readFileSync(certPath, "utf8");
+//     const privateKey = forge.pki.privateKeyFromPem(privateKeyPem);
+//     const certificate = forge.pki.certificateFromPem(certPem);
 
-    // Don't return a cert that is valid for less than 1 hour
-    const oneHourFromNow = new Date(Date.now() + 60 * 60 * 1000);
-    if (certificate.validity.notAfter > oneHourFromNow) {
-      return { privateKey, certificate };
-    }
-  }
+//     // Don't return a cert that is valid for less than 1 hour
+//     const oneHourFromNow = new Date(Date.now() + 60 * 60 * 1000);
+//     if (certificate.validity.notAfter > oneHourFromNow) {
+//       return { privateKey, certificate };
+//     }
+//   }
 
-  const { privateKey, certificate } = generateCa();
-  fs.mkdirSync(certFolder, { recursive: true });
-  fs.writeFileSync(keyPath, forge.pki.privateKeyToPem(privateKey));
-  fs.writeFileSync(certPath, forge.pki.certificateToPem(certificate));
-  return { privateKey, certificate };
-}
+//   const { privateKey, certificate } = generateCa();
+//   fs.mkdirSync(certFolder, { recursive: true });
+//   fs.writeFileSync(keyPath, forge.pki.privateKeyToPem(privateKey));
+//   fs.writeFileSync(certPath, forge.pki.certificateToPem(certificate));
+//   return { privateKey, certificate };
+// }
 
-function generateCa() {
-  const keys = forge.pki.rsa.generateKeyPair(2048);
-  const cert = forge.pki.createCertificate();
-  cert.publicKey = keys.publicKey;
-  cert.serialNumber = "01";
-  cert.validity.notBefore = new Date();
-  cert.validity.notAfter = new Date();
-  cert.validity.notAfter.setDate(cert.validity.notBefore.getDate() + 1);
+// function generateCa() {
+//   const keys = forge.pki.rsa.generateKeyPair(2048);
+//   const cert = forge.pki.createCertificate();
+//   cert.publicKey = keys.publicKey;
+//   cert.serialNumber = "01";
+//   cert.validity.notBefore = new Date();
+//   cert.validity.notAfter = new Date();
+//   cert.validity.notAfter.setDate(cert.validity.notBefore.getDate() + 1);
 
-  const attrs = [{ name: "commonName", value: "safe-chain proxy" }];
-  cert.setSubject(attrs);
-  cert.setIssuer(attrs);
-  cert.setExtensions([
-    {
-      name: "basicConstraints",
-      cA: true,
-    },
-    {
-      name: "keyUsage",
-      keyCertSign: true,
-      digitalSignature: true,
-      keyEncipherment: true,
-    },
-  ]);
-  cert.sign(keys.privateKey, forge.md.sha256.create());
+//   const attrs = [{ name: "commonName", value: "safe-chain proxy" }];
+//   cert.setSubject(attrs);
+//   cert.setIssuer(attrs);
+//   cert.setExtensions([
+//     {
+//       name: "basicConstraints",
+//       cA: true,
+//     },
+//     {
+//       name: "keyUsage",
+//       keyCertSign: true,
+//       digitalSignature: true,
+//       keyEncipherment: true,
+//     },
+//   ]);
+//   cert.sign(keys.privateKey, forge.md.sha256.create());
 
-  return {
-    privateKey: keys.privateKey,
-    certificate: cert,
-  };
-}
+//   return {
+//     privateKey: keys.privateKey,
+//     certificate: cert,
+//   };
+// }