mirror of
https://github.com/AikidoSec/safe-chain.git
synced 2026-05-26 12:10:49 +00:00
Comment out cert generation
This commit is contained in:
Sander Declerck
parent
ec9a266164
commit
51616dda77
2 changed files with 57 additions and 57 deletions
|
|
@ -5,7 +5,7 @@ import path from "node:path";
|
||||||
import certifi from "certifi";
|
import certifi from "certifi";
|
||||||
import tls from "node:tls";
|
import tls from "node:tls";
|
||||||
import { X509Certificate } from "node:crypto";
|
import { X509Certificate } from "node:crypto";
|
||||||
import { getCaCertPath } from "./certUtils.js";
|
// import { getCaCertPath } from "./certUtils.js";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check if a PEM string contains only parsable cert blocks.
|
* Check if a PEM string contains only parsable cert blocks.
|
||||||
|
|
@ -58,10 +58,10 @@ export function getCombinedCaBundlePath() {
|
||||||
const parts = [];
|
const parts = [];
|
||||||
|
|
||||||
// 1) Safe Chain CA (for MITM'd registries)
|
// 1) Safe Chain CA (for MITM'd registries)
|
||||||
const safeChainPath = getCaCertPath();
|
// const safeChainPath = getCaCertPath();
|
||||||
try {
|
try {
|
||||||
const safeChainPem = fs.readFileSync(safeChainPath, "utf8");
|
// const safeChainPem = fs.readFileSync(safeChainPath, "utf8");
|
||||||
if (isParsable(safeChainPem)) parts.push(safeChainPem.trim());
|
// if (isParsable(safeChainPem)) parts.push(safeChainPem.trim());
|
||||||
} catch {
|
} catch {
|
||||||
// Ignore if Safe Chain CA is not available
|
// Ignore if Safe Chain CA is not available
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,13 +1,13 @@
|
||||||
import forge from "node-forge";
|
import forge from "node-forge";
|
||||||
import path from "path";
|
import path from "path";
|
||||||
import fs from "fs";
|
// import fs from "fs";
|
||||||
import os from "os";
|
import os from "os";
|
||||||
|
|
||||||
// @ts-ignore
|
// @ts-ignore
|
||||||
forge.options.usePureJavaScript = true;
|
forge.options.usePureJavaScript = true;
|
||||||
|
|
||||||
const certFolder = path.join(os.homedir(), ".safe-chain", "certs");
|
const certFolder = path.join(os.homedir(), ".safe-chain", "certs");
|
||||||
const ca = loadCa();
|
// const ca = loadCa();
|
||||||
|
|
||||||
const certCache = new Map();
|
const certCache = new Map();
|
||||||
|
|
||||||
|
|
@ -35,7 +35,7 @@ export function generateCertForHost(hostname) {
|
||||||
|
|
||||||
const attrs = [{ name: "commonName", value: hostname }];
|
const attrs = [{ name: "commonName", value: hostname }];
|
||||||
cert.setSubject(attrs);
|
cert.setSubject(attrs);
|
||||||
cert.setIssuer(ca.certificate.subject.attributes);
|
// cert.setIssuer(ca.certificate.subject.attributes);
|
||||||
cert.setExtensions([
|
cert.setExtensions([
|
||||||
{
|
{
|
||||||
name: "subjectAltName",
|
name: "subjectAltName",
|
||||||
|
|
@ -62,7 +62,7 @@ export function generateCertForHost(hostname) {
|
||||||
serverAuth: true,
|
serverAuth: true,
|
||||||
},
|
},
|
||||||
]);
|
]);
|
||||||
cert.sign(ca.privateKey, forge.md.sha256.create());
|
// cert.sign(ca.privateKey, forge.md.sha256.create());
|
||||||
|
|
||||||
const result = {
|
const result = {
|
||||||
privateKey: forge.pki.privateKeyToPem(keys.privateKey),
|
privateKey: forge.pki.privateKeyToPem(keys.privateKey),
|
||||||
|
|
@ -74,58 +74,58 @@ export function generateCertForHost(hostname) {
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
function loadCa() {
|
// function loadCa() {
|
||||||
const keyPath = path.join(certFolder, "ca-key.pem");
|
// const keyPath = path.join(certFolder, "ca-key.pem");
|
||||||
const certPath = path.join(certFolder, "ca-cert.pem");
|
// const certPath = path.join(certFolder, "ca-cert.pem");
|
||||||
|
|
||||||
if (fs.existsSync(keyPath) && fs.existsSync(certPath)) {
|
// if (fs.existsSync(keyPath) && fs.existsSync(certPath)) {
|
||||||
const privateKeyPem = fs.readFileSync(keyPath, "utf8");
|
// const privateKeyPem = fs.readFileSync(keyPath, "utf8");
|
||||||
const certPem = fs.readFileSync(certPath, "utf8");
|
// const certPem = fs.readFileSync(certPath, "utf8");
|
||||||
const privateKey = forge.pki.privateKeyFromPem(privateKeyPem);
|
// const privateKey = forge.pki.privateKeyFromPem(privateKeyPem);
|
||||||
const certificate = forge.pki.certificateFromPem(certPem);
|
// const certificate = forge.pki.certificateFromPem(certPem);
|
||||||
|
|
||||||
// Don't return a cert that is valid for less than 1 hour
|
// // Don't return a cert that is valid for less than 1 hour
|
||||||
const oneHourFromNow = new Date(Date.now() + 60 * 60 * 1000);
|
// const oneHourFromNow = new Date(Date.now() + 60 * 60 * 1000);
|
||||||
if (certificate.validity.notAfter > oneHourFromNow) {
|
// if (certificate.validity.notAfter > oneHourFromNow) {
|
||||||
return { privateKey, certificate };
|
// return { privateKey, certificate };
|
||||||
}
|
// }
|
||||||
}
|
// }
|
||||||
|
|
||||||
const { privateKey, certificate } = generateCa();
|
// const { privateKey, certificate } = generateCa();
|
||||||
fs.mkdirSync(certFolder, { recursive: true });
|
// fs.mkdirSync(certFolder, { recursive: true });
|
||||||
fs.writeFileSync(keyPath, forge.pki.privateKeyToPem(privateKey));
|
// fs.writeFileSync(keyPath, forge.pki.privateKeyToPem(privateKey));
|
||||||
fs.writeFileSync(certPath, forge.pki.certificateToPem(certificate));
|
// fs.writeFileSync(certPath, forge.pki.certificateToPem(certificate));
|
||||||
return { privateKey, certificate };
|
// return { privateKey, certificate };
|
||||||
}
|
// }
|
||||||
|
|
||||||
function generateCa() {
|
// function generateCa() {
|
||||||
const keys = forge.pki.rsa.generateKeyPair(2048);
|
// const keys = forge.pki.rsa.generateKeyPair(2048);
|
||||||
const cert = forge.pki.createCertificate();
|
// const cert = forge.pki.createCertificate();
|
||||||
cert.publicKey = keys.publicKey;
|
// cert.publicKey = keys.publicKey;
|
||||||
cert.serialNumber = "01";
|
// cert.serialNumber = "01";
|
||||||
cert.validity.notBefore = new Date();
|
// cert.validity.notBefore = new Date();
|
||||||
cert.validity.notAfter = new Date();
|
// cert.validity.notAfter = new Date();
|
||||||
cert.validity.notAfter.setDate(cert.validity.notBefore.getDate() + 1);
|
// cert.validity.notAfter.setDate(cert.validity.notBefore.getDate() + 1);
|
||||||
|
|
||||||
const attrs = [{ name: "commonName", value: "safe-chain proxy" }];
|
// const attrs = [{ name: "commonName", value: "safe-chain proxy" }];
|
||||||
cert.setSubject(attrs);
|
// cert.setSubject(attrs);
|
||||||
cert.setIssuer(attrs);
|
// cert.setIssuer(attrs);
|
||||||
cert.setExtensions([
|
// cert.setExtensions([
|
||||||
{
|
// {
|
||||||
name: "basicConstraints",
|
// name: "basicConstraints",
|
||||||
cA: true,
|
// cA: true,
|
||||||
},
|
// },
|
||||||
{
|
// {
|
||||||
name: "keyUsage",
|
// name: "keyUsage",
|
||||||
keyCertSign: true,
|
// keyCertSign: true,
|
||||||
digitalSignature: true,
|
// digitalSignature: true,
|
||||||
keyEncipherment: true,
|
// keyEncipherment: true,
|
||||||
},
|
// },
|
||||||
]);
|
// ]);
|
||||||
cert.sign(keys.privateKey, forge.md.sha256.create());
|
// cert.sign(keys.privateKey, forge.md.sha256.create());
|
||||||
|
|
||||||
return {
|
// return {
|
||||||
privateKey: keys.privateKey,
|
// privateKey: keys.privateKey,
|
||||||
certificate: cert,
|
// certificate: cert,
|
||||||
};
|
// };
|
||||||
}
|
// }
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue