milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Another iteration

Browse source
This commit is contained in:
Reinier Criel 2025-11-27 14:00:34 -08:00
parent 7ddeb9025b
commit d863cc6920
2 changed files with 7 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

45
packages/safe-chain/src/registryProxy/certUtils.js
View file

@ -4,19 +4,7 @@ import fs from "fs";
import os from "os"; import os from "os";
const certFolder = path.join(os.homedir(), ".safe-chain", "certs"); const certFolder = path.join(os.homedir(), ".safe-chain", "certs");
/** @type {null | {certificate: any, privateKey: any}} */ const ca = loadCa();
let ca = null;
/**
* Get the CA certificate, loading it lazily on first access.
* @returns {{certificate: any, privateKey: any}}
*/
function getCa() {
if (!ca) {
ca = loadCa();
}
return ca;
}
const certCache = new Map(); const certCache = new Map();
@ -32,16 +20,7 @@ function createKeyIdentifier(publicKey) {
} }
export function getCaCertPath() { export function getCaCertPath() {
// Ensure CA is loaded and files are written when cert path is requested return path.join(certFolder, "ca-cert.pem");
getCa();
const certPath = path.join(certFolder, "ca-cert.pem");
// Ensure the file exists (in case lazy loading just happened)
if (!fs.existsSync(certPath)) {
throw new Error(`CA certificate file not found at ${certPath}. This should not happen.`);
}
return certPath;
} }
/** /**
@ -64,10 +43,8 @@ export function generateCertForHost(hostname) {
const attrs = [{ name: "commonName", value: hostname }]; const attrs = [{ name: "commonName", value: hostname }];
cert.setSubject(attrs); cert.setSubject(attrs);
cert.setIssuer(ca.certificate.subject.attributes);
const certAuthority = getCa(); const authorityKeyIdentifier = createKeyIdentifier(ca.certificate.publicKey);
cert.setIssuer(certAuthority.certificate.subject.attributes);
const authorityKeyIdentifier = createKeyIdentifier(certAuthority.certificate.publicKey);
cert.setExtensions([ cert.setExtensions([
{ {
name: "subjectAltName", name: "subjectAltName",
@ -122,7 +99,7 @@ export function generateCertForHost(hostname) {
keyIdentifier: authorityKeyIdentifier, keyIdentifier: authorityKeyIdentifier,
}, },
]); ]);
cert.sign(certAuthority.privateKey, forge.md.sha256.create()); cert.sign(ca.privateKey, forge.md.sha256.create());
const result = { const result = {
privateKey: forge.pki.privateKeyToPem(keys.privateKey), privateKey: forge.pki.privateKeyToPem(keys.privateKey),
@ -172,17 +149,7 @@ function loadCa() {
} }
const { privateKey, certificate } = generateCa(existingPrivateKey || undefined); const { privateKey, certificate } = generateCa(existingPrivateKey || undefined);
fs.mkdirSync(certFolder, { recursive: true });
// Ensure directory exists before writing files
try {
fs.mkdirSync(certFolder, { recursive: true });
} catch (error) {
// Directory might already exist or there's a permission issue
if (/** @type {any} */(error).code !== 'EEXIST') {
throw error;
}
}
fs.writeFileSync(keyPath, forge.pki.privateKeyToPem(privateKey)); fs.writeFileSync(keyPath, forge.pki.privateKeyToPem(privateKey));
fs.writeFileSync(certPath, forge.pki.certificateToPem(certificate)); fs.writeFileSync(certPath, forge.pki.certificateToPem(certificate));

2
packages/safe-chain/src/registryProxy/registryProxy.mitm.spec.js
View file

@ -1,4 +1,4 @@
import { before, after, describe, it, beforeEach } from "node:test"; import { before, after, describe, it } from "node:test";
import assert from "node:assert"; import assert from "node:assert";
import net from "net"; import net from "net";
import tls from "tls"; import tls from "tls";