First Pass at Supporting Self-Signed CAs

Signed-off-by: hfuss <[email protected]>

Author: onelapahead

src/app.ts

@@ -24,7 +24,7 @@ import YAML from 'yamljs';
 import { eventEmitter as blobsEventEmitter } from './handlers/blobs';
 import * as eventsHandler from './handlers/events';
 import { eventEmitter as messagesEventEmitter } from './handlers/messages';
-import { genTLSContext, init as initCert, loadCAs } from './lib/cert';
+import { genTLSContext, init as initCert, loadPeerCAs } from './lib/cert';
 import { config, init as initConfig } from './lib/config';
 import { Logger } from './lib/logger';
 import RequestError, { errorHandler } from './lib/request-error';
@@ -43,7 +43,7 @@ let wss : WebSocket.Server
 let delegatedWebSocket: WebSocket | undefined = undefined;
 
 export const refreshCACerts = async () => {
-  await loadCAs()
+  await loadPeerCAs()
   p2pServer.setSecureContext(genTLSContext())
 };
 setRefreshCACerts(refreshCACerts)

src/lib/cert.ts

@@ -23,20 +23,38 @@ const log = new Logger('lib/certs.ts')
 
 export let key: string;
 export let cert: string;
+export let certBundle: string;
 export let ca: string[] = [];
 export let peerID: string;
 
 export const init = async () => {
   log.debug("Reading key file");
   key = (await fs.readFile(path.join(utils.constants.DATA_DIRECTORY, utils.constants.KEY_FILE))).toString();
+  log.debug("Loaded key");
   log.debug("Reading cert file");
   cert = (await fs.readFile(path.join(utils.constants.DATA_DIRECTORY, utils.constants.CERT_FILE))).toString();
+
+  log.debug("Loaded cert");
+  log.debug(cert);
+
+  log.debug("Deriving peer ID from cert");
   const certData = utils.getCertData(cert);
   peerID = utils.getPeerID(certData.organization, certData.organizationUnit);
-  await loadCAs();
+
+  let caCertPath = path.join(utils.constants.DATA_DIRECTORY, utils.constants.CA_FILE);
+  if (await utils.fileExists(caCertPath)) {
+    log.debug("Reading CA file");
+    certBundle = (await fs.readFile(caCertPath)).toString() + cert;
+    log.debug("Loaded CA + cert");
+    log.debug(certBundle);
+  } else {
+    certBundle = cert;
+  }
+
+  await loadPeerCAs();
 };
 
-export const loadCAs = async () => {
+export const loadPeerCAs = async () => {
   const peerCertsPath = path.join(utils.constants.DATA_DIRECTORY, utils.constants.PEER_CERTS_SUBDIRECTORY);
   log.debug(`Reading peer CAs from ${peerCertsPath}`);
   const peerCerts = await fs.readdir(peerCertsPath);
@@ -49,6 +67,10 @@ export const loadCAs = async () => {
     }
   }
   log.debug(`Loaded ${ca.length} peer certificate(s)`);
+  for (const caCert of ca) {
+    log.debug("Outputting CA cert");
+    log.debug(caCert);
+  }
 };
 
 export const genTLSContext = () => {

src/routers/api.ts

@@ -22,7 +22,7 @@ import { v4 as uuidV4 } from 'uuid';
 import * as blobsHandler from '../handlers/blobs';
 import * as eventsHandler from '../handlers/events';
 import * as messagesHandler from '../handlers/messages';
-import { ca, cert, key, peerID } from '../lib/cert';
+import { ca, cert, certBundle, key, peerID } from '../lib/cert';
 import { config, persistPeers } from '../lib/config';
 import { IStatus } from '../lib/interfaces';
 import RequestError from '../lib/request-error';
@@ -41,7 +41,7 @@ router.get('/id', async (_req, res, next) => {
     res.send({
       id: peerID,
       endpoint: config.p2p.endpoint ?? `https://${config.p2p.hostname}:${config.p2p.port}`,
-      cert 
+      cert: certBundle
     });
   } catch (err) {
     next(err);