From 78ed8ab46c15f57bb7ea3e87a9ec05fb349ac843 Mon Sep 17 00:00:00 2001 From: Dima Date: Fri, 19 Feb 2021 12:21:13 +0300 Subject: [PATCH] delete trust-graph (#22) --- src/__test__/integration/client.spec.ts | 66 +-------------- src/internal/trust/certificate.ts | 107 ------------------------ src/internal/trust/misc.ts | 36 -------- src/internal/trust/trust.ts | 90 -------------------- src/internal/trust/trust_graph.ts | 72 ---------------- 5 files changed, 1 insertion(+), 370 deletions(-) delete mode 100644 src/internal/trust/certificate.ts delete mode 100644 src/internal/trust/misc.ts delete mode 100644 src/internal/trust/trust.ts delete mode 100644 src/internal/trust/trust_graph.ts diff --git a/src/__test__/integration/client.spec.ts b/src/__test__/integration/client.spec.ts index 7a14a5dd..df554a0b 100644 --- a/src/__test__/integration/client.spec.ts +++ b/src/__test__/integration/client.spec.ts @@ -1,10 +1,7 @@ import { encode } from 'bs58'; -import { certificateFromString, certificateToString, issue } from '../../internal/trust/certificate'; -import { TrustGraph } from '../../internal/trust/trust_graph'; -import { nodeRootCert } from '../../internal/trust/misc'; import { generatePeerId, peerIdToSeed, seedToPeerId } from '../../internal/peerIdUtils'; import { FluenceClientImpl } from '../../internal/FluenceClientImpl'; -import { createConnectedClient, createLocalClient } from '../util'; +import { createConnectedClient } from '../util'; import log from 'loglevel'; import { createClient } from '../../api'; import Multiaddr from 'multiaddr'; @@ -22,28 +19,6 @@ describe('Typescript usage suite', () => { expect(peerIdToSeed(pid)).toEqual(seedStr); }); - it('should serialize and deserialize certificate correctly', async function () { - let cert = `11 -1111 -5566Dn4ZXXbBK5LJdUsE7L3pG9qdAzdPY47adjzkhEx9 -3HNXpW2cLdqXzf4jz5EhsGEBFkWzuVdBCyxzJUZu2WPVU7kpzPjatcqvdJMjTtcycVAdaV5qh2fCGphSmw8UMBkr -158981172690500 -1589974723504 -2EvoZAZaGjKWFVdr36F1jphQ5cW7eK3yM16mqEHwQyr7 -4UAJQWzB3nTchBtwARHAhsn7wjdYtqUHojps9xV6JkuLENV8KRiWM3BhQByx5KijumkaNjr7MhHjouLawmiN1A4d -1590061123504 -1589974723504`; - - let deser = await certificateFromString(cert); - let ser = certificateToString(deser); - - expect(ser).toEqual(cert); - }); - - it.skip('should perform tests on certs', async function () { - await testCerts(); - }); - describe('should make connection to network', function () { const testProcedure = async (client: FluenceClientImpl) => { let resMakingPromise = new Promise((resolve) => { @@ -290,42 +265,3 @@ describe('Typescript usage suite', () => { }); }); }); - -export async function testCerts() { - const key1 = await generatePeerId(); - const key2 = await generatePeerId(); - - // connect to two different nodes - const cl1 = new FluenceClientImpl(key1); - const cl2 = new FluenceClientImpl(key2); - - await cl1.connect('/dns4/134.209.186.43/tcp/9003/ws/p2p/12D3KooWBUJifCTgaxAUrcM9JysqCcS4CS8tiYH5hExbdWCAoNwb'); - await cl2.connect('/ip4/134.209.186.43/tcp/9002/ws/p2p/12D3KooWHk9BjDQBUqnavciRPhAYFvqKBe4ZiPPvde7vDaqgn5er'); - - let trustGraph1 = new TrustGraph(/* cl1 */); - let trustGraph2 = new TrustGraph(/* cl2 */); - - let issuedAt = new Date(); - let expiresAt = new Date(); - // certificate expires after one day - expiresAt.setDate(new Date().getDate() + 1); - - // create root certificate for key1 and extend it with key2 - let rootCert = await nodeRootCert(key1); - let extended = await issue(key1, key2, rootCert, expiresAt.getTime(), issuedAt.getTime()); - - // publish certificates to Fluence network - await trustGraph1.publishCertificates(key2.toB58String(), [extended]); - - // get certificates from network - let certs = await trustGraph2.getCertificates(key2.toB58String()); - - // root certificate could be different because nodes save trusts with bigger `expiresAt` date and less `issuedAt` date - expect(certs[0].chain[1].issuedFor.toB58String()).toEqual(extended.chain[1].issuedFor.toB58String()); - expect(certs[0].chain[1].signature).toEqual(extended.chain[1].signature); - expect(certs[0].chain[1].expiresAt).toEqual(extended.chain[1].expiresAt); - expect(certs[0].chain[1].issuedAt).toEqual(extended.chain[1].issuedAt); - - await cl1.disconnect(); - await cl2.disconnect(); -} diff --git a/src/internal/trust/certificate.ts b/src/internal/trust/certificate.ts deleted file mode 100644 index d393e338..00000000 --- a/src/internal/trust/certificate.ts +++ /dev/null @@ -1,107 +0,0 @@ -/* - * Copyright 2020 Fluence Labs Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -import { createTrust, Trust, trustFromString, trustToString } from './trust'; -import * as PeerId from 'peer-id'; - -const FORMAT = '11'; -const VERSION = '1111'; - -// TODO verify certificate -// Chain of trusts started from self-signed root trust. -export interface Certificate { - chain: Trust[]; -} - -export function certificateToString(cert: Certificate): string { - let certStr = cert.chain.map((t) => trustToString(t)).join('\n'); - return `${FORMAT}\n${VERSION}\n${certStr}`; -} - -export async function certificateFromString(str: string): Promise { - let lines = str.split('\n'); - // last line could be empty - if (!lines[lines.length - 1]) { - lines.pop(); - } - - // TODO do match different formats and versions - let _format = lines[0]; - let _version = lines[1]; - - // every trust is 4 lines, certificate lines number without format and version should be divided by 4 - if ((lines.length - 2) % 4 !== 0) { - throw Error('Incorrect format of the certificate:\n' + str); - } - - let chain: Trust[] = []; - - let i; - for (i = 2; i < lines.length; i = i + 4) { - chain.push(await trustFromString(lines[i], lines[i + 1], lines[i + 2], lines[i + 3])); - } - - return { chain }; -} - -// Creates new certificate with root trust (self-signed public key) from a key pair. -export async function issueRoot( - issuedBy: PeerId, - forPk: PeerId, - expiresAt: number, - issuedAt: number, -): Promise { - if (expiresAt < issuedAt) { - throw Error('Expiration time should be greater then issued time.'); - } - - let maxDate = new Date(158981172690500).getTime(); - - let rootTrust = await createTrust(issuedBy, issuedBy, maxDate, issuedAt); - let trust = await createTrust(forPk, issuedBy, expiresAt, issuedAt); - let chain = [rootTrust, trust]; - - return { - chain: chain, - }; -} - -// Adds a new trust into chain of trust in certificate. -export async function issue( - issuedBy: PeerId, - forPk: PeerId, - extendCert: Certificate, - expiresAt: number, - issuedAt: number, -): Promise { - if (expiresAt < issuedAt) { - throw Error('Expiration time should be greater then issued time.'); - } - - let lastTrust = extendCert.chain[extendCert.chain.length - 1]; - - if (lastTrust.issuedFor !== issuedBy) { - throw Error('`issuedFor` should be equal to `issuedBy` in the last trust of the chain.'); - } - - let trust = await createTrust(forPk, issuedBy, expiresAt, issuedAt); - let chain = [...extendCert.chain]; - chain.push(trust); - - return { - chain: chain, - }; -} diff --git a/src/internal/trust/misc.ts b/src/internal/trust/misc.ts deleted file mode 100644 index bab5e6e5..00000000 --- a/src/internal/trust/misc.ts +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright 2020 Fluence Labs Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -import * as PeerId from 'peer-id'; -import { keys } from 'libp2p-crypto'; -import { Certificate, issueRoot } from './certificate'; - -/** - * Generate root certificate with one of the Fluence trusted key for one day. - */ -export async function nodeRootCert(issuedFor: PeerId): Promise { - // prettier-ignore - let seed = [46, 188, 245, 171, 145, 73, 40, 24, 52, 233, 215, 163, 54, 26, 31, 221, 159, 179, 126, 106, 27, 199, 189, 194, 80, 133, 235, 42, 42, 247, 80, 201]; - - let privateK = await keys.generateKeyPairFromSeed('Ed25519', Uint8Array.from(seed), 256); - let peerId = await PeerId.createFromPrivKey(privateK.bytes); - - let issuedAt = new Date(); - let expiresAt = new Date(); - expiresAt.setDate(new Date().getDate() + 1); - - return await issueRoot(peerId, issuedFor, expiresAt.getTime(), issuedAt.getTime()); -} diff --git a/src/internal/trust/trust.ts b/src/internal/trust/trust.ts deleted file mode 100644 index c5675e07..00000000 --- a/src/internal/trust/trust.ts +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright 2020 Fluence Labs Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -import * as PeerId from 'peer-id'; -import { decode, encode } from 'bs58'; -import crypto from 'libp2p-crypto'; -const ed25519 = crypto.keys.supportedKeys.ed25519; - -// One element in chain of trust in a certificate. -export interface Trust { - issuedFor: PeerId; - expiresAt: number; - signature: string; - issuedAt: number; -} - -export function trustToString(trust: Trust): string { - return `${encode(trust.issuedFor.pubKey.marshal())}\n${trust.signature}\n${trust.expiresAt}\n${trust.issuedAt}`; -} - -export async function trustFromString( - issuedFor: string, - signature: string, - expiresAt: string, - issuedAt: string, -): Promise { - let pubKey = ed25519.unmarshalEd25519PublicKey(decode(issuedFor)); - let peerId = await PeerId.createFromPubKey(pubKey.bytes); - - return { - issuedFor: peerId, - signature: signature, - expiresAt: parseInt(expiresAt), - issuedAt: parseInt(issuedAt), - }; -} - -export async function createTrust( - forPk: PeerId, - issuedBy: PeerId, - expiresAt: number, - issuedAt: number, -): Promise { - let bytes = toSignMessage(forPk, expiresAt, issuedAt); - let signature = await issuedBy.privKey.sign(Buffer.from(bytes)); - let signatureStr = encode(signature); - - return { - issuedFor: forPk, - expiresAt: expiresAt, - signature: signatureStr, - issuedAt: issuedAt, - }; -} - -function toSignMessage(pk: PeerId, expiresAt: number, issuedAt: number): Uint8Array { - let bytes = new Uint8Array(48); - let pkEncoded = pk.pubKey.marshal(); - - bytes.set(pkEncoded, 0); - bytes.set(numToArray(expiresAt), 32); - bytes.set(numToArray(issuedAt), 40); - - return bytes; -} - -function numToArray(n: number): number[] { - let byteArray = [0, 0, 0, 0, 0, 0, 0, 0]; - - for (let index = 0; index < byteArray.length; index++) { - let byte = n & 0xff; - byteArray[index] = byte; - n = (n - byte) / 256; - } - - return byteArray; -} diff --git a/src/internal/trust/trust_graph.ts b/src/internal/trust/trust_graph.ts deleted file mode 100644 index 9410d07e..00000000 --- a/src/internal/trust/trust_graph.ts +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright 2020 Fluence Labs Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -import { Certificate, certificateFromString, certificateToString } from './certificate'; -import * as log from 'loglevel'; - -// TODO update after 'aquamarine' implemented -// The client to interact with the Fluence trust graph API -export class TrustGraph { - //client: FluenceClient; - - constructor() {} - - // Publish certificate to Fluence network. It will be published in Kademlia neighbourhood by `peerId` key. - async publishCertificates(peerId: string, certs: Certificate[]) { - let certsStr = []; - for (let cert of certs) { - certsStr.push(await certificateToString(cert)); - } - - /*let response = await this.client.callPeer("add_certificates", { - certificates: certsStr, - peer_id: peerId - });*/ - let response: any = {}; - - if (response.reason) { - throw Error(response.reason); - } else if (response.status) { - return response.status; - } else { - throw Error( - `Unexpected response: ${response}. Should be 'status' field for a success response or 'reason' field for an error.`, - ); - } - } - - // Get certificates that stores in Kademlia neighbourhood by `peerId` key. - async getCertificates(peerId: string): Promise { - let resp: any = {}; - /*let resp = await this.client.callPeer("certificates", { - peer_id: peerId - });*/ - - let certificatesRaw = resp.certificates; - - if (!(certificatesRaw && Array.isArray(certificatesRaw))) { - log.error(Array.isArray(certificatesRaw)); - throw Error('Unexpected. Certificates should be presented in the response as an array.'); - } - - let certs = []; - for (let cert of certificatesRaw) { - certs.push(await certificateFromString(cert)); - } - - return certs; - } -}