delete trust-graph (#22)

2025-06-30 08:11:33 +00:00 · 2021-02-19 12:21:13 +03:00
parent 416221ea17
commit 78ed8ab46c
5 changed files with 1 additions and 370 deletions
--- a/src/test/integration/client.spec.ts
+++ b/src/test/integration/client.spec.ts
@ -1,10 +1,7 @@
 import { encode } from 'bs58';
 import { certificateFromString, certificateToString, issue } from '../../internal/trust/certificate';
 import { TrustGraph } from '../../internal/trust/trust_graph';
 import { nodeRootCert } from '../../internal/trust/misc';
 import { generatePeerId, peerIdToSeed, seedToPeerId } from '../../internal/peerIdUtils';
 import { FluenceClientImpl } from '../../internal/FluenceClientImpl';
-import { createConnectedClient, createLocalClient } from '../util';
+import { createConnectedClient } from '../util';
 import log from 'loglevel';
 import { createClient } from '../../api';
 import Multiaddr from 'multiaddr';
@ -22,28 +19,6 @@ describe('Typescript usage suite', () => {
        expect(peerIdToSeed(pid)).toEqual(seedStr);
    });
    it('should serialize and deserialize certificate correctly', async function () {
        let cert = `11
 1111
 5566Dn4ZXXbBK5LJdUsE7L3pG9qdAzdPY47adjzkhEx9
 3HNXpW2cLdqXzf4jz5EhsGEBFkWzuVdBCyxzJUZu2WPVU7kpzPjatcqvdJMjTtcycVAdaV5qh2fCGphSmw8UMBkr
 158981172690500
 1589974723504
 2EvoZAZaGjKWFVdr36F1jphQ5cW7eK3yM16mqEHwQyr7
 4UAJQWzB3nTchBtwARHAhsn7wjdYtqUHojps9xV6JkuLENV8KRiWM3BhQByx5KijumkaNjr7MhHjouLawmiN1A4d
 1590061123504
 1589974723504`;
        let deser = await certificateFromString(cert);
        let ser = certificateToString(deser);
        expect(ser).toEqual(cert);
    });
    it.skip('should perform tests on certs', async function () {
        await testCerts();
    });
    describe('should make connection to network', function () {
        const testProcedure = async (client: FluenceClientImpl) => {
            let resMakingPromise = new Promise((resolve) => {
@ -290,42 +265,3 @@ describe('Typescript usage suite', () => {
        });
    });
 });
 export async function testCerts() {
    const key1 = await generatePeerId();
    const key2 = await generatePeerId();
    // connect to two different nodes
    const cl1 = new FluenceClientImpl(key1);
    const cl2 = new FluenceClientImpl(key2);
    await cl1.connect('/dns4/134.209.186.43/tcp/9003/ws/p2p/12D3KooWBUJifCTgaxAUrcM9JysqCcS4CS8tiYH5hExbdWCAoNwb');
    await cl2.connect('/ip4/134.209.186.43/tcp/9002/ws/p2p/12D3KooWHk9BjDQBUqnavciRPhAYFvqKBe4ZiPPvde7vDaqgn5er');
    let trustGraph1 = new TrustGraph(/* cl1 */);
    let trustGraph2 = new TrustGraph(/* cl2 */);
    let issuedAt = new Date();
    let expiresAt = new Date();
    // certificate expires after one day
    expiresAt.setDate(new Date().getDate() + 1);
    // create root certificate for key1 and extend it with key2
    let rootCert = await nodeRootCert(key1);
    let extended = await issue(key1, key2, rootCert, expiresAt.getTime(), issuedAt.getTime());
    // publish certificates to Fluence network
    await trustGraph1.publishCertificates(key2.toB58String(), [extended]);
    // get certificates from network
    let certs = await trustGraph2.getCertificates(key2.toB58String());
    // root certificate could be different because nodes save trusts with bigger `expiresAt` date and less `issuedAt` date
    expect(certs[0].chain[1].issuedFor.toB58String()).toEqual(extended.chain[1].issuedFor.toB58String());
    expect(certs[0].chain[1].signature).toEqual(extended.chain[1].signature);
    expect(certs[0].chain[1].expiresAt).toEqual(extended.chain[1].expiresAt);
    expect(certs[0].chain[1].issuedAt).toEqual(extended.chain[1].issuedAt);
    await cl1.disconnect();
    await cl2.disconnect();
 }
--- a/src/internal/trust/certificate.ts
+++ b/src/internal/trust/certificate.ts
@ -1,107 +0,0 @@
 /*
 * Copyright 2020 Fluence Labs Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 import { createTrust, Trust, trustFromString, trustToString } from './trust';
 import * as PeerId from 'peer-id';
 const FORMAT = '11';
 const VERSION = '1111';
 // TODO verify certificate
 // Chain of trusts started from self-signed root trust.
 export interface Certificate {
    chain: Trust[];
 }
 export function certificateToString(cert: Certificate): string {
    let certStr = cert.chain.map((t) => trustToString(t)).join('\n');
    return `${FORMAT}\n${VERSION}\n${certStr}`;
 }
 export async function certificateFromString(str: string): Promise<Certificate> {
    let lines = str.split('\n');
    // last line could be empty
    if (!lines[lines.length - 1]) {
        lines.pop();
    }
    // TODO do match different formats and versions
    let _format = lines[0];
    let _version = lines[1];
    // every trust is 4 lines, certificate lines number without format and version should be divided by 4
    if ((lines.length - 2) % 4 !== 0) {
        throw Error('Incorrect format of the certificate:\n' + str);
    }
    let chain: Trust[] = [];
    let i;
    for (i = 2; i < lines.length; i = i + 4) {
        chain.push(await trustFromString(lines[i], lines[i + 1], lines[i + 2], lines[i + 3]));
    }
    return { chain };
 }
 // Creates new certificate with root trust (self-signed public key) from a key pair.
 export async function issueRoot(
    issuedBy: PeerId,
    forPk: PeerId,
    expiresAt: number,
    issuedAt: number,
 ): Promise<Certificate> {
    if (expiresAt < issuedAt) {
        throw Error('Expiration time should be greater then issued time.');
    }
    let maxDate = new Date(158981172690500).getTime();
    let rootTrust = await createTrust(issuedBy, issuedBy, maxDate, issuedAt);
    let trust = await createTrust(forPk, issuedBy, expiresAt, issuedAt);
    let chain = [rootTrust, trust];
    return {
        chain: chain,
    };
 }
 // Adds a new trust into chain of trust in certificate.
 export async function issue(
    issuedBy: PeerId,
    forPk: PeerId,
    extendCert: Certificate,
    expiresAt: number,
    issuedAt: number,
 ): Promise<Certificate> {
    if (expiresAt < issuedAt) {
        throw Error('Expiration time should be greater then issued time.');
    }
    let lastTrust = extendCert.chain[extendCert.chain.length - 1];
    if (lastTrust.issuedFor !== issuedBy) {
        throw Error('`issuedFor` should be equal to `issuedBy` in the last trust of the chain.');
    }
    let trust = await createTrust(forPk, issuedBy, expiresAt, issuedAt);
    let chain = [...extendCert.chain];
    chain.push(trust);
    return {
        chain: chain,
    };
 }
--- a/src/internal/trust/misc.ts
+++ b/src/internal/trust/misc.ts
@ -1,36 +0,0 @@
 /*
 * Copyright 2020 Fluence Labs Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 import * as PeerId from 'peer-id';
 import { keys } from 'libp2p-crypto';
 import { Certificate, issueRoot } from './certificate';
 /**
 * Generate root certificate with one of the Fluence trusted key for one day.
 */
 export async function nodeRootCert(issuedFor: PeerId): Promise<Certificate> {
    // prettier-ignore
    let seed = [46, 188, 245, 171, 145, 73, 40, 24, 52, 233, 215, 163, 54, 26, 31, 221, 159, 179, 126, 106, 27, 199, 189, 194, 80, 133, 235, 42, 42, 247, 80, 201];
    let privateK = await keys.generateKeyPairFromSeed('Ed25519', Uint8Array.from(seed), 256);
    let peerId = await PeerId.createFromPrivKey(privateK.bytes);
    let issuedAt = new Date();
    let expiresAt = new Date();
    expiresAt.setDate(new Date().getDate() + 1);
    return await issueRoot(peerId, issuedFor, expiresAt.getTime(), issuedAt.getTime());
 }
--- a/src/internal/trust/trust.ts
+++ b/src/internal/trust/trust.ts
@ -1,90 +0,0 @@
 /*
 * Copyright 2020 Fluence Labs Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 import * as PeerId from 'peer-id';
 import { decode, encode } from 'bs58';
 import crypto from 'libp2p-crypto';
 const ed25519 = crypto.keys.supportedKeys.ed25519;
 // One element in chain of trust in a certificate.
 export interface Trust {
    issuedFor: PeerId;
    expiresAt: number;
    signature: string;
    issuedAt: number;
 }
 export function trustToString(trust: Trust): string {
    return `${encode(trust.issuedFor.pubKey.marshal())}\n${trust.signature}\n${trust.expiresAt}\n${trust.issuedAt}`;
 }
 export async function trustFromString(
    issuedFor: string,
    signature: string,
    expiresAt: string,
    issuedAt: string,
 ): Promise<Trust> {
    let pubKey = ed25519.unmarshalEd25519PublicKey(decode(issuedFor));
    let peerId = await PeerId.createFromPubKey(pubKey.bytes);
    return {
        issuedFor: peerId,
        signature: signature,
        expiresAt: parseInt(expiresAt),
        issuedAt: parseInt(issuedAt),
    };
 }
 export async function createTrust(
    forPk: PeerId,
    issuedBy: PeerId,
    expiresAt: number,
    issuedAt: number,
 ): Promise<Trust> {
    let bytes = toSignMessage(forPk, expiresAt, issuedAt);
    let signature = await issuedBy.privKey.sign(Buffer.from(bytes));
    let signatureStr = encode(signature);
    return {
        issuedFor: forPk,
        expiresAt: expiresAt,
        signature: signatureStr,
        issuedAt: issuedAt,
    };
 }
 function toSignMessage(pk: PeerId, expiresAt: number, issuedAt: number): Uint8Array {
    let bytes = new Uint8Array(48);
    let pkEncoded = pk.pubKey.marshal();
    bytes.set(pkEncoded, 0);
    bytes.set(numToArray(expiresAt), 32);
    bytes.set(numToArray(issuedAt), 40);
    return bytes;
 }
 function numToArray(n: number): number[] {
    let byteArray = [0, 0, 0, 0, 0, 0, 0, 0];
    for (let index = 0; index < byteArray.length; index++) {
        let byte = n & 0xff;
        byteArray[index] = byte;
        n = (n - byte) / 256;
    }
    return byteArray;
 }
--- a/src/internal/trust/trust_graph.ts
+++ b/src/internal/trust/trust_graph.ts
@ -1,72 +0,0 @@
 /*
 * Copyright 2020 Fluence Labs Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 import { Certificate, certificateFromString, certificateToString } from './certificate';
 import * as log from 'loglevel';
 // TODO update after 'aquamarine' implemented
 // The client to interact with the Fluence trust graph API
 export class TrustGraph {
    //client: FluenceClient;
    constructor() {}
    // Publish certificate to Fluence network. It will be published in Kademlia neighbourhood by `peerId` key.
    async publishCertificates(peerId: string, certs: Certificate[]) {
        let certsStr = [];
        for (let cert of certs) {
            certsStr.push(await certificateToString(cert));
        }
        /*let response = await this.client.callPeer("add_certificates", {
            certificates: certsStr,
            peer_id: peerId
        });*/
        let response: any = {};
        if (response.reason) {
            throw Error(response.reason);
        } else if (response.status) {
            return response.status;
        } else {
            throw Error(
                `Unexpected response: ${response}. Should be 'status' field for a success response or 'reason' field for an error.`,
            );
        }
    }
    // Get certificates that stores in Kademlia neighbourhood by `peerId` key.
    async getCertificates(peerId: string): Promise<Certificate[]> {
        let resp: any = {};
        /*let resp = await this.client.callPeer("certificates", {
            peer_id: peerId
        });*/
        let certificatesRaw = resp.certificates;
        if (!(certificatesRaw && Array.isArray(certificatesRaw))) {
            log.error(Array.isArray(certificatesRaw));
            throw Error('Unexpected. Certificates should be presented in the response as an array.');
        }
        let certs = [];
        for (let cert of certificatesRaw) {
            certs.push(await certificateFromString(cert));
        }
        return certs;
    }
 }