ability to fetch client certs for p2p

server/internal/clients/ca.ts

@@ -39,7 +39,7 @@ export class CertificateAuthority {
       clientId,
       clientName,
       caCertificate.cert,
-      caCertificate.priv
+      caCertificate.priv,
     );
     const certBundle: CertificateBundle = {
       priv,
@@ -53,6 +53,13 @@ export class CertificateAuthority {
   }
 
   async fetchClientCertificate(clientId: string) {
+    const isBlacklist =
+      await this.certificateStore.checkBlacklistCertificate(clientId);
+    if (isBlacklist) return undefined;
     return await this.certificateStore.fetch(`client:${clientId}`);
   }
+
+  async blacklistClient(clientId: string) {
+    await this.certificateStore.blacklistCertificate(clientId);
+  }
 }

server/internal/clients/store.ts

@@ -5,9 +5,13 @@ import { CertificateBundle } from "./ca";
 export type CertificateStore = {
   store(name: string, data: CertificateBundle): Promise<void>;
   fetch(name: string): Promise<CertificateBundle | undefined>;
+  blacklistCertificate(name: string): Promise<void>;
+  checkBlacklistCertificate(name: string): Promise<boolean>;
 };
 
 export const fsCertificateStore = (base: string) => {
+  const blacklist = path.join(base, ".blacklist");
+  fs.mkdirSync(blacklist, { recursive: true });
   const store: CertificateStore = {
     async store(name: string, data: CertificateBundle) {
       const filepath = path.join(base, name);
@@ -18,6 +22,14 @@ export const fsCertificateStore = (base: string) => {
       if (!fs.existsSync(filepath)) return undefined;
       return JSON.parse(fs.readFileSync(filepath, "utf-8"));
     },
+    async blacklistCertificate(name: string) {
+      const filepath = path.join(blacklist, name);
+      fs.writeFileSync(filepath, Buffer.from([]));
+    },
+    async checkBlacklistCertificate(name: string): Promise<boolean> {
+      const filepath = path.join(blacklist, name);
+      return fs.existsSync(filepath);
+    },
   };
   return store;
 };