Ryan/drop
1
0
Fork 0
mirror of https://github.com/Drop-OSS/drop.git synced 2025-11-13 00:02:37 +10:00
Code Issues Packages Projects Releases Wiki Activity

feat(ca): generate a server certificate for mtls APIs

Browse Source
This commit is contained in:
DecDuck
2024-11-06 11:38:32 +11:00
parent b9ae26cb27
commit 9c4b6f35bb
1 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
server/internal/clients/ca.ts
View File

@ -22,13 +22,22 @@ export class CertificateAuthority {
static async new(store: CertificateStore) {
const root = await store.fetch("ca");
let ca;
if (root === undefined) {
const [cert, priv] = droplet.generateRootCa();
const bundle: CertificateBundle = { priv, cert };
await store.store("ca", bundle);
return new CertificateAuthority(store, bundle);
ca = new CertificateAuthority(store, bundle);
} else {
ca = new CertificateAuthority(store, root);
}
return new CertificateAuthority(store, root);
const serverCertificate = await ca.fetchClientCertificate("server");
if (!serverCertificate) {
await ca.generateClientCertificate("server", "Drop Server");
}
return ca;
}
async generateClientCertificate(clientId: string, clientName: string) {
@ -39,7 +48,7 @@ export class CertificateAuthority {
clientId,
clientName,
caCertificate.cert,
caCertificate.priv,
caCertificate.priv
);
const certBundle: CertificateBundle = {
priv,
@ -53,8 +62,9 @@ export class CertificateAuthority {
}
async fetchClientCertificate(clientId: string) {
const isBlacklist =
await this.certificateStore.checkBlacklistCertificate(clientId);
const isBlacklist = await this.certificateStore.checkBlacklistCertificate(
clientId
);
if (isBlacklist) return undefined;
return await this.certificateStore.fetch(`client:${clientId}`);
}