vacp2p/nim-libp2p
1
0
Fork 0
mirror of https://github.com/vacp2p/nim-libp2p.git synced 2026-01-09 14:28:11 -05:00
Code Issues Packages Projects Releases 14 Wiki Activity

feat(certificate): set distinguishable issuer name with peer id (#1296)

Browse Source
This commit is contained in:
vladopajic
2025-03-21 13:38:02 +01:00
committed by GitHub
parent 28f2b268ae
commit c0f4d903ba
2 changed files with 19 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
libp2p/transports/tls/certificate.nim
View File

@@ -28,6 +28,7 @@ import mbedtls/error
import nimcrypto/utils
import ../../crypto/crypto
import ../../errors
import ../../../libp2p/peerid
logScope:
topics = "libp2p tls certificate"
@@ -75,6 +76,12 @@ var
ctrDrbg: mbedtls_ctr_drbg_context
drbgInitialized = false
func publicKey*(cert: P2pCertificate): PublicKey =
return PublicKey.init(cert.extension.publicKey).get()
func peerId*(cert: P2pCertificate): PeerId =
return PeerId.init(cert.publicKey()).tryGet()
proc initializeDRBG() {.raises: [KeyGenerationError].} =
## Function to initialize entropy and DRBG context if not already initialized.
if not drbgInitialized:
@@ -182,6 +189,15 @@ func makeSignatureMessage(pubKey: seq[byte]): seq[byte] {.inline.} =
return msg
func makeIssuerDN(identityKeyPair: KeyPair): string {.inline.} =
let issuerDN =
try:
"CN=" & $(PeerId.init(identityKeyPair.pubkey).tryGet())
except LPError:
raiseAssert "pubkey must be set"
return issuerDN
func parseCertificatePublicKey(
pk: mbedtls_pk_context
): seq[byte] {.raises: [CertificateParsingError].} =
@@ -332,11 +348,12 @@ proc generate*(
let libp2pExtension = makeLibp2pExtension(identityKeyPair, certKey)
# Set the Subject and Issuer Name (self-signed)
ret = mbedtls_x509write_crt_set_subject_name(addr crt, "CN=libp2p.io")
let issuerDN = makeIssuerDN(identityKeyPair)
ret = mbedtls_x509write_crt_set_subject_name(addr crt, issuerDN)
if ret != 0:
raise newException(CertificateCreationError, "Failed to set subject name")
ret = mbedtls_x509write_crt_set_issuer_name(addr crt, "CN=libp2p.io")
ret = mbedtls_x509write_crt_set_issuer_name(addr crt, issuerDN)
if ret != 0:
raise newException(CertificateCreationError, "Failed to set issuer name")

6
tests/transports/tls/testcertificate.nim
View File

@@ -4,12 +4,6 @@ import ../../../libp2p/transports/tls/certificate
import ../../../libp2p/crypto/crypto
import ../../../libp2p/peerid
func publicKey*(cert: P2pCertificate): PublicKey =
return PublicKey.init(cert.extension.publicKey).get()
func peerId*(cert: P2pCertificate): PeerId =
return PeerId.init(cert.publicKey()).tryGet()
suite "Certificate roundtrip tests":
test "generate then parse with DER ecoding":
let schemes = @[Ed25519, Secp256k1, ECDSA]