Reconciled duplicate cert funcs

2023-03-21 12:36:34 +00:00 · 2023-03-21 12:36:34 +00:00 · 013c5addd6
parent 374898d7c2
commit 013c5addd6
6 changed files with 34 additions and 72 deletions
--- a/server/certs.go
+++ b/server/certs.go
@ -4,7 +4,6 @@ import (
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rand"
-	"crypto/sha256"
 	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
@ -22,17 +21,6 @@ func makeRandomSerialNumber() (*big.Int, error) {
 	return rand.Int(rand.Reader, serialNumberLimit)
 }

-// TODO duped in pairing
-
-func makeSerialNumberFromKey(pk *ecdsa.PrivateKey) *big.Int {
-	h := sha256.New()
-	h.Write(append(pk.D.Bytes(), append(pk.Y.Bytes(), pk.X.Bytes()...)...))
-
-	return new(big.Int).SetBytes(h.Sum(nil))
-}
-
-// TODO duped in pairing
-
 func GenerateX509Cert(sn *big.Int, from, to time.Time, hostname string) *x509.Certificate {
 	c := &x509.Certificate{
 		SerialNumber:          sn,
@ -55,8 +43,6 @@ func GenerateX509Cert(sn *big.Int, from, to time.Time, hostname string) *x509.Ce
 	return c
 }

-// TODO duped in pairing
-
 func GenerateX509PEMs(cert *x509.Certificate, key *ecdsa.PrivateKey) (certPem, keyPem []byte, err error) {
 	derBytes, err := x509.CreateCertificate(rand.Reader, cert, cert, &key.PublicKey, key)
 	if err != nil {
--- a/server/certs_test.go
+++ b/server/certs_test.go
@ -25,10 +25,6 @@ func (s *CertsSuite) SetupSuite() {
 	s.SetupCertComponents(s.T())
 }

-func (s *CertsSuite) Test_makeSerialNumberFromKey() {
-	s.Require().Zero(makeSerialNumberFromKey(s.PK).Cmp(s.SN))
-}
-
 func (s *CertsSuite) TestToECDSA() {
 	k := ToECDSA(base58.Decode(servertest.DB58))
 	s.Require().NotNil(k.PublicKey.X)
--- a/server/pairing/certs.go
+++ b/server/pairing/certs.go
@ -2,27 +2,20 @@ package pairing

 import (
 	"crypto/ecdsa"
-	"crypto/rand"
 	"crypto/sha256"
 	"crypto/tls"
 	"crypto/x509"
-	"crypto/x509/pkix"
 	"encoding/asn1"
 	"encoding/pem"
 	"fmt"
 	"math/big"
-	"net"
 	"net/url"
 	"time"

+	"github.com/status-im/status-go/server"
 	"github.com/status-im/status-go/signal"
 )

-// TODO Reconcile duplicate function here and in server/certs.go
-//  https://github.com/status-im/status-go/issues/3300
-
-// TODO duped, but only used here
-
 func makeSerialNumberFromKey(pk *ecdsa.PrivateKey) *big.Int {
 	h := sha256.New()
 	h.Write(append(pk.D.Bytes(), append(pk.Y.Bytes(), pk.X.Bytes()...)...))
@ -30,51 +23,9 @@ func makeSerialNumberFromKey(pk *ecdsa.PrivateKey) *big.Int {
 	return new(big.Int).SetBytes(h.Sum(nil))
 }

-// todo duped
-
-func GenerateX509Cert(sn *big.Int, from, to time.Time, hostname string) *x509.Certificate {
-	c := &x509.Certificate{
-		SerialNumber:          sn,
-		Subject:               pkix.Name{Organization: []string{"Self-signed cert"}},
-		NotBefore:             from,
-		NotAfter:              to,
-		KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
-		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
-		BasicConstraintsValid: true,
-		IsCA:                  true,
-	}
-
-	ip := net.ParseIP(hostname)
-	if ip != nil {
-		c.IPAddresses = []net.IP{ip}
-	} else {
-		c.DNSNames = []string{hostname}
-	}
-
-	return c
-}
-
-// todo duped
-
-func GenerateX509PEMs(cert *x509.Certificate, key *ecdsa.PrivateKey) (certPem, keyPem []byte, err error) {
-	derBytes, err := x509.CreateCertificate(rand.Reader, cert, cert, &key.PublicKey, key)
-	if err != nil {
-		return
-	}
-	certPem = pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
-
-	privBytes, err := x509.MarshalPKCS8PrivateKey(key)
-	if err != nil {
-		return
-	}
-	keyPem = pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: privBytes})
-
-	return
-}
-
 func GenerateCertFromKey(pk *ecdsa.PrivateKey, from time.Time, hostname string) (tls.Certificate, []byte, error) {
-	cert := GenerateX509Cert(makeSerialNumberFromKey(pk), from, from.Add(time.Hour), hostname)
-	certPem, keyPem, err := GenerateX509PEMs(cert, pk)
+	cert := server.GenerateX509Cert(makeSerialNumberFromKey(pk), from, from.Add(time.Hour), hostname)
+	certPem, keyPem, err := server.GenerateX509PEMs(cert, pk)
 	if err != nil {
 		return tls.Certificate{}, nil, err
 	}
--- a/server/pairing/certs_test.go
+++ b/server/pairing/certs_test.go
@ -0,0 +1,28 @@
+package pairing
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/suite"
+
+	"github.com/status-im/status-go/server/servertest"
+)
+
+func TestCerts(t *testing.T) {
+	suite.Run(t, new(CertsSuite))
+}
+
+type CertsSuite struct {
+	suite.Suite
+	servertest.TestKeyComponents
+	servertest.TestCertComponents
+}
+
+func (s *CertsSuite) SetupSuite() {
+	s.SetupKeyComponents(s.T())
+	s.SetupCertComponents(s.T())
+}
+
+func (s *CertsSuite) Test_makeSerialNumberFromKey() {
+	s.Require().Zero(makeSerialNumberFromKey(s.PK).Cmp(s.SN))
+}
--- a/server/pairing/components_test.go
+++ b/server/pairing/components_test.go
@ -9,9 +9,10 @@ import (
 	"testing"
 	"time"

+	"github.com/stretchr/testify/require"
+
 	"github.com/status-im/status-go/protocol/common"
 	"github.com/status-im/status-go/server"
-	"github.com/stretchr/testify/require"
 )

 type TestPairingServerComponents struct {
--- a/server/server.go
+++ b/server/server.go
@ -79,7 +79,7 @@ func (s *Server) listenAndServe() {
 	s.StartTimeout(func() {
 		err := s.Stop()
 		if err != nil {
-			s.logger.Error("PairingServer termination fail", zap.Error(err))
+			s.logger.Error("server termination fail", zap.Error(err))
 		}
 	})