From 3f4368d2fde6f67075d218c06a393bcf80a9de67 Mon Sep 17 00:00:00 2001
From: Jed Parsons <jedp@me.com>
Date: Tue, 8 May 2012 21:45:29 -0700
Subject: [PATCH] removed extraneous ca.verifyBundle and ca.verifyChain
---
lib/configuration.js | 5 +++-
lib/keysigner/ca.js | 43 +---------------------------------
tests/ca-test.js | 17 +-------------
tests/cert-emails-test.js | 27 ---------------------
tests/session-duration-test.js | 28 ----------------------
5 files changed, 6 insertions(+), 114 deletions(-)
diff --git a/lib/configuration.js b/lib/configuration.js
index 76a99ccc9..14d7e5e5e 100644
--- a/lib/configuration.js
+++ b/lib/configuration.js
@@ -87,6 +87,10 @@ var conf = module.exports = convict({
format: 'string?',
env: 'MYSQL_USER'
},
+ password: {
+ format: 'string?',
+ env: 'MYSQL_PASSWORD'
+ },
create_schema: 'boolean = true',
may_write: 'boolean = true',
name: {
@@ -97,7 +101,6 @@ var conf = module.exports = convict({
format: 'string?',
env: 'MYSQL_PASSWORD'
},
- host: 'string?',
max_query_time_ms: {
format: 'integer = 5000',
doc: "The maximum amount of time we'll allow a query to run before considering the database to be sick",
diff --git a/lib/keysigner/ca.js b/lib/keysigner/ca.js
index 5e95fef85..c32076a1e 100644
--- a/lib/keysigner/ca.js
+++ b/lib/keysigner/ca.js
@@ -6,11 +6,8 @@
var jwcrypto = require('jwcrypto'),
cert = jwcrypto.cert,
- path = require("path"),
- fs = require("fs"),
secrets = require('../secrets.js'),
- logger = require('../logging.js').logger,
- urlparse = require('urlparse');
+ logger = require('../logging.js').logger;
// load up the right algorithms
require("jwcrypto/lib/algs/rs");
@@ -38,45 +35,7 @@ function certify(hostname, email, publicKey, expiration, cb) {
secret_key, cb);
}
-// hostname is issuer
-// certChain is an array of raw certs
-// the cb is called with the last public key and principal
-function verifyChain(hostname, certChain, cb) {
- return cert.verifyChain(
- certChain, new Date(),
- function(issuer, next) {
- // for now we only do browserid.org issued keys
- if (issuer != hostname)
- return next("only verifying " + hostname + "-issued keys");
-
- next(null, exports.PUBLIC_KEY);
- }, function(err, certParamsArray) {
- if (err) return cb(err);
-
- var lastParams = certParamsArray[certParamsArray.length - 1];
- cb(null, lastParams.certParams['public-key'], lastParams.certParams.principal, certParamsArray);
- });
-}
-
-function verifyBundle(hostname, bundle, cb) {
- return cert.verifyBundle(
- bundle, new Date(),
- function(issuer, next) {
- // for now we only do browserid.org issued keys
- if (issuer != hostname)
- return next("only verifying " + hostname + "-issued keys");
-
- next(null, exports.PUBLIC_KEY);
- }, function(err, certParamsArray, payload, assertionParams) {
- if (err) return cb(err);
-
- cb(null, certParamsArray, payload, assertionParams);
- });
-}
-
// exports, not the key stuff
exports.certify = certify;
-exports.verifyChain = verifyChain;
-exports.verifyBundle = verifyBundle;
exports.parsePublicKey = parsePublicKey;
exports.PUBLIC_KEY = public_key;
diff --git a/tests/ca-test.js b/tests/ca-test.js
index 43e1ccefc..04a1ac4cc 100755
--- a/tests/ca-test.js
+++ b/tests/ca-test.js
@@ -8,13 +8,8 @@ require('./lib/test_env.js');
const assert = require('assert'),
vows = require('vows'),
-start_stop = require('./lib/start-stop.js'),
-wsapi = require('./lib/wsapi.js'),
-email = require('../lib/email.js'),
ca = require('../lib/keysigner/ca.js'),
-jwcrypto = require('jwcrypto'),
-cert = jwcrypto.cert,
-assertion = jwcrypto.assertion;
+jwcrypto = require('jwcrypto');
// algorithms
require("jwcrypto/lib/algs/rs");
@@ -53,16 +48,6 @@ suite.addBatch({
},
"looks ok" : function(err, cert_raw) {
assert.equal(cert_raw.split(".").length, 3);
- },
- "upon verification": {
- topic: function(err, cert_raw) {
- ca.verifyChain(issuer, [cert_raw], this.callback);
- },
- "verifies": function(err, pk, principal) {
- assert.isNull(err);
- assert.isTrue(kp.publicKey.equals(pk));
- assert.equal(principal.email, email_addr);
- }
}
}
}
diff --git a/tests/cert-emails-test.js b/tests/cert-emails-test.js
index dab8fa367..904236a4d 100755
--- a/tests/cert-emails-test.js
+++ b/tests/cert-emails-test.js
@@ -10,7 +10,6 @@ const assert = require('assert'),
vows = require('vows'),
start_stop = require('./lib/start-stop.js'),
wsapi = require('./lib/wsapi.js'),
-email = require('../lib/email.js'),
ca = require('../lib/keysigner/ca.js'),
jwcrypto = require("jwcrypto");
@@ -120,16 +119,6 @@ suite.addBatch({
"returns a response with a proper content-type" : function(err, r) {
assert.strictEqual(r.code, 200);
},
- "returns a proper cert": {
- topic: function(err, r) {
- ca.verifyChain('127.0.0.1', [r.body], this.callback);
- },
- "that verifies": function(err, pk, principal) {
- assert.isNull(err);
- assert.equal(principal.email, 'syncer@somehost.com');
- assert.equal(kp.publicKey.serialize(), pk.serialize());
- }
- },
"generate an assertion": {
topic: function(err, r) {
var serializedCert = r.body.toString();
@@ -150,22 +139,6 @@ suite.addBatch({
assert.equal(certs_and_assertion.certificates[0].split(".").length, 3);
assert.equal(certs_and_assertion.assertion.split(".").length, 3);
},
- "assertion verifies": {
- topic: function(err, certs_and_assertion) {
- // bundle and verify
- var bundle = jwcrypto.cert.bundle(certs_and_assertion.certificates, certs_and_assertion.assertion);
-
- var cb = this.callback;
- // extract public key at the tail of the chain
- ca.verifyBundle('127.0.0.1', bundle, this.callback);
- },
- "verifies": function(err, certParamsArray, payload, assertionParams) {
- assert.isNull(err);
- assert.isArray(certParamsArray);
- assert.isObject(payload);
- assert.isObject(assertionParams);
- }
- }
}
},
"cert key invoked proper arguments but incorrect email address": {
diff --git a/tests/session-duration-test.js b/tests/session-duration-test.js
index ae63d1116..a28c7f20f 100755
--- a/tests/session-duration-test.js
+++ b/tests/session-duration-test.js
@@ -218,20 +218,6 @@ suite.addBatch({
},
"returns a response with a proper content-type" : function(err, r) {
assert.strictEqual(r.code, 200);
- },
- "upon validation": {
- topic: function(err, r) {
- ca.verifyChain('127.0.0.1', [r.body], this.callback);
- },
- "works": function(err, pk, principal, certParamsArray) {
- assert.isTrue(kp.publicKey.equals(pk));
- },
- "has the correct expiration": function(err, pk, principal, certParamsArray) {
- var params = certParamsArray[certParamsArray.length - 1].assertionParams;
- assert.within(params.expiresAt - params.issuedAt,
- config.get('certificate_validity_ms'),
- 200);
- }
}
}
});
@@ -247,20 +233,6 @@ suite.addBatch({
},
"returns a response with a proper content-type" : function(err, r) {
assert.strictEqual(r.code, 200);
- },
- "upon validation": {
- topic: function(err, r) {
- ca.verifyChain('127.0.0.1', [r.body], this.callback);
- },
- "works": function(err, pk, principal, certParamsArray) {
- assert.isTrue(kp.publicKey.equals(pk));
- },
- "has the correct expiration": function(err, pk, principal, certParamsArray) {
- var params = certParamsArray[certParamsArray.length - 1].assertionParams;
- assert.within(params.expiresAt - params.issuedAt,
- config.get('ephemeral_session_duration_ms'),
- 200);
- }
}
}
});
--
GitLab