diff --git a/lib/configuration.js b/lib/configuration.js
index 76a99ccc9042b10c0455d099d0aac7ae504696d8..14d7e5e5e024d68ef185a4c4bcd2d128653c5a6b 100644
--- a/lib/configuration.js
+++ b/lib/configuration.js
@@ -87,6 +87,10 @@ var conf = module.exports = convict({
format: 'string?',
env: 'MYSQL_USER'
},
+ password: {
+ format: 'string?',
+ env: 'MYSQL_PASSWORD'
+ },
create_schema: 'boolean = true',
may_write: 'boolean = true',
name: {
@@ -97,7 +101,6 @@ var conf = module.exports = convict({
format: 'string?',
env: 'MYSQL_PASSWORD'
},
- host: 'string?',
max_query_time_ms: {
format: 'integer = 5000',
doc: "The maximum amount of time we'll allow a query to run before considering the database to be sick",
diff --git a/lib/keysigner/ca.js b/lib/keysigner/ca.js
index 5e95fef85edcc18555b9e8774651e7e553c4eefe..c32076a1e9c8618825ccbce3d4a5bd9608b2dc5e 100644
--- a/lib/keysigner/ca.js
+++ b/lib/keysigner/ca.js
@@ -6,11 +6,8 @@
var jwcrypto = require('jwcrypto'),
cert = jwcrypto.cert,
- path = require("path"),
- fs = require("fs"),
secrets = require('../secrets.js'),
- logger = require('../logging.js').logger,
- urlparse = require('urlparse');
+ logger = require('../logging.js').logger;
// load up the right algorithms
require("jwcrypto/lib/algs/rs");
@@ -38,45 +35,7 @@ function certify(hostname, email, publicKey, expiration, cb) {
secret_key, cb);
}
-// hostname is issuer
-// certChain is an array of raw certs
-// the cb is called with the last public key and principal
-function verifyChain(hostname, certChain, cb) {
- return cert.verifyChain(
- certChain, new Date(),
- function(issuer, next) {
- // for now we only do browserid.org issued keys
- if (issuer != hostname)
- return next("only verifying " + hostname + "-issued keys");
-
- next(null, exports.PUBLIC_KEY);
- }, function(err, certParamsArray) {
- if (err) return cb(err);
-
- var lastParams = certParamsArray[certParamsArray.length - 1];
- cb(null, lastParams.certParams['public-key'], lastParams.certParams.principal, certParamsArray);
- });
-}
-
-function verifyBundle(hostname, bundle, cb) {
- return cert.verifyBundle(
- bundle, new Date(),
- function(issuer, next) {
- // for now we only do browserid.org issued keys
- if (issuer != hostname)
- return next("only verifying " + hostname + "-issued keys");
-
- next(null, exports.PUBLIC_KEY);
- }, function(err, certParamsArray, payload, assertionParams) {
- if (err) return cb(err);
-
- cb(null, certParamsArray, payload, assertionParams);
- });
-}
-
// exports, not the key stuff
exports.certify = certify;
-exports.verifyChain = verifyChain;
-exports.verifyBundle = verifyBundle;
exports.parsePublicKey = parsePublicKey;
exports.PUBLIC_KEY = public_key;
diff --git a/tests/ca-test.js b/tests/ca-test.js
index 43e1ccefc0aeac5ade5e2ae31a8424f8c6871e84..04a1ac4cc1028ab2a766ac64f235f552374cf0df 100755
--- a/tests/ca-test.js
+++ b/tests/ca-test.js
@@ -8,13 +8,8 @@ require('./lib/test_env.js');
const assert = require('assert'),
vows = require('vows'),
-start_stop = require('./lib/start-stop.js'),
-wsapi = require('./lib/wsapi.js'),
-email = require('../lib/email.js'),
ca = require('../lib/keysigner/ca.js'),
-jwcrypto = require('jwcrypto'),
-cert = jwcrypto.cert,
-assertion = jwcrypto.assertion;
+jwcrypto = require('jwcrypto');
// algorithms
require("jwcrypto/lib/algs/rs");
@@ -53,16 +48,6 @@ suite.addBatch({
},
"looks ok" : function(err, cert_raw) {
assert.equal(cert_raw.split(".").length, 3);
- },
- "upon verification": {
- topic: function(err, cert_raw) {
- ca.verifyChain(issuer, [cert_raw], this.callback);
- },
- "verifies": function(err, pk, principal) {
- assert.isNull(err);
- assert.isTrue(kp.publicKey.equals(pk));
- assert.equal(principal.email, email_addr);
- }
}
}
}
diff --git a/tests/cert-emails-test.js b/tests/cert-emails-test.js
index dab8fa36775d5adcbbc4708da14832e565def5f8..904236a4d855373961d48550ae60acd6bdd3ad97 100755
--- a/tests/cert-emails-test.js
+++ b/tests/cert-emails-test.js
@@ -10,7 +10,6 @@ const assert = require('assert'),
vows = require('vows'),
start_stop = require('./lib/start-stop.js'),
wsapi = require('./lib/wsapi.js'),
-email = require('../lib/email.js'),
ca = require('../lib/keysigner/ca.js'),
jwcrypto = require("jwcrypto");
@@ -120,16 +119,6 @@ suite.addBatch({
"returns a response with a proper content-type" : function(err, r) {
assert.strictEqual(r.code, 200);
},
- "returns a proper cert": {
- topic: function(err, r) {
- ca.verifyChain('127.0.0.1', [r.body], this.callback);
- },
- "that verifies": function(err, pk, principal) {
- assert.isNull(err);
- assert.equal(principal.email, 'syncer@somehost.com');
- assert.equal(kp.publicKey.serialize(), pk.serialize());
- }
- },
"generate an assertion": {
topic: function(err, r) {
var serializedCert = r.body.toString();
@@ -150,22 +139,6 @@ suite.addBatch({
assert.equal(certs_and_assertion.certificates[0].split(".").length, 3);
assert.equal(certs_and_assertion.assertion.split(".").length, 3);
},
- "assertion verifies": {
- topic: function(err, certs_and_assertion) {
- // bundle and verify
- var bundle = jwcrypto.cert.bundle(certs_and_assertion.certificates, certs_and_assertion.assertion);
-
- var cb = this.callback;
- // extract public key at the tail of the chain
- ca.verifyBundle('127.0.0.1', bundle, this.callback);
- },
- "verifies": function(err, certParamsArray, payload, assertionParams) {
- assert.isNull(err);
- assert.isArray(certParamsArray);
- assert.isObject(payload);
- assert.isObject(assertionParams);
- }
- }
}
},
"cert key invoked proper arguments but incorrect email address": {
diff --git a/tests/session-duration-test.js b/tests/session-duration-test.js
index ae63d111655951967ce5dbdcf9870095ca25a63d..a28c7f20f7333e4790dc1621948e06e272a1542b 100755
--- a/tests/session-duration-test.js
+++ b/tests/session-duration-test.js
@@ -218,20 +218,6 @@ suite.addBatch({
},
"returns a response with a proper content-type" : function(err, r) {
assert.strictEqual(r.code, 200);
- },
- "upon validation": {
- topic: function(err, r) {
- ca.verifyChain('127.0.0.1', [r.body], this.callback);
- },
- "works": function(err, pk, principal, certParamsArray) {
- assert.isTrue(kp.publicKey.equals(pk));
- },
- "has the correct expiration": function(err, pk, principal, certParamsArray) {
- var params = certParamsArray[certParamsArray.length - 1].assertionParams;
- assert.within(params.expiresAt - params.issuedAt,
- config.get('certificate_validity_ms'),
- 200);
- }
}
}
});
@@ -247,20 +233,6 @@ suite.addBatch({
},
"returns a response with a proper content-type" : function(err, r) {
assert.strictEqual(r.code, 200);
- },
- "upon validation": {
- topic: function(err, r) {
- ca.verifyChain('127.0.0.1', [r.body], this.callback);
- },
- "works": function(err, pk, principal, certParamsArray) {
- assert.isTrue(kp.publicKey.equals(pk));
- },
- "has the correct expiration": function(err, pk, principal, certParamsArray) {
- var params = certParamsArray[certParamsArray.length - 1].assertionParams;
- assert.within(params.expiresAt - params.issuedAt,
- config.get('ephemeral_session_duration_ms'),
- 200);
- }
}
}
});