feat: add did as SubjectAlternativeName extension inside the autosign…

…ed certificate
ForkbombEu · Dec 13, 2024 · 2b0f737 · 2b0f737
1 parent a16ba3c
commit 2b0f737
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 8 deletions.
diff --git a/webapp/src/lib/certificates/autosigned-certificate.ts b/webapp/src/lib/certificates/autosigned-certificate.ts
@@ -16,10 +16,10 @@ const ALGORITHM: EcKeyGenParams = {
 
 //
 
-export async function createAutosignedCertificateData(username: string): Promise<CertificateData> {
+export async function createAutosignedCertificateData(username: string, did: string): Promise<CertificateData> {
 	const keyPair = await generateKeyPair();
 	return {
-		certificate: await createAutosignedCertificate(keyPair, username),
+		certificate: await createAutosignedCertificate(keyPair, username, did),
 		key: await createAutosignedCertificateKey(keyPair)
 	};
 }
@@ -40,11 +40,11 @@ async function createAutosignedCertificateKey(keyPair: CryptoKeyPair): Promise<C
 	};
 }
 
-async function createAutosignedCertificate(keyPair: CryptoKeyPair, username: string): Promise<Certificate> {
+async function createAutosignedCertificate(keyPair: CryptoKeyPair, username: string, did: string): Promise<Certificate> {
 	// compute date for certificate, valid from yesterday for an year
-	var yesterday = new Date();
+	const yesterday = new Date();
 	yesterday.setDate(yesterday.getDate() - 1);
-	var year = new Date();
+	const year = new Date();
 	year.setFullYear(yesterday.getFullYear() + 1);
 
 	// certificate
@@ -62,7 +62,8 @@ async function createAutosignedCertificate(keyPair: CryptoKeyPair, username: str
 				x509.KeyUsageFlags.keyCertSign | x509.KeyUsageFlags.cRLSign,
 				true
 			),
-			await x509.SubjectKeyIdentifierExtension.create(keyPair.publicKey)
+			await x509.SubjectKeyIdentifierExtension.create(keyPair.publicKey),
+			new x509.SubjectAlternativeNameExtension([{ type: 'url', value: did }])
 		]
 	});
 	const parsedCert = cert.toString('pem').split('\n').slice(1, -1).join('');
@@ -84,7 +85,7 @@ function url64ToBase64(input: string): string {
 	input = input.replace(/-/g, '+').replace(/_/g, '/');
 
 	// Pad out with standard base64 required padding characters
-	var pad = input.length % 4;
+	const pad = input.length % 4;
 	if (pad) {
 		if (pad === 1) {
 			throw new Error(

diff --git a/webapp/src/routes/[[lang]]/my/certificates/_partials/autosignedCertificateForm.svelte b/webapp/src/routes/[[lang]]/my/certificates/_partials/autosignedCertificateForm.svelte
@@ -11,6 +11,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 	import { nanoid } from 'nanoid';
 	import { z } from 'zod';
 	import { currentUser } from '$lib/pocketbase';
+	import { getUserPublicKeys } from '$lib/keypairoom/utils';
 	import { m } from '$lib/i18n';
 
 	export let onComplete = () => {};
@@ -23,7 +24,9 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 		schema,
 		async ({ form }) => {
 			const { data } = form;
-			const certificateData = await createAutosignedCertificateData($currentUser!.name);
+			const userPublicKeys = await getUserPublicKeys();
+			const eddsaPublicKey = userPublicKeys?.eddsa_public_key;
+			const certificateData = await createAutosignedCertificateData($currentUser!.name, `did:dyne:sandbox.signroom:${eddsaPublicKey}`);
 			await saveCertificate(data.name, certificateData, $currentUser!.id);
 			onComplete();
 		},