Simplify cert generation and mark as CA

github · Aug 11, 2021 · 2fd6ad1 · 2fd6ad1
1 parent a220694
commit 2fd6ad1
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 21 deletions.
diff --git a/src/proxy.ts b/src/proxy.ts
@@ -99,24 +99,10 @@ export class Proxy {
   }
 
   private generateCertificateAuthority(): CertificateAuthority {
-    const keys = crypto.generateKeyPairSync('rsa', {
-      modulusLength: KEY_SIZE,
-      publicKeyEncoding: {
-        type: 'spki',
-        format: 'pem'
-      },
-      privateKeyEncoding: {
-        type: 'pkcs8',
-        format: 'pem'
-      }
-    })
-
-    const prKey = pki.privateKeyFromPem(keys.privateKey)
-    const pubKey = pki.publicKeyFromPem(keys.publicKey)
-
+    const keys = pki.rsa.generateKeyPair(KEY_SIZE)
     const cert = pki.createCertificate()
 
-    cert.publicKey = pubKey
+    cert.publicKey = keys.publicKey
     cert.serialNumber = '01'
     cert.validity.notBefore = new Date()
     cert.validity.notAfter = new Date()
@@ -126,10 +112,12 @@ export class Proxy {
 
     cert.setSubject(CERT_SUBJECT)
     cert.setIssuer(CERT_SUBJECT)
-    cert.sign(prKey)
+    cert.setExtensions([{name: 'basicConstraints', cA: true}])
+    cert.sign(keys.privateKey)
 
-    const pemCert = pki.certificateToPem(cert)
-    return {cert: pemCert, key: keys.privateKey}
+    const pem = pki.certificateToPem(cert)
+    const key = pki.privateKeyToPem(keys.privateKey)
+    return {cert: pem, key}
   }
 
   private async createContainer(
@@ -141,7 +129,7 @@ export class Proxy {
       name: containerName,
       AttachStdout: true,
       AttachStderr: true,
-      Env: [`DEPENDABOT_JOB_ID=${jobID}`],
+      Env: [`JOB_ID=${jobID}`],
       HostConfig: {
         NetworkMode: `job-test-network` // TODO: Dynamically generate network
       }

diff --git a/src/updater.ts b/src/updater.ts
@@ -142,7 +142,6 @@ export class Updater {
         `DEPENDABOT_REPO_CONTENTS_PATH=${REPO_CONTENTS_PATH}`,
         `DEPENDABOT_API_URL=${this.apiClient.params.dependabotAPIURL}`,
         `SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt`,
-        `SSL_CERT_DIR=/etc/ssl/certs`,
         `http_proxy=${this.proxy.url}`,
         `HTTP_PROXY=${this.proxy.url}`,
         `https_proxy=${this.proxy.url}`,