npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

authserver

v1.0.0

Published

<b>This is a Node.js microservice to enroll, revoke and verify certs, stored in Redis.</b>

Downloads

6

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

evanxevanx

Keywords

Readme

Certserver - a microservice to manage SSL certificates

This is a Node.js microservice to enroll, revoke and verify certs, stored in Redis.

See this app's entry point: lib/app_certserver.js.

This side project is developed as an exercise in Node crypto. As such, do not use it in production without thorough testing and review.

See: http://redis.io/topics/security

Bash test script

As per usual, git clone and npm install

Run the following bash script to generate test certs using openssl: scripts/certGen.sh

Then run the test script: scripts/test.sh

The test script assumes that a local Redis server is running on its default port (6379).

sudo apt-get install redis-server
sudo service start redis-server

git clone https://github.com/evanx/certserver.git
cd certserver
npm install

sh scripts/certGen.sh
sh scripts/test.sh

When the app is running, you can view the URL https://localhost:8443/help in your browser. Actually this should just render this README.md. Incidently any request without a client cert, is redirected to /help. Since a self-signed server certificate is used, your browser will issue an "unsafe" warning.

~/certserver$ sh scripts/test.sh 

CA_CERT tmp/certs/ca.cert
SERVER_CERT tmp/certs/server.cert
SERVER_KEY tmp/certs/server.key
ENV_TYPE test
APP_PORT 8443
REDIS_HOST 127.0.0.1
REDIS_PORT 6379
...

Test requests

The test script uses curl to send client-authenticated HTTPS requests to the service, using the "app" certificate.

POST /cert/client0 data:tmp/certs/client0.cert
{"fingerprint":"98:BB:5C:7F:ED:A7:36:83:C4:6B:D7:8F:DD:74:B4:52:A0:0E:8A:59"}

POST /auth/client0 data:tmp/certs/client0.cert
{"message":"public key matches"}

POST /auth/client0 data:tmp/certs/client1.cert
{"error":"invalid public key"} 

GET /fingerprint/client0
98:BB:5C:7F:ED:A7:36:83:C4:6B:D7:8F:DD:74:B4:52:A0:0E:8A:59

GET /auth/client0/98:BB:5C:7F:ED:A7:36:83:C4:6B:D7:8F:DD:74:B4:52:A0:0E:8A:59
{"message":"fingerprint matches"}

GET /auth/client0/98:BB:5C:7F:ED:A7:36:83:C4:6B:D7:8F:DD:74:B4:52:A0:0E:8A:59/qwerty
{"error":"invalid public key"} 

GET /auth/client0/qwerty
{"error":"invalid fingerprint"}

GET /revoke/client0
{"message":"added to revocation list"}

GET /auth/client0/98:BB:5C:7F:ED:A7:36:83:C4:6B:D7:8F:DD:74:B4:52:A0:0E:8A:59
{"error":"revoked"}

where client0 is the common name of a client certificate we want to enroll, and later verify when the client connects to our app, e.g. via a "dynamic truststore" e.g. see my Client Authentication Java article.

Redis data

The following Redis CLI command shows the data saved in Redis, where each cert has a hashset.

$ redis-cli hkeys cert:client0
1) "fingerprint"
2) "publicKey"
3) "cert"
4) "pem"

The following Redis CLI command shows our revocation list.

$ redis-cli smembers cert:revoked
1) "client0"

Other resources

Another crypto project: https://github.com/evanx/cryptoserver

Wiki home: https://github.com/evanx/vellum/wiki