From 0ffab67cc34ebbe6524558da9c123991bac25d5a Mon Sep 17 00:00:00 2001 From: "Nicolas \"Pixel\" Noble" Date: Sun, 12 Aug 2018 10:22:08 +0200 Subject: [PATCH 1/8] Changing certificates around a bit. --- certs/ca.crt | 33 ++++++++++++++++++++++++ certs/localhost-ca.crt | 33 ------------------------ certs/localhost-server.crt | 31 ----------------------- certs/localhost-server.key | 51 -------------------------------------- certs/noauth-server.crt | 31 +++++++++++++++++++++++ certs/noauth-server.key | 51 ++++++++++++++++++++++++++++++++++++++ src/server/game/client.js | 2 +- src/server/lobby/client.js | 2 +- src/server/lobby/server.js | 6 ++--- 9 files changed, 120 insertions(+), 120 deletions(-) create mode 100644 certs/ca.crt delete mode 100644 certs/localhost-ca.crt delete mode 100644 certs/localhost-server.crt delete mode 100644 certs/localhost-server.key create mode 100644 certs/noauth-server.crt create mode 100644 certs/noauth-server.key diff --git a/certs/ca.crt b/certs/ca.crt new file mode 100644 index 0000000..65d1d62 --- /dev/null +++ b/certs/ca.crt @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFyTCCA7GgAwIBAgIJAP/ll9Z0JM6ZMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNV +BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx +DjAMBgNVBAoMBVBhcGFuMRYwFAYDVQQLDA1DZXJ0QXV0aG9yaXR5MRowGAYDVQQD +DBFhdXRoLnBhcGFuLm9ubGluZTAgFw0xODA4MTIwODE4MTlaGA80NzU2MDcwOTA4 +MTgxOVowejELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNV +BAcMCVN1bm55dmFsZTEOMAwGA1UECgwFUGFwYW4xFjAUBgNVBAsMDUNlcnRBdXRo +b3JpdHkxGjAYBgNVBAMMEWF1dGgucGFwYW4ub25saW5lMIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEAtSoPebN+sSipjKhpNX1DCObIKIfaeVrQuycgQWSY +PuIwDPBugoVEzBO8OJ2FpzFzdg0Mm+Rj8yTkPqxIBiTnYQDBsaXiGr9+/dYONUlv +quNdGa7dp+h4yGhnY8rEg8ShagP1pROKdOgTXK7v8QSEcM7vT+gCujTG7gKkwO3w +zvNh4LZ9wK7LmUTwGxlfGo1KqzIMLG02E1NH7Zpo1e1ostdaF4dMS4UkAV4mjoZD +kB8Mg3pt6WVgJHLo0NnHr97IuTn8PvmAMzsJE+4XXAKmZ6Hc03CDK66twCDWV7mq +5lYzz3aZCijUnDqZtQAqajdKTse/AVaDHFu/fJjqWis6I6Paxqdz+9vmCFl/uVUj +AtYDK617trupIyzDcb2gsMQexvt9mq64DvOBkUPZZ1a+sRu8ccU0MrfQQzwA4PMl +iPSu3TS4Dwk5s1iOQMsNOBNTMtVmoGrNLpfQumiksI8GnsJOYPQK77W56PkVtrAc +NyduEiIlLzE6ElplQdhjNokWXdSJ9YP1XF++PTeiFMPFXD1h35q7fXZJLPUtB1N9 +gkusgc3V4JnvUFo7+fjm36HuvsJbozoRqPdzjLnIX4G9t54S617aKv65REb9ddyW +C2YwITZ77Bot4lSsPmyY4jAwCtn0glO27Kwylcbw6O3MFXNSJ8kOHHxHWFx5+LYp +sXMCAwEAAaNQME4wHQYDVR0OBBYEFOVg1pqfHDVFFJI25yvITGLrB7wlMB8GA1Ud +IwQYMBaAFOVg1pqfHDVFFJI25yvITGLrB7wlMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggIBAGd4PrZF7p3QnLMrgcARNHA4tRmhSFti7ThhQPmeOE8CE3Oo +UwA74w3UA2BgIqIpGEne35une1hiaErJQXvdEOIJ+JsZaXdF73EbKNmQpxrgBkjL +lsTS7Go7ksd2pIJoaq7eqRrH0Sb4F9pox/ecAQ4Y6pFjxf1lNkuTQqPqCd1gSumh +8C+kIL07qShy1ysXluWuy8wV8Yp6VNo/zHkhrPNx8s9hsyD2PN29sxUOrMU2rUYj +vP0Gq2m1nkHasAZt7n0sy2ToopcwUKkEkJXJxzwakdbIQnIIbZCGvO+UNwVObNWL +o2TwRWRZc0AXpdanfhBcWaGbNMrvu20T/6OJkrMKsjMu3Ni3/55VQDjHN5USupau +wxNqQmHpNZL++sYJxS885/pYzms6/uy7Sr3uSTSusoLC8EzqYPyyxdiAGM4tS2Y0 +2SaWH43aHaBOQSp1mj3p/sLSNThePCiQ5tPqNR3vJN30FHgbynDM4iMSBCgG8Nek +8VaviP20EPvja1Nd+QiIOhAlSx2RAmxCXYw+dZ/ln/WsL4XK9v1RLLI1nD69Wznd +eu3GR+e9JQOFUEYs7C8cEE8SI9Qx3Z+woo0hrYWZa0T4NT9wZ+rFRDGYR0daY2er +Rg9k+q2Xmo2slckzqLgKbyp9Oc6EO8JfhHADOjmbkafJ9KXHRQRt/YVBlBoQ +-----END CERTIFICATE----- diff --git a/certs/localhost-ca.crt b/certs/localhost-ca.crt deleted file mode 100644 index 32c0e50..0000000 --- a/certs/localhost-ca.crt +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFuTCCA6GgAwIBAgIJAI3epeZCilLFMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNV -BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx -DjAMBgNVBAoMBVBhcGFuMRYwFAYDVQQLDA1DZXJ0QXV0aG9yaXR5MRIwEAYDVQQD -DAlsb2NhbGhvc3QwIBcNMTgwMzE5MTU1MzA0WhgPNDc1NjAyMTQxNTUzMDRaMHIx -CzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5u -eXZhbGUxDjAMBgNVBAoMBVBhcGFuMRYwFAYDVQQLDA1DZXJ0QXV0aG9yaXR5MRIw -EAYDVQQDDAlsb2NhbGhvc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC -AQDC7hJiEJIA9Mr+aC5NoyfIEm3VoTBPrhHUwAJmQP7e3FQWx5b/pupui4mGWzXl -X4bzidZHyD5XHWqScsyKPGCMDLztd93sj0eg8guqOiqdXk3W1TxqejukPChIYAYj -ME2oh0VU9YpueLHTl07uKLZvYBvfoI1nsGS+ZTzpoTDzmvpi3cG5y9T+0tMg2A+i -/Cyiw/WeMN9cJ1YZVSHQtBHMwH9YpwQcbp/Ms+XR/nqb1VhnAQzMIhQZuOckMOIk -kjpMtFBRwWcHCwungEKORJyxeubaOX2qBGh9P1Y4ThwIDkJlCHwMNY1c9fVTSUJr -JM4lKj7mcNWpbrsABfMEi3YcegyAiFrsG4aA4xMu0N6gj0jTY2nHc2wpyX+Pxrnt -J/5ITixDNxZy+c+8BBrzsQSWLvFy2fjzuYSBfVyoW8TQ7enCNzsHuuxyz7b/YmjV -R8mrTT8ApPwvlarN8eoSNYSwHOlClf/U/s5tOfB4nRpBvy0/yiQltXQrmxNQstp1 -fXevOlzgqhu4eZlf6lqq7ulUGYtLS9/qCRPyZv3vr3PgBLIsSP59HD7lo4N0yDZq -wYzzyCvw9wWdgbI7yh+zJf5BQh4wFHoijFFzXMUm9TV9f9jJx3Mu6/0a0eU6EUEy -1paSHtXJtT0wwvE6DF8TTfvW0kfcBf1nP4smyA9wlo+YbwIDAQABo1AwTjAdBgNV -HQ4EFgQULcUfulf5e/mJKBieLIaieT8e+U4wHwYDVR0jBBgwFoAULcUfulf5e/mJ -KBieLIaieT8e+U4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAfNAO -HfTL5fzDszl4/P7P5O2I7zQ+PnIMCVAk6Vy4UeZe23k9kydLMyuhrh1LuYJcPacK -7VRylhlLOncOrc+kIWcB/7ZkI3/UfJFc9xHzzVpu/LCNBXZbMW1uOQnyYQrwbQvk -ptV4Etsd44+ViTVm0nsKPtqovqQf6Gi4rSw4H2PSm/68I2LTDwMj8hRJj84QX3I6 -kNKanITi+OyykZQIzh3qbCtRm5w69BxbkUHdQklsoonc1Ql2I5CopNscvtryQWqL -HQFQTeFf408s25nWzv47QUtjbukThBExa1vxcD25IU+Py37rl2R04+BnXGZU6qPf -oO+ItonErrl3vBx1c9nBoetTi2mLdWaREOlEDWxwGzSgnxGtFPuP4OazPc00+Gv9 -ULwtxooJLPfYcUwT/GJxEjhjo0/bZM1ayBcEdsGLt1K7QVuGDp/7Yks814tqR0pq -5obxudojAShuzlB7w8gRBmzlDBkUsbl9GjfFnK+rGxIWiEvOweY/Lc6QGRdKF5zf -+1ALkAtqdSnPgE4pD+IDyvjDPBvVmRKs2xeIJd9Wb+7VvciS41xCZfFocI84WjXF -+q9fyTKJPsxsB6UVmib/Z1Wf1SbN1U8Bt4AeUS6ciNjHqT3+2x2PmFT4xjDzZtQT -6LvkCB9lN6WLdplpaeDZnbE9c5ZBMl7hdLRhBmk= ------END CERTIFICATE----- diff --git a/certs/localhost-server.crt b/certs/localhost-server.crt deleted file mode 100644 index f3c59be..0000000 --- a/certs/localhost-server.crt +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFUzCCAzsCAQEwDQYJKoZIhvcNAQELBQAwcjELMAkGA1UEBhMCVVMxEzARBgNV -BAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTEOMAwGA1UECgwFUGFw -YW4xFjAUBgNVBAsMDUNlcnRBdXRob3JpdHkxEjAQBgNVBAMMCWxvY2FsaG9zdDAg -Fw0xODAzMTkxNTUzMDRaGA80NzU2MDIxNDE1NTMwNFowazELMAkGA1UEBhMCVVMx -EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTEOMAwGA1UE -CgwFUGFwYW4xDzANBgNVBAsMBlNlcnZlcjESMBAGA1UEAwwJbG9jYWxob3N0MIIC -IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuC5xKFZd50kA3hVv7HXI99Lf -NpvqEni0GtRdseVMwlxTT/h1uDzvASCupt7aCNX70iu61E2ikdWnxNC4WSKPkyv5 -wVxAaY8bhKRFqjHDighup7jdqMTzv+2tnIE6dKopKhvGrfBMWbtLrmt/K95ICctT -xl7PAmMAmG0EIPyHtG4Nv5zuuAZ+5+Q6pyWwSWBgh1HZVxxDMof+0w+wf/vWjxjv -EmMG0Amrlv4TaynOotUKTuuNyCaPdwU7yayjhQiOTRXYRnVnTAhwv0CfUiyAFD0a -DKZgTfu7QbEXtbh4frg/hta1eBIZGbOLj0BVQUB9BHxo6oNZ8wubrp7Y3POs08bJ -tgsGRBxbbGbE2D4Aqmxr8/jClXRcYrOykDIHFVhep8dury/EvoHDwLa0Fk5n0eX/ -8l4aoYqMeUUzCoajnv0kDuZlUpehw4IHUtxWNCQjRsr1znfu0jESnWzcZepf2vrQ -7KDqBdbnfByHwcHCptA2hsY2dPod1OS7CQx4YEY+5IQM0guOr4yEMsnYvObCg7sX -hjh9t2qcgjUlhn3mRPisCMS373eTFxyY3djESmLqaD81WRft+J3xfc+xrzNQY566 -zf+OGCqJjXpTRXWWULVJVVdTeIL3+RlucxqNJL+gyt6Hc6gmr888w/6a2Xx6IPLK -4CDi6SMybwrltDuilmECAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAVlJoV0R1H3B3 -/Q1Lzy8551GDy9GJC4B/ZNuGcJxAeZ+rRDyYmIaxRSAyO9iYpYG0MzoO8LCsDZWy -tbA3EPQGi0jZpRr65KTjaLPN/5i/GT+PGyFe/gDJ+Kxzyp6joJ+ZVy+pV1x5++I1 -kkuVggZ3/IsF/7z+E5I73qkIUgSXftmtFszRKuBdum1UFe/ZY92XeQCcW5fvG/sh -xbnJhUACTKsL0c392+M/YEK73hUCnHnOjGSa7QKW4aF/ZGMCDm3/1gQzTD+kwxL7 -4+eV9ir8HoBeZFnTWN6TvdLqhL/SbGN2qTXjzWTQ2Ifnx9yGFaVrw397UPtc6VF/ -6NZrXWjk8aqaM0nvNhf8SB9lMYnNUVsMwuzK4BD9ZRIRpa+muz/Y6ssEZltCn/q3 -7LuK2tzRo+bum2UdCetDx8JdXK9g4JCM+lBRbdybaLr6m5beWs+1sd/Y2Es7kfCw -juIr7opiXJW19jos2ROoROJxqbjQhupZCUWr1/joSicobzjjGmsmrzUVw0OymY9n -TOW+gWR2tb/Ah6vyDT/VOpdc+xoapJGI9CkcOomXLr1rfk2LtBtrVvd71ZAkdOzN -a4sOMCk7Ty10NNFK/V/Dqdtg/hscwc8FCW+LxgHdK97R9ONfee2lItrUAOPdlaF/ -PvT85Wq2TIUKv2aZsbYOLsaJ5MxyazU= ------END CERTIFICATE----- diff --git a/certs/localhost-server.key b/certs/localhost-server.key deleted file mode 100644 index b000612..0000000 --- a/certs/localhost-server.key +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKAIBAAKCAgEAuC5xKFZd50kA3hVv7HXI99LfNpvqEni0GtRdseVMwlxTT/h1 -uDzvASCupt7aCNX70iu61E2ikdWnxNC4WSKPkyv5wVxAaY8bhKRFqjHDighup7jd -qMTzv+2tnIE6dKopKhvGrfBMWbtLrmt/K95ICctTxl7PAmMAmG0EIPyHtG4Nv5zu -uAZ+5+Q6pyWwSWBgh1HZVxxDMof+0w+wf/vWjxjvEmMG0Amrlv4TaynOotUKTuuN -yCaPdwU7yayjhQiOTRXYRnVnTAhwv0CfUiyAFD0aDKZgTfu7QbEXtbh4frg/hta1 -eBIZGbOLj0BVQUB9BHxo6oNZ8wubrp7Y3POs08bJtgsGRBxbbGbE2D4Aqmxr8/jC -lXRcYrOykDIHFVhep8dury/EvoHDwLa0Fk5n0eX/8l4aoYqMeUUzCoajnv0kDuZl -Upehw4IHUtxWNCQjRsr1znfu0jESnWzcZepf2vrQ7KDqBdbnfByHwcHCptA2hsY2 -dPod1OS7CQx4YEY+5IQM0guOr4yEMsnYvObCg7sXhjh9t2qcgjUlhn3mRPisCMS3 -73eTFxyY3djESmLqaD81WRft+J3xfc+xrzNQY566zf+OGCqJjXpTRXWWULVJVVdT -eIL3+RlucxqNJL+gyt6Hc6gmr888w/6a2Xx6IPLK4CDi6SMybwrltDuilmECAwEA -AQKCAgB4z53SA7TcvPogspcT177XMC7SNzs2mo4o+xvqUKok40KStjshenabmsB1 -HMCQAyyHE8Ac+j+kwSym4PHLJexfcP0GZGir1P8L5mT72mCU7isHQS/EQExSnKjA -e9PIKsWNpWKRPYoXYc+mvURRliBSrFhrSk0nF6GQWhHXQU4SgA3snhfIBhrAKOiA -MyyLNPicSofxp8w8HRB9iVEQ4jQ+8PAAc4xIcc9n34kFRgsQrAVy9vetTf3U6E3r -X55y6MXOsoGG1gPHz9GE4fKfiCkLHXk0yv1oqbKOyIbw3+vJ0zl4TOYDuHtWbHsi -n+RMROy8QI7hJP+feQHJbNB7PisiMMqAdZHdzcGMCydaO1fwO/i5vLFBLxMF1lJ/ -oWG//8dFXM+QUXYjA5/VwzPx9EzhvlETzwE07XjPPV8loxPLnN/vhK7Tct7BUdsR -5KjsdLTxKOeC26/J0uGMx3C8FtdZAb/PQZNu4Xp09djLrGC5UlS1TB9hh50hFLBg -Bn8wURAKj8THyGcBgjnyaPoKDjn/LPSNQ0YmIjtUIRde/4hwMoD5uwl8hKbhs1+a -JhhI19QgTzzoD2E7QjFADsSnEKNpGpklg3ijtnO1RgXy9B+u1rc1VL8T3sa973+8 -T/IhBXrEGMnUEnWQu+ZwPGF3CJ7OUGDCGylXcNn6fNM/QV/YQQKCAQEA7UMgGFfW -blDaeqAChfzz5viCuIUgltk6q2XjjKPcWpMH+51evlucd9/3vu+YKmmV5p604Ph5 -yj0uUzfKJKi3n/iUA2Gmc3rnmAJEwwrsUPz/3e2AlqterKTqJU++gDepZrx/zp8q -a1tBOpH+kVat8sKq5ScUoVx0N8d0i1tlV4T7Cd6Xs75qE9lpX9+1AIpLpXv6T5PZ -GdsLHaBpPWu1soh/YsS5W5YDtu5GYweFAfcnP+qLoRWbz9krpNDcjQaYhjic0W14 -fUc+dY6jtNRxwet+AN4mYKd9dGqNzS9xrhRyICUqnOAtsfdXq2n/3oFv6Vapezx4 -iOxKokvX9KPgvQKCAQEAxromXzG1Hr2MGyVBXzLI9X9Rlbz7F6g9WAZqcwXKPYUV -qPZrhVuTgm3LF/Z8O8Xi7+dKNWE1dLd0vMadJpY4zXZ9H0pS0+MWmr4SOKw/YfIZ -TGf4G1KFS56/u1UVU1D/z4f5C4qG4BgQ9OMN4jFKt+AaF/ZnC9i9078fdOXdzGYK -u2GoxK5QzXjCfRMARm5CefcluHEvU7l+vFyMGHzAtUFDa+NNRieU31uqOG63nBdL -LCOfM/MAhwj9rPtrZ0SdKFwUF2/5mt96h09DDcDsnAEVXellG6cjWiMaERXZzZz2 -y8iQ3IeXSDmDFKbQK/SBZozmkAxUMgbOo0LFmK5gdQKCAQEAoOKbqOYnKbb5750B -GQpl+YEaYzUi3CeBeSgmHQAgM+rvxtb3n+1PNJpSzM57SIdAdpm33bWgIFtMRnHW -SPV/TqKo+4ID9NqqoJEpP3jwthpZBow+XezmzfsmKxbf/uG/pUK9B8c2ZIYEvUqy -bKtyWONYLvtJKgIfbJN7m+Pl3Gr4L8EY7XF5TOxoX/K6MhuVICnpmnyPAtFdwEE+ -G8Al/WJBvx/W8RvQeQMqB4zZzHNj0huhgyG7/j0tMx3N8HNAigNpkznAMnNVDzIi -IETOvsiJMN1y+Keako6OiUxasch7ewC43JfHZJ5sfHfsYV00He3+Dur6cR6JnXQA -hIt7oQKCAQBBH93VUm/djBZvCu16aiUrNrcg0BalMRAxWaDm4t3c/VEU1vRzdohH -tP1ac/9Qg1AUeIJ8Lcgb4McT2i7D53Tj+FGWwH+WSpQsz98ezWvUCEe8H1JSed+O -4Y5JsN9VN3UtqIy3+ISsyZY8+m+hUa//xCQo+Cna2wOScc64O2BNTJ91utJY6hs2 -yr1JycFMU3Pbjl/BKu5sjJx41AdhOvjYLXQP1iSLugryi5Kj/byUHZoX8/CHULo6 -hnrDhn0zEWxDPrGi4KI228fGsfXyeufPVBeReBwXTNWsA1bWhIek9yx1qdu3OYQd -OiO3z9bmoLELT197k17AKjTrkcU5fOPFAoIBAH6G6YwzHSwdQAFLjr22pcNRZPSs -mfcR5A2X8USBn3I2Wvi1mdfJrl3NtVvsytyMDVpJxYmPvLuuGa4q0LFBahtDGolo -CiofZCR9YW9AritBoW0Imu7lfo7le4ZACperekU2g4R2aUO4eJXQnidhoW92rwKk -YDBqQ5N51Ht4+7am4lLrfHyHmCMNUnS10bc6TbA+jjZLUwx0B9G/Cbm2AOh+jP1i -zbeaYXeCq3zSkkbwS7tcn+bvnjh6Sz0ykPqsyH1MBWcjb8cbvYf0X8WGmENM0GU1 -i8lKyQr3qZSejCK+Fk2r19UJBS6o8TZWyYRlU+lIXpgjHHYblDVMbDu1fkQ= ------END RSA PRIVATE KEY----- diff --git a/certs/noauth-server.crt b/certs/noauth-server.crt new file mode 100644 index 0000000..317e793 --- /dev/null +++ b/certs/noauth-server.crt @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFYjCCA0oCAQEwDQYJKoZIhvcNAQELBQAwejELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTEOMAwGA1UECgwFUGFw +YW4xFjAUBgNVBAsMDUNlcnRBdXRob3JpdHkxGjAYBgNVBAMMEWF1dGgucGFwYW4u +b25saW5lMCAXDTE4MDgxMjA4MTgyMFoYDzQ3NTYwNzA5MDgxODIwWjByMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxl +MQ4wDAYDVQQKDAVQYXBhbjEWMBQGA1UECwwNU2VydmVyLU5vQXV0aDESMBAGA1UE +AwwJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxKc3 +5X9y/vgBTIIZt1mhM4QeLWn8mDy3SPNM8AtuESIcFQG57VBgncVx7xavOg58iBP0 +XCCgjl63sd4wWSyLFMIzGwb0U5353IG5koGgHSZgdxpTv0uLL3bh2A8cZXFHXzPc +hwJaCWtmshQZdL8ag8V1MPdfxByX8yYv0k+iJTWPiDm6/YsKy2qZiZ/3PYdOMLzh +trxie5ZWGd5X8S3ffufBTZrWlcs0Ea7CCNtSCCTbWLpMPCdDdenBiMM4qQQem6oB +TdBfGp8eVr0U/wSUhHS3r1V7CsKxQtovu+q8AUzaz2jj0ztx2TSo8H/y/k6iwHFJ +QIKNMVf34uARUT287Dn2olvNZOLH5XxijlWEEYHEV4CECKcAaJ0kA663d8451TIF +pu4yCmcIRPQ/2tmSVW2/nY5MrHuwYxAZRcHzIFmIEQvSUNAcHQkvMbQN032wgpQV +4muJ5MOHHLfFZNaSORv2cSNYZidMehnVeqJ3liozYUeZ8I1D6Wd6WSFianuD9D/t +TUCY0GWkdNPLHrFWBzo50URFa+6c7l4iJITMYZVnpo3rXfUcZQ0t0U7AUtN/bkC6 +VFVpMqBBM30DZ5ERoRMFKQJweImz43c8xv3GmQGJ/myrdR0CzUX4CtuAhCMFRyQL +ZdKi+m4Y+8dPXPeB37mrxC2T3NRVPsgy1oYv5/sCAwEAATANBgkqhkiG9w0BAQsF +AAOCAgEACR+TxZpGnxgGzToOfD/4ZYl8bpE6KOR7ISa+Iz/29/cFvaskojVBi1Yp +uKTAr3f5dzZaMNPC5YDbTfvfwPHUBNEfTCjFqtgNvKlzykMApVi9DAN82YAte6Zj +Qpo78WqkdyxjG5VxFXM/gWXTbbywkSVG63k6opA+fNL8oTqlD3xjRPVn+xg6iUdq +9SAGm4BiRhCBDf3qbxo5M4R6su0kjKxX52rFcsHbLrD/63J5K5WYOYqaRzwazm2f +JDkPUfz9Q9URgr7aO5rQ+nVoPcJmW51ycs538DDlgra/qyqWvl2ZN6EtCGuQszoL +XahCxvmaBJdK+igoxMT+5YQ8AtlUmItjdtNBNWfmX7Tpx7L92E1mpLSqBVF1s9Nd +rAAxiW1sbBbqniT9f5BxsJ6tPOfadFjYb9fSoqG7hM6hVTpjroRAmDqv2EAxR6r0 +qvyHIOZdVFdkdcgKHL5TeO5kgsXAO47y72py/IQ4PQDCgWta49oj7Xg6O1pMSHtB +MIPXTLJMInzBDKb+y2zpaMtlOyaKxohdYhkW5n0G/jc2xe+TV2TAcHtEo4Kkgmq6 +GoQmc8dzofm2NhI4uidHesVk390bdNkdWpDE3fH7+4vS4U7H3WTKDQpaKPW652B6 +kydgxNjJh9HdVRvwWHrH4loFXJ+1qz6AOKyzMU6xcxWIy5dE1js= +-----END CERTIFICATE----- diff --git a/certs/noauth-server.key b/certs/noauth-server.key new file mode 100644 index 0000000..6c7b92a --- /dev/null +++ b/certs/noauth-server.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAxKc35X9y/vgBTIIZt1mhM4QeLWn8mDy3SPNM8AtuESIcFQG5 +7VBgncVx7xavOg58iBP0XCCgjl63sd4wWSyLFMIzGwb0U5353IG5koGgHSZgdxpT +v0uLL3bh2A8cZXFHXzPchwJaCWtmshQZdL8ag8V1MPdfxByX8yYv0k+iJTWPiDm6 +/YsKy2qZiZ/3PYdOMLzhtrxie5ZWGd5X8S3ffufBTZrWlcs0Ea7CCNtSCCTbWLpM +PCdDdenBiMM4qQQem6oBTdBfGp8eVr0U/wSUhHS3r1V7CsKxQtovu+q8AUzaz2jj +0ztx2TSo8H/y/k6iwHFJQIKNMVf34uARUT287Dn2olvNZOLH5XxijlWEEYHEV4CE +CKcAaJ0kA663d8451TIFpu4yCmcIRPQ/2tmSVW2/nY5MrHuwYxAZRcHzIFmIEQvS +UNAcHQkvMbQN032wgpQV4muJ5MOHHLfFZNaSORv2cSNYZidMehnVeqJ3liozYUeZ +8I1D6Wd6WSFianuD9D/tTUCY0GWkdNPLHrFWBzo50URFa+6c7l4iJITMYZVnpo3r +XfUcZQ0t0U7AUtN/bkC6VFVpMqBBM30DZ5ERoRMFKQJweImz43c8xv3GmQGJ/myr +dR0CzUX4CtuAhCMFRyQLZdKi+m4Y+8dPXPeB37mrxC2T3NRVPsgy1oYv5/sCAwEA +AQKCAgEAvoB6/qCTRvn7UCFsRhjWt3ASR843e0a+CzZeXt/DtWdEqvjsIz/NCKmf +8IwaHXSxIKWr/58/ygtpii4CyjADX42tMk5vW51a0kj8+zcFY5estVRUsqi84bMZ +n1MsH/03tbsos8UMcbmQV4xvCJCkX+hl2ZSaOgG1FT/17ZdlLQSQ0deTFFCgmWPf +7tl/CiTMExy2z235PV3qdM7WhHX63xYlRUds/tlFzKdtomTMN8V0k6SNe2xRxqU2 +7YSom9q4x/VNpBLqPoDMRByRfWXzdckXtAtr0YW/cFKrETCZBe1svqYOpa8dX9vK +mIhqXf7RXPmhi5OssZNVOHv1aq0TGFUp9sL6MOzSrcCPWsn3YMz8ZW5PFf6me4ng +epxpsvVYGgrQlYsql/hxSsF4NetjMMbPWgKLZ9+FmU7YD7vNex3BM7DsiJ3vvfag +RRap+qxmZIhe69xCgQ5IXSrKt6ZtZ4AYHyf9oNa4foFhVyF0FMS9MUGofZgOrUAW +x5qsC+p9JtisEOUBjn6e4YAN09vtZIDLbGq6hyRywbr1y8c835FWSVBcWOfAAabL +LcvXtSzuXhSgdaa6KZDeVqnzsGEDizlCUgIdUfohNSI14D/pszfHkZaxzaiSnaGz +7rYGxJASbkiCfWwegsEHncZHcALzgcMdyDCo31eXRqDXIoblx4kCggEBAOgvPNJx +1zpMfvh4PNHcDMaAC+G9ShIKLKkSzEL3gqmM5FlU3vIQaji2z9gPcfYMePRbeL5/ +ZnfRLh3fKKH8GESlVfJLojj4ES+omUq30f695ToEZbb4ofOLR+ZFdi1qZr5wMH0x +LHR81+9DKRarSLzlvCSpDReFO6bixVfbPrwxHGuF0YAfrDOG/rpp/rh0houCTySg +BT5Cn6MBlI0bvKOl+QBhm1MQYiwBGBtOjNYrrb0YM1Xx7ksKPYuOwuBnfpmp+1uA +9YFBwVOFA+PwcukRhnOIwljsvwp5K43N/7IugElc+ZQjk3qYEqC0lWZenaCLzZjG +P1lYAAsCIOsHrkUCggEBANjS/WbvE4PYkJ6taa7G/Na66ZqOc7gHbmiLeXmMFI0E +AljY6M8aE59DMLgHyFLGMj3dk/BbbWIKdEOS1akbff1gPj4N0rS8kbq3x1skVI9o +Skht2b4LwvsLDjjL0qO7W0r7NoogG+kKWOEdiVJt6sC0NxpkumBeUCSV4ox53arX +2hWgnG3zLn5cWVMjFX04fHW7e7pNTrmSMNYjOYnjJFEFTzfYN1Hmni9tNsmbJiM/ +u0KV9EZRjSsnZ+lbeORoW8UlPrUBz2Y5i/ZLLpNDE9G1ToxPRjG2NuzhEdpUp5VG +agjR8JYk/GUYunsravJtcBzLzarkWXDyPnfoapziwT8CggEBALJSxWXjpSfTZJk0 +z5FmbjFuWrHPjbn5Mn/QPi0Yp7PMz/yEII7NaKeSUGNiyWXuAl+6eSvl8S8I62Bp +6m0ujvz59t6WlEsoyxpNZR5ru87ozcsXYX97yfag/GGw66jJ1Yth4vvj7n6w+695 +Z29PshfSYgPOCo4L99qexG5Lpw0msusp5dN/f+Q7RBysF8RXSpaPSHWaqSw+QxkQ +t6UArosJiApw7LiJFr0xQfCHDcfX2CIpGhRiMWBUxxwOU0HCewtN8A1BKE1T0UVy +HaDNJZQ3r4nAeXOOsNM8aOUKV93jtQejbtQF1tkLPxNKXow3Et0hQpCZgkH+Qloy +ElIwnfkCggEALeT7Hj6cstu0QOIT7JrSCeGmcMCWXe20wQxEuiWcc/zVQlknbi7m +2F8wgMOk82BgYhf0qHuxu37a/TKnZxQapvcoNZpXb0o6znr4B6K5A2Hf11TpMgDr +VJgSepMqEt4lhMmH0dTaE4nNJllKJ9h8SC3dPAj2Kk/MRvIy8ekZsn/d+ZX1hpBi +1vxVK/PRKKA8N+9nURfsAfufurPaCgW6OiwViIyLqRpXgVJstl/QwsVKrd1vxzKb +3vaIWCy0eiRcyG4Jx+aKL+keZxOi2CjqmQj3h1uAUCVxmtJJJR2mG0K8TwGhGybZ +Bc0mK8wU5xujD3VUI0gSZoXgEyFu76ZPoQKCAQAvGnX0H8tkjpuEjQyD9vutY8TW +O0cOtuRYEAGrU6pPiae0CrJXowLAbeHULKjP/ihxBU+yITXlbHLAvGohia8uMR2n +ZH7e+/87oPNCsW58ga/rClIGI3xtJBX8YUzHwhKeei10TAbQsjljNOqcW+I5IF5z +W99rrERuwQxR/ewSv9+itBhIONfX/gaSNPPCfGtT0O07JP4zzDj3KVvdp4X19aun ++lqD5Lgmo1IzJZvwUMcRPeKF9Q4sEx2+xoEk2cXq2ZsJBNPxGp0owpLvWMWTxuRp +LOLCiesbgjLo8potAq317YoFmo8y9/FzttEXLL6ufHMmgZBSo5z4muKF6Yim +-----END RSA PRIVATE KEY----- diff --git a/src/server/game/client.js b/src/server/game/client.js index f1278d3..0e44110 100644 --- a/src/server/game/client.js +++ b/src/server/game/client.js @@ -151,7 +151,7 @@ exports.createClient = (gamesList, options) => { const serverAddress = options.lobbyServer + ':' + options.lobbyServerPort const work = [ - PapanServerUtils.readFile(path.join(__dirname, '..', '..', '..', 'certs', 'localhost-ca.crt')), + PapanServerUtils.readFile(path.join(__dirname, '..', '..', '..', 'certs', 'ca.crt')), protoLoader.load('lobby.proto') ] diff --git a/src/server/lobby/client.js b/src/server/lobby/client.js index 75d3abc..46b7254 100644 --- a/src/server/lobby/client.js +++ b/src/server/lobby/client.js @@ -210,7 +210,7 @@ exports.createClient = (clientInterface, options) => { clientInterface.setLobbyConnectionStatus('CONNECTING') const work = [ - PapanServerUtils.readFile(path.join(__dirname, '..', '..', '..', 'certs', 'localhost-ca.crt')), + PapanServerUtils.readFile(path.join(__dirname, '..', '..', '..', 'certs', 'ca.crt')), protoLoader.load('lobby.proto') ] diff --git a/src/server/lobby/server.js b/src/server/lobby/server.js index 7bb5420..6645451 100644 --- a/src/server/lobby/server.js +++ b/src/server/lobby/server.js @@ -21,9 +21,9 @@ exports.registerServer = options => { options = _.defaults(options, serverDefaults) const work = [ - PapanServerUtils.readFile(path.join(__dirname, '..', '..', '..', 'certs', 'localhost-ca.crt')), - PapanServerUtils.readFile(path.join(__dirname, '..', '..', '..', 'certs', 'localhost-server.crt')), - PapanServerUtils.readFile(path.join(__dirname, '..', '..', '..', 'certs', 'localhost-server.key')), + PapanServerUtils.readFile(path.join(__dirname, '..', '..', '..', 'certs', 'ca.crt')), + PapanServerUtils.readFile(path.join(__dirname, '..', '..', '..', 'certs', 'noauth-server.crt')), + PapanServerUtils.readFile(path.join(__dirname, '..', '..', '..', 'certs', 'noauth-server.key')), protoLoader.load('lobby.proto') ] From ce80569318d35fa14b1a29de36b886ddc4b3646a Mon Sep 17 00:00:00 2001 From: "Nicolas \"Pixel\" Noble" Date: Sun, 12 Aug 2018 10:39:41 +0200 Subject: [PATCH 2/8] Add a route in the auth server to request the CA file. --- src/server/auth/server.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/server/auth/server.js b/src/server/auth/server.js index 9e9777b..afa051b 100644 --- a/src/server/auth/server.js +++ b/src/server/auth/server.js @@ -99,7 +99,7 @@ exports.registerServer = (app, config) => { // Static files function sendRoot (res) { - res.sendFile(path.join(root, 'render/auth-index.html')) + res.sendFile(path.join(root, 'render', 'auth-index.html')) } app.use('/src/common', express.static(path.join(root, 'src', 'common'))) app.use('/src/client/auth', express.static(path.join(root, 'src', 'client', 'auth'))) @@ -111,6 +111,7 @@ exports.registerServer = (app, config) => { app.get('/render/main', (req, res) => sendRoot(res)) app.get('/render/login', (req, res) => sendRoot(res)) app.get('/render/profile', (req, res) => sendRoot(res)) + app.get('/certs/ca.crt', (req, res) => res.sendFile(path.join(root, 'certs', 'ca.crt')) // AJAX app.get('/profile/data', (req, res) => res.json( From 5bc3701ccd324525f4c4746c577d84429a229121 Mon Sep 17 00:00:00 2001 From: "Nicolas \"Pixel\" Noble" Date: Sun, 12 Aug 2018 22:12:56 +0200 Subject: [PATCH 3/8] Adding CSR system to auth server. --- package.json | 1 + src/server/auth/server.js | 86 ++++++++++++++++++++++++++++++++++++++- 2 files changed, 86 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index d9414aa..6910350 100644 --- a/package.json +++ b/package.json @@ -84,6 +84,7 @@ "ip": "^1.1.5", "lodash": "^4.17.5", "nat-upnp": "^1.1.1", + "node-forge": "^0.7.5", "openid-client": "^2.0.0", "passport": "^0.4.0", "passport-facebook": "^2.1.1", diff --git a/src/server/auth/server.js b/src/server/auth/server.js index afa051b..c68364a 100644 --- a/src/server/auth/server.js +++ b/src/server/auth/server.js @@ -10,6 +10,9 @@ const session = require('express-session') const pg = require('pg') const PGSession = require('connect-pg-simple')(session) const assert = require('assert') +const forge = require('node-forge') +const pki = forge.pki +const crypto = require('crypto') const passport = require('passport') @@ -42,6 +45,9 @@ exports.registerServer = (app, config) => { let authentications = [] let users let registerProvider + let caKey = null + let caCrtBuffer = null + let caStore = pki.createCaStore() if (!config) config = {} if (!config.pgConfig) config.pgConfig = {} @@ -51,6 +57,24 @@ exports.registerServer = (app, config) => { config.pgConfig.port = config.pgConfig.port || env.PGPORT config.pgConfig.database = config.pgConfig.database || env.PGDATABASE + if (config.caCrt) { + const caCrt = pki.certificateFromPem(config.caCrt) + do { + if (!caCrt) break + const basicConstraints = caCrt.getExtension('basicConstraints') + if (!basicConstraints || !basicConstraints.cA) break + const subject = caCrt.subject + const O = subject.getField('O') + if (!O || O.value !== 'Papan') break + caStore.addCertificate(caCrt) + caCrtBuffer = config.caCrt + } while (false) + } + + if (config.caKey && caCrtBuffer) { + caKey = pki.privateKeyFromPem(config.caKey) + } + return Promise.resolve(userDB.create(config.pgConfig)).then(createdUsers => { // We need to create and migrate the database first thing before going on with the rest of the work. users = createdUsers @@ -111,7 +135,14 @@ exports.registerServer = (app, config) => { app.get('/render/main', (req, res) => sendRoot(res)) app.get('/render/login', (req, res) => sendRoot(res)) app.get('/render/profile', (req, res) => sendRoot(res)) - app.get('/certs/ca.crt', (req, res) => res.sendFile(path.join(root, 'certs', 'ca.crt')) + app.get('/certs/ca.crt', (req, res) => { + if (caCrtBuffer) { + res.type('crt') + res.send(caCrtBuffer) + } else { + res.sendFile(path.join(root, 'certs', 'ca.crt') + } + }) // AJAX app.get('/profile/data', (req, res) => res.json( @@ -151,6 +182,59 @@ exports.registerServer = (app, config) => { app.get('/info', (req, res) => res.json({ authenticated: req.isAuthenticated() })) + app.post('/certs/sign', (req, res) => { + const csrString = req.body.csr + let error = null + do { + if (!csrString) { + error = 'No CSR sent' + break + } + const csr = pki.certificationRequestFromPem(csrString) + if (!csr) { + error = 'Unable to parse CSR' + break + } + const subject = csr.subject + const CN = subject.getField('CN') + const O = subject.getField('O') + const OU = subject.getField('OU') + if (!CN || CN.value !== 'localhost') { + error = 'Invalid CN field in CSR' + break + } + if (!O || O.value !== 'Papan') { + error = 'Invalid O field in CSR' + break + } + if (!OU || OU.value !== 'Server-Ad-Hoc') { + error = 'Invalid OU field in CSR' + break + } + if (!csr.verify()) { + error = 'Couldn\'t verify CSR' + } + const cert = pki.createCertificate() + const now = new Date() + cert.validity.notBefore = now + cert.validity.notAfter.setTime(now.getTime() + 5 * 24 * 60 * 60 * 1000) + cert.setSubject(csr.subject.attributes) + cert.setIssuer(caCrt.subject.attributes) + cert.publicKey = csr.publicKey + crypto.randomBytes(20, (err, buffer) => { + if (buffer[0] > 127) { + buffer[0] -= 128 + } + cert.serialnumber = [...buffer].map(b => b.toString(16)).join('') + cert.sign(caKey) + res.json({ cert: pki.certificateToPem(cert) }) + }) + } while (false) + if (error) { + res.status(400) + res.json({ error: error }) + } + }) // Auth providers logic registerProvider = (provider) => { From 74f4b5f33b9bc34e4c9fbee8a348feae6574809c Mon Sep 17 00:00:00 2001 From: "Nicolas \"Pixel\" Noble" Date: Sun, 12 Aug 2018 23:01:09 +0200 Subject: [PATCH 4/8] Fixing typo... --- src/server/auth/server.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/server/auth/server.js b/src/server/auth/server.js index c68364a..35fc6d9 100644 --- a/src/server/auth/server.js +++ b/src/server/auth/server.js @@ -140,7 +140,7 @@ exports.registerServer = (app, config) => { res.type('crt') res.send(caCrtBuffer) } else { - res.sendFile(path.join(root, 'certs', 'ca.crt') + res.sendFile(path.join(root, 'certs', 'ca.crt')) } }) From 8818e9f20904d873eb8ba465176594dcf21f799b Mon Sep 17 00:00:00 2001 From: "Nicolas \"Pixel\" Noble" Date: Sun, 12 Aug 2018 23:21:32 +0200 Subject: [PATCH 5/8] Better 500 error support. --- package.json | 1 + src/server/auth/server.js | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index 6910350..f402f72 100644 --- a/package.json +++ b/package.json @@ -105,6 +105,7 @@ "request-promise-native": "^1.0.5", "seedrandom": "^2.4.3", "sequelize": "^4.35.2", + "serialize-error": "^2.1.0", "socket.io": "^2.1.0", "socket.io-client": "^2.1.0", "spinkit": "^1.2.5", diff --git a/src/server/auth/server.js b/src/server/auth/server.js index 35fc6d9..76e35be 100644 --- a/src/server/auth/server.js +++ b/src/server/auth/server.js @@ -13,6 +13,7 @@ const assert = require('assert') const forge = require('node-forge') const pki = forge.pki const crypto = require('crypto') +const serializeError = require('serialize-error') const passport = require('passport') @@ -302,7 +303,7 @@ exports.registerServer = (app, config) => { // And finally, catch-all error 500, for future expansion. app.use((err, req, res, next) => { - res.status(500).send(err) + res.status(500).send(serializeError(err)) }) resolve() From a0ba52e20b09faa7b04b15e9be2101d5889ab0bd Mon Sep 17 00:00:00 2001 From: "Nicolas \"Pixel\" Noble" Date: Sun, 12 Aug 2018 23:27:19 +0200 Subject: [PATCH 6/8] Fixing caCrt access. --- src/server/auth/server.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/server/auth/server.js b/src/server/auth/server.js index 76e35be..cef22dc 100644 --- a/src/server/auth/server.js +++ b/src/server/auth/server.js @@ -48,6 +48,7 @@ exports.registerServer = (app, config) => { let registerProvider let caKey = null let caCrtBuffer = null + let caCrtSubject = null let caStore = pki.createCaStore() if (!config) config = {} @@ -69,6 +70,7 @@ exports.registerServer = (app, config) => { if (!O || O.value !== 'Papan') break caStore.addCertificate(caCrt) caCrtBuffer = config.caCrt + caCrtSubject = caCrt.subject } while (false) } @@ -220,7 +222,7 @@ exports.registerServer = (app, config) => { cert.validity.notBefore = now cert.validity.notAfter.setTime(now.getTime() + 5 * 24 * 60 * 60 * 1000) cert.setSubject(csr.subject.attributes) - cert.setIssuer(caCrt.subject.attributes) + cert.setIssuer(caCrtSubject.attributes) cert.publicKey = csr.publicKey crypto.randomBytes(20, (err, buffer) => { if (buffer[0] > 127) { From 205ad12cee154ccfaa124a79ca0bbc746255c965 Mon Sep 17 00:00:00 2001 From: "Nicolas \"Pixel\" Noble" Date: Sun, 12 Aug 2018 23:37:48 +0200 Subject: [PATCH 7/8] Fixing typo. --- src/server/auth/server.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/server/auth/server.js b/src/server/auth/server.js index cef22dc..4c1ff85 100644 --- a/src/server/auth/server.js +++ b/src/server/auth/server.js @@ -228,7 +228,7 @@ exports.registerServer = (app, config) => { if (buffer[0] > 127) { buffer[0] -= 128 } - cert.serialnumber = [...buffer].map(b => b.toString(16)).join('') + cert.serialNumber = [...buffer].map(b => b.toString(16)).join('') cert.sign(caKey) res.json({ cert: pki.certificateToPem(cert) }) }) From 55499b319ac43877accfcf84e935d9e241f9729b Mon Sep 17 00:00:00 2001 From: "Nicolas \"Pixel\" Noble" Date: Mon, 13 Aug 2018 12:54:58 +0200 Subject: [PATCH 8/8] Changing URL from /certs/sign to /certs/csr-sign. --- src/server/auth/server.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/server/auth/server.js b/src/server/auth/server.js index 4c1ff85..c00e8a0 100644 --- a/src/server/auth/server.js +++ b/src/server/auth/server.js @@ -185,7 +185,7 @@ exports.registerServer = (app, config) => { app.get('/info', (req, res) => res.json({ authenticated: req.isAuthenticated() })) - app.post('/certs/sign', (req, res) => { + app.post('/certs/csr-sign', (req, res) => { const csrString = req.body.csr let error = null do {