diff --git a/lib/admin/admin-support.js b/lib/admin/admin-support.js index 0ac54414..950827da 100644 --- a/lib/admin/admin-support.js +++ b/lib/admin/admin-support.js @@ -14,10 +14,6 @@ const logs = require('../logs') const supportLogs = require('../support_logs') const options = require('../options') -const caOptions = { - ca: '/etc/ssl/certs/Lamassu_CA.pem' -} - app.use(morgan('dev')) app.use(helmet({noCache: true})) app.use(cookieParser()) @@ -29,7 +25,7 @@ app.use(serveStatic(path.resolve(__dirname, '..', '..', 'public'), { const certOptions = { key: fs.readFileSync(options.keyPath), cert: fs.readFileSync(options.certPath), - ca: [fs.readFileSync(caOptions.ca)], + ca: [fs.readFileSync(options.lamassuCaPath)], requestCert: true, rejectUnauthorized: true } diff --git a/package-lock.json b/package-lock.json index bb1219d5..010d8605 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "lamassu-server", - "version": "5.5.21", + "version": "5.5.27", "lockfileVersion": 1, "requires": true, "dependencies": { @@ -75,6 +75,13 @@ "resolved": "https://registry.npmjs.org/@fczbkk/uuid4/-/uuid4-3.0.0.tgz", "integrity": "sha1-lksiHLlV4csPBEdnqWaCgCOjhLs=" }, + "abbrev": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz", + "integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==", + "dev": true, + "optional": true + }, "accepts": { "version": "1.3.3", "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.3.tgz", @@ -1184,6 +1191,15 @@ "resolved": "https://registry.npmjs.org/blob/-/blob-0.0.4.tgz", "integrity": "sha1-vPEwUspURj8w+fx+lbmkdjCpSSE=" }, + "block-stream": { + "version": "0.0.9", + "resolved": "https://registry.npmjs.org/block-stream/-/block-stream-0.0.9.tgz", + "integrity": "sha1-E+v+d4oDIFz+A3UUgeu0szAMEmo=", + "dev": true, + "requires": { + "inherits": "2.0.3" + } + }, "bluebird": { "version": "3.5.0", "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.5.0.tgz", @@ -2219,6 +2235,13 @@ "repeating": "2.0.1" } }, + "detect-libc": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-1.0.3.tgz", + "integrity": "sha1-+hN8S9aY7fVc1c0CrFWfkaTEups=", + "dev": true, + "optional": true + }, "diff": { "version": "3.2.0", "resolved": "https://registry.npmjs.org/diff/-/diff-3.2.0.tgz", @@ -2983,7 +3006,7 @@ "optional": true, "requires": { "nan": "2.6.2", - "node-pre-gyp": "0.6.36" + "node-pre-gyp": "0.6.39" }, "dependencies": { "abbrev": { @@ -2998,10 +3021,6 @@ "json-stable-stringify": "1.0.1" } }, - "ansi-regex": { - "version": "2.1.1", - "bundled": true - }, "aproba": { "version": "1.1.1", "bundled": true @@ -3016,10 +3035,6 @@ "version": "0.2.3", "bundled": true }, - "assert-plus": { - "version": "0.2.0", - "bundled": true - }, "asynckit": { "version": "0.4.0", "bundled": true @@ -3036,27 +3051,6 @@ "version": "0.4.2", "bundled": true }, - "bcrypt-pbkdf": { - "version": "1.0.1", - "bundled": true, - "requires": { - "tweetnacl": "0.14.5" - } - }, - "block-stream": { - "version": "0.0.9", - "bundled": true, - "requires": { - "inherits": "2.0.3" - } - }, - "boom": { - "version": "2.10.1", - "bundled": true, - "requires": { - "hoek": "2.16.3" - } - }, "brace-expansion": { "version": "1.1.7", "bundled": true, @@ -3076,17 +3070,6 @@ "version": "4.6.0", "bundled": true }, - "code-point-at": { - "version": "1.1.0", - "bundled": true - }, - "combined-stream": { - "version": "1.0.5", - "bundled": true, - "requires": { - "delayed-stream": "1.0.0" - } - }, "concat-map": { "version": "0.0.1", "bundled": true @@ -3099,26 +3082,6 @@ "version": "1.0.2", "bundled": true }, - "cryptiles": { - "version": "2.0.5", - "bundled": true, - "requires": { - "boom": "2.10.1" - } - }, - "dashdash": { - "version": "1.14.1", - "bundled": true, - "requires": { - "assert-plus": "1.0.0" - }, - "dependencies": { - "assert-plus": { - "version": "1.0.0", - "bundled": true - } - } - }, "debug": { "version": "2.6.8", "bundled": true, @@ -3131,10 +3094,6 @@ "dev": true, "optional": true }, - "delayed-stream": { - "version": "1.0.0", - "bundled": true - }, "delegates": { "version": "1.0.0", "bundled": true @@ -3152,10 +3111,6 @@ "dev": true, "optional": true }, - "extsprintf": { - "version": "1.0.2", - "bundled": true - }, "forever-agent": { "version": "0.6.1", "bundled": true @@ -3170,20 +3125,6 @@ "version": "1.0.0", "bundled": true }, - "fstream": { - "version": "1.0.11", - "bundled": true, - "dev": true - }, - "fstream-ignore": { - "version": "1.0.5", - "bundled": true, - "requires": { - "fstream": "1.0.11", - "inherits": "2.0.3", - "minimatch": "3.0.4" - } - }, "gauge": { "version": "2.7.4", "bundled": true, @@ -3209,10 +3150,6 @@ "bundled": true, "dev": true }, - "graceful-fs": { - "version": "4.1.11", - "bundled": true - }, "har-schema": { "version": "1.0.5", "bundled": true @@ -3227,52 +3164,10 @@ "version": "2.0.1", "bundled": true }, - "hawk": { - "version": "3.1.3", - "bundled": true, - "requires": { - "boom": "2.10.1", - "cryptiles": "2.0.5", - "hoek": "2.16.3", - "sntp": "1.0.9" - } - }, - "hoek": { - "version": "2.16.3", - "bundled": true - }, - "http-signature": { - "version": "1.1.1", - "bundled": true, - "requires": { - "assert-plus": "0.2.0", - "jsprim": "1.4.0", - "sshpk": "1.13.0" - } - }, - "inflight": { - "version": "1.0.6", - "bundled": true, - "requires": { - "once": "1.4.0", - "wrappy": "1.0.2" - } - }, - "inherits": { - "version": "2.0.3", - "bundled": true - }, "ini": { "version": "1.3.4", "bundled": true }, - "is-fullwidth-code-point": { - "version": "1.0.0", - "bundled": true, - "requires": { - "number-is-nan": "1.0.1" - } - }, "is-typedarray": { "version": "1.0.0", "bundled": true @@ -3285,17 +3180,6 @@ "version": "0.1.2", "bundled": true }, - "jodid25519": { - "version": "1.0.2", - "bundled": true, - "requires": { - "jsbn": "0.1.1" - } - }, - "jsbn": { - "version": "0.1.1", - "bundled": true - }, "json-schema": { "version": "0.2.3", "bundled": true @@ -3315,20 +3199,6 @@ "version": "0.0.0", "bundled": true }, - "jsprim": { - "version": "1.4.0", - "bundled": true, - "dev": true, - "optional": true, - "dependencies": { - "assert-plus": { - "version": "1.0.0", - "bundled": true, - "dev": true, - "optional": true - } - } - }, "mime-db": { "version": "1.27.0", "bundled": true, @@ -3339,34 +3209,12 @@ "bundled": true, "dev": true }, - "minimatch": { - "version": "3.0.4", - "bundled": true, - "dev": true - }, - "minimist": { - "version": "0.0.8", - "bundled": true - }, - "mkdirp": { - "version": "0.5.1", - "bundled": true, - "requires": { - "minimist": "0.0.8" - } - }, "ms": { "version": "2.0.0", "bundled": true, "dev": true, "optional": true }, - "node-pre-gyp": { - "version": "0.6.36", - "bundled": true, - "dev": true, - "optional": true - }, "nopt": { "version": "4.0.1", "bundled": true, @@ -3379,10 +3227,6 @@ "dev": true, "optional": true }, - "number-is-nan": { - "version": "1.0.1", - "bundled": true - }, "oauth-sign": { "version": "0.8.2", "bundled": true @@ -3391,13 +3235,6 @@ "version": "4.1.1", "bundled": true }, - "once": { - "version": "1.4.0", - "bundled": true, - "requires": { - "wrappy": "1.0.2" - } - }, "os-homedir": { "version": "1.0.2", "bundled": true @@ -3426,10 +3263,6 @@ "version": "1.0.7", "bundled": true }, - "punycode": { - "version": "1.4.1", - "bundled": true - }, "qs": { "version": "6.4.0", "bundled": true, @@ -3461,11 +3294,6 @@ "dev": true, "optional": true }, - "rimraf": { - "version": "2.6.1", - "bundled": true, - "dev": true - }, "safe-buffer": { "version": "5.0.1", "bundled": true @@ -3482,88 +3310,31 @@ "version": "3.0.2", "bundled": true }, - "sntp": { - "version": "1.0.9", - "bundled": true, - "requires": { - "hoek": "2.16.3" - } - }, - "sshpk": { - "version": "1.13.0", - "bundled": true, - "dev": true, - "optional": true, - "dependencies": { - "assert-plus": { - "version": "1.0.0", - "bundled": true, - "dev": true, - "optional": true - } - } - }, "string_decoder": { "version": "1.0.1", "bundled": true, "dev": true }, - "string-width": { - "version": "1.0.2", - "bundled": true, - "requires": { - "code-point-at": "1.1.0", - "is-fullwidth-code-point": "1.0.0", - "strip-ansi": "3.0.1" - } - }, "stringstream": { "version": "0.0.5", "bundled": true }, - "strip-ansi": { - "version": "3.0.1", - "bundled": true, - "requires": { - "ansi-regex": "2.1.1" - } - }, "strip-json-comments": { "version": "2.0.1", "bundled": true }, - "tar": { - "version": "2.2.1", - "bundled": true, - "requires": { - "block-stream": "0.0.9", - "fstream": "1.0.11", - "inherits": "2.0.3" - } - }, "tar-pack": { "version": "3.4.0", "bundled": true, "dev": true, "optional": true }, - "tough-cookie": { - "version": "2.3.2", - "bundled": true, - "requires": { - "punycode": "1.4.1" - } - }, "tunnel-agent": { "version": "0.6.0", "bundled": true, "dev": true, "optional": true }, - "tweetnacl": { - "version": "0.14.5", - "bundled": true - }, "uid-number": { "version": "0.0.6", "bundled": true @@ -3576,25 +3347,38 @@ "version": "3.0.1", "bundled": true }, - "verror": { - "version": "1.3.6", - "bundled": true, - "requires": { - "extsprintf": "1.0.2" - } - }, "wide-align": { "version": "1.1.2", "bundled": true, "dev": true, "optional": true - }, - "wrappy": { - "version": "1.0.2", - "bundled": true } } }, + "fstream": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/fstream/-/fstream-1.0.11.tgz", + "integrity": "sha1-XB+x8RdHcRTwYyoOtLcbPLD9MXE=", + "dev": true, + "requires": { + "graceful-fs": "4.1.11", + "inherits": "2.0.3", + "mkdirp": "0.5.1", + "rimraf": "2.6.2" + } + }, + "fstream-ignore": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/fstream-ignore/-/fstream-ignore-1.0.5.tgz", + "integrity": "sha1-nDHa40dnAY/h0kmyTa2mfQktoQU=", + "dev": true, + "optional": true, + "requires": { + "fstream": "1.0.11", + "inherits": "2.0.3", + "minimatch": "3.0.4" + } + }, "ftp": { "version": "0.3.10", "resolved": "https://registry.npmjs.org/ftp/-/ftp-0.3.10.tgz", @@ -4569,8 +4353,7 @@ "jsbn": { "version": "0.1.1", "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz", - "integrity": "sha1-peZUwuWi3rXyAdls77yoDA7y9RM=", - "optional": true + "integrity": "sha1-peZUwuWi3rXyAdls77yoDA7y9RM=" }, "jschardet": { "version": "1.5.1", @@ -5162,11 +4945,51 @@ "superagent-proxy": "1.0.2" } }, + "node-pre-gyp": { + "version": "0.6.39", + "resolved": "https://registry.npmjs.org/node-pre-gyp/-/node-pre-gyp-0.6.39.tgz", + "integrity": "sha512-OsJV74qxnvz/AMGgcfZoDaeDXKD3oY3QVIbBmwszTFkRisTSXbMQyn4UWzUMOtA5SVhrBZOTp0wcoSBgfMfMmQ==", + "dev": true, + "optional": true, + "requires": { + "detect-libc": "1.0.3", + "hawk": "3.1.3", + "mkdirp": "0.5.1", + "nopt": "4.0.1", + "npmlog": "4.1.2", + "rc": "1.2.1", + "request": "2.81.0", + "rimraf": "2.6.2", + "semver": "5.4.1", + "tar": "2.2.1", + "tar-pack": "3.4.1" + }, + "dependencies": { + "semver": { + "version": "5.4.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.4.1.tgz", + "integrity": "sha512-WfG/X9+oATh81XtllIo/I8gOiY9EXRdv1cQdyykeXK17YcUW3EXUAi2To4pcH6nZtJPr7ZOpM5OMyWJZm+8Rsg==", + "dev": true, + "optional": true + } + } + }, "noop-logger": { "version": "0.1.1", "resolved": "https://registry.npmjs.org/noop-logger/-/noop-logger-0.1.1.tgz", "integrity": "sha1-lKKxYzxPExdVMAfYlm/Q6EG2pMI=" }, + "nopt": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/nopt/-/nopt-4.0.1.tgz", + "integrity": "sha1-0NRoWv1UFRk8jHUFYC0NF81kR00=", + "dev": true, + "optional": true, + "requires": { + "abbrev": "1.1.1", + "osenv": "0.1.4" + } + }, "normalize-package-data": { "version": "2.4.0", "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.4.0.tgz", @@ -5326,6 +5149,17 @@ "resolved": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz", "integrity": "sha1-u+Z0BseaqFxc/sdm/lc0VV36EnQ=" }, + "osenv": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/osenv/-/osenv-0.1.4.tgz", + "integrity": "sha1-Qv5tWVPfBsgGS+bxdsPQWqqjRkQ=", + "dev": true, + "optional": true, + "requires": { + "os-homedir": "1.0.2", + "os-tmpdir": "1.0.2" + } + }, "p-cancelable": { "version": "0.3.0", "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-0.3.0.tgz", @@ -6317,6 +6151,15 @@ "signal-exit": "3.0.2" } }, + "rimraf": { + "version": "2.6.2", + "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.6.2.tgz", + "integrity": "sha512-lreewLK/BlghmxtfH36YYVg1i8IAce4TI7oao75I1g245+6BctqTVQiBP3YUJ9C6DQOXJmkYR9X9fCLtCOJc5w==", + "dev": true, + "requires": { + "glob": "7.1.2" + } + }, "ripemd160": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/ripemd160/-/ripemd160-2.0.1.tgz", @@ -6906,14 +6749,6 @@ "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.3.1.tgz", "integrity": "sha1-+vUbnrdKrvOzrPStX2Gr8ky3uT4=" }, - "string_decoder": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.0.3.tgz", - "integrity": "sha512-4AH6Z5fzNNBcH+6XDMfA/BTt87skxqJlO0lAh3Dker5zThcAxG6mKz+iGu308UKoPPQ8Dcqx/4JhujzltRa+hQ==", - "requires": { - "safe-buffer": "5.1.1" - } - }, "string-width": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/string-width/-/string-width-1.0.2.tgz", @@ -6924,6 +6759,14 @@ "strip-ansi": "3.0.1" } }, + "string_decoder": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.0.3.tgz", + "integrity": "sha512-4AH6Z5fzNNBcH+6XDMfA/BTt87skxqJlO0lAh3Dker5zThcAxG6mKz+iGu308UKoPPQ8Dcqx/4JhujzltRa+hQ==", + "requires": { + "safe-buffer": "5.1.1" + } + }, "stringstream": { "version": "0.0.5", "resolved": "https://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz", @@ -7010,6 +6853,17 @@ "integrity": "sha1-lag9smGG1q9+ehjb2XYKL4bQj0A=", "dev": true }, + "tar": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/tar/-/tar-2.2.1.tgz", + "integrity": "sha1-jk0qJWwOIYXGsYrWlK7JaLg8sdE=", + "dev": true, + "requires": { + "block-stream": "0.0.9", + "fstream": "1.0.11", + "inherits": "2.0.3" + } + }, "tar-fs": { "version": "1.15.3", "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-1.15.3.tgz", @@ -7021,6 +6875,23 @@ "tar-stream": "1.5.4" } }, + "tar-pack": { + "version": "3.4.1", + "resolved": "https://registry.npmjs.org/tar-pack/-/tar-pack-3.4.1.tgz", + "integrity": "sha512-PPRybI9+jM5tjtCbN2cxmmRU7YmqT3Zv/UDy48tAh2XRkLa9bAORtSWLkVc13+GJF+cdTh1yEnHEk3cpTaL5Kg==", + "dev": true, + "optional": true, + "requires": { + "debug": "2.6.8", + "fstream": "1.0.11", + "fstream-ignore": "1.0.5", + "once": "1.4.0", + "readable-stream": "2.3.3", + "rimraf": "2.6.2", + "tar": "2.2.1", + "uid-number": "0.0.6" + } + }, "tar-stream": { "version": "1.5.4", "resolved": "https://registry.npmjs.org/tar-stream/-/tar-stream-1.5.4.tgz", @@ -7245,6 +7116,13 @@ "inherits": "2.0.3" } }, + "uid-number": { + "version": "0.0.6", + "resolved": "https://registry.npmjs.org/uid-number/-/uid-number-0.0.6.tgz", + "integrity": "sha1-DqEOgDXo61uOREnwbaHHMGY7qoE=", + "dev": true, + "optional": true + }, "uid2": { "version": "0.0.3", "resolved": "https://registry.npmjs.org/uid2/-/uid2-0.0.3.tgz", diff --git a/tools/create-lamassu-ca.sh b/tools/create-lamassu-ca.sh new file mode 100644 index 00000000..4c80abb8 --- /dev/null +++ b/tools/create-lamassu-ca.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env bash +# This is for setting up cryptographic certificates for a development environment +set -e + +LOG_FILE=/tmp/cert-gen.log +CERT_DIR=$PWD/certs +KEY_DIR=$PWD/certs + +mkdir -p $CERT_DIR + +echo "Generating Lamassu SSL certificates..." + +CA_KEY_PATH=$KEY_DIR/Lamassu_CA.key +CA_PATH=$CERT_DIR/Lamassu_CA.pem +SERVER_KEY_PATH=$KEY_DIR/Lamassu.key +SERVER_CERT_PATH=$CERT_DIR/Lamassu.pem + +openssl genrsa \ + -out $CA_KEY_PATH \ + 4096 >> $LOG_FILE 2>&1 + +openssl req \ + -x509 \ + -sha256 \ + -new \ + -nodes \ + -key $CA_KEY_PATH \ + -days 3560 \ + -out $CA_PATH \ + -subj "/C=IS/ST=/L=Reykjavik/O=Lamassu CA/CN=lamassu.is" \ + >> $LOG_FILE 2>&1 + +openssl genrsa \ + -out $SERVER_KEY_PATH \ + 4096 >> $LOG_FILE 2>&1 + +openssl req -new \ + -key $SERVER_KEY_PATH \ + -out /tmp/Lamassu.csr.pem \ + -subj "/C=IS/ST=/L=Reykjavik/O=Lamassu support client/CN=support@lamassu.is" \ + -sha256 \ + >> $LOG_FILE 2>&1 + +openssl x509 \ + -req -in /tmp/Lamassu.csr.pem \ + -CA $CA_PATH \ + -CAkey $CA_KEY_PATH \ + -CAcreateserial \ + -out $SERVER_CERT_PATH \ + -days 3650 >> $LOG_FILE 2>&1 + +rm /tmp/Lamassu.csr.pem + +echo "Done."