Merge pull request #270 from codaco/fix/certificate-changes

Fix for iOS Pairing Issues

package.json

@@ -120,7 +120,7 @@
         "reselect": "^3.0.0",
         "restify": "^7.2.1",
         "restify-cors-middleware": "^1.1.1",
-        "selfsigned": "^1.10.3",
+        "selfsigned": "^1.10.7",
         "thread-loader": "^1.1.5",
         "uuid": "^3.3.2",
         "xmldom": "^0.1.27"

src/main/MainApp.js

@@ -2,6 +2,7 @@ const { app, Menu } = require('electron');
 const ProtocolManager = require('./data-managers/ProtocolManager');
 const MainWindow = require('./components/mainWindow');
 const { AdminService } = require('./server/AdminService');
+const { resetPemKeyPair } = require('./server/certificateManager');
 const { isWindows } = require('./utils/environment');
 const { createTray } = require('./components/tray');
 
@@ -30,10 +31,23 @@ const createApp = () => {
   const updater = Updater();
   updater.checkForUpdates(true);
 
+  const regenerateCertificates = () => {
+    const responseNum = dialog.showMessageBox(mainWindow.window, {
+      message: 'Regenerate certificates?',
+      detail: 'Regenerating security certificates will require you to re-pair all of your devices. Do you want to continue?',
+      buttons: ['Regenerate Certificates', 'Cancel'],
+      cancelId: 1,
+      defaultId: 0,
+    });
+    if (responseNum === 0) {
+      resetPemKeyPair().then(adminService.resetDevices()).then(reloadHomeScreen);
+    }
+  };
+
   const resetAppData = () => {
     const responseNum = dialog.showMessageBox(mainWindow.window, {
       message: 'Destroy all application files and data?',
-      detail: 'This includes all imported protocols and paired devices',
+      detail: 'This will delete ALL existing data, including interview data, imported protocols and paired devices. Do you want to continue?',
       buttons: ['Reset Data', 'Cancel'],
       cancelId: 1,
       defaultId: 0,
@@ -91,6 +105,10 @@ const createApp = () => {
           click: showImportProtocolDialog,
         },
         { type: 'separator' },
+        {
+          label: 'Regenerate Certificates...',
+          click: regenerateCertificates,
+        },
         {
           label: 'Reset Data...',
           click: resetAppData,

src/main/data-managers/DeviceManager.js

@@ -25,7 +25,6 @@ class DeviceManager {
     return this.db.all();
   }
 
-  // TODO: Probably remove after alpha testing
   destroyAllDevices() {
     return this.db.destroyAll();
   }

src/main/server/AdminService.js

@@ -7,6 +7,7 @@ const apiRequestLogger = require('./apiRequestLogger');
 const DeviceManager = require('../data-managers/DeviceManager');
 const ProtocolManager = require('../data-managers/ProtocolManager');
 const ExportManager = require('../data-managers/ExportManager');
+const { resetPemKeyPair } = require('./certificateManager');
 const { PairingRequestService } = require('./devices/PairingRequestService');
 const { RequestError, ErrorMessages } = require('../errors/RequestError');
 
@@ -300,9 +301,13 @@ class AdminService {
     return api;
   }
 
-  // TODO: Probably remove after alpha testing
+  resetDevices() {
+    return this.deviceManager.destroyAllDevices();
+  }
+
   resetData() {
     return Promise.all([
+      resetPemKeyPair(),
       this.deviceManager.destroyAllDevices(),
       this.protocolManager.destroyAllProtocols(),
       this.protocolManager.destroyAllSessions(),

src/main/server/ServerFactory.js

@@ -1,5 +1,5 @@
 const Server = require('./Server');
-const ensurePemKeyPair = require('./ensurePemKeyPair');
+const { ensurePemKeyPair } = require('./certificateManager');
 const { ready: cipherReady } = require('../utils/shared-api/cipher');
 const { deviceServiceEvents } = require('./devices/DeviceService');
 

src/main/server/__tests__/ServerFactory-test.js

@@ -3,7 +3,7 @@
 const path = require('path');
 const { createServer } = require('../ServerFactory');
 
-jest.mock('../ensurePemKeyPair');
+jest.mock('../certificateManager');
 
 const mockServerMethods = {
   close: jest.fn(),

src/main/server/__tests__/ensurePemKeyPair-test.js → src/main/server/__tests__/certificateManager-test.js

@@ -1,7 +1,7 @@
 /* eslint-env jest */
 const selfsigned = require('selfsigned');
 
-const ensurePemKeyPair = require('../ensurePemKeyPair');
+const { ensurePemKeyPair } = require('../certificateManager');
 const promisedFs = require('../../utils/promised-fs');
 
 jest.mock('selfsigned');

src/main/server/ensurePemKeyPair.js → src/main/server/certificateManager.js

@@ -37,6 +37,10 @@ const generatePemKeyPair = () => {
       keyEncipherment: true,
       dataEncipherment: true,
     },
+    {
+      name: 'extKeyUsage',
+      serverAuth: true,
+    },
     {
       name: 'subjectAltName',
       altNames: [
@@ -59,7 +63,7 @@ const generatePemKeyPair = () => {
   // TODO: Ed25519 and/or native implementation
   const pems = selfsigned.generate(attrs, {
     algorithm: 'sha256',
-    days: 365 * 10,
+    days: 365 * 2,
     keySize: 2048,
     extensions,
   });
@@ -105,4 +109,21 @@ const ensurePemKeyPair = () => (
     })
 );
 
-module.exports = ensurePemKeyPair;
+const resetPemKeyPair = () => (
+  Promise.all([
+    promisedFs.tryUnlink(certPem),
+    promisedFs.tryUnlink(privatePem),
+    promisedFs.tryUnlink(publicPem),
+    promisedFs.tryUnlink(fingerprintFile),
+  ])
+    .then(generatePemKeyPair)
+    .catch((err) => {
+      logger.error(err);
+      throw err;
+    })
+);
+
+module.exports = {
+  ensurePemKeyPair,
+  resetPemKeyPair,
+};

src/main/utils/promised-fs.js

@@ -68,6 +68,7 @@ const unlink = path => (new Promise((resolve, reject) => {
   } catch (err) { reject(err); }
 }));
 
+// Ignore "file/directory doesn't exist" errors.
 const tryUnlink = path => unlink(path).catch((err) => {
   if (err.code !== 'ENOENT') { throw err; }
 });