Cleanup

src/CertGen.java

@@ -39,6 +39,8 @@
 import snowblossom.proto.WalletDatabase;
 import snowblossom.proto.AddressSpec;
 import snowblossom.lib.KeyUtil;
+import snowblossom.lib.AddressSpecHash;
+import snowblossom.lib.AddressUtil;
 import snowblossom.client.WalletUtil;
 import snowblossom.channels.proto.SignedMessage;
 import snowblossom.channels.proto.SignedMessagePayload;
@@ -59,23 +61,33 @@ public static SslContext getServerSSLContext(WalletDatabase db)
     KeyPair tls_pair = KeyUtil.decodeKeypair(tls_wkp);
 
     X509Certificate cert = generateSelfSignedCert(wkp, tls_wkp, address_spec);
+    System.out.println(cert);
 
     ByteString pem_cert = pemCodeCert(cert);
     ByteString pem_prv = pemCodeECPrivateKey(tls_pair.getPrivate());
 
     return GrpcSslContexts.forServer(pem_cert.newInput(), pem_prv.newInput()).build();
   }
 
+
+  /**
+   * @param key_pair Key pair to use to sign the cert inner signed message, the node key
+   * @param tls_wkp The temporary key to use just for this cert and TLS sessions
+   * @param spec Address for 'key_pair'
+   */
   public static X509Certificate generateSelfSignedCert(WalletKeyPair key_pair, WalletKeyPair tls_wkp, AddressSpec spec)
     throws Exception
   {
 
+    AddressSpecHash address_hash = AddressUtil.getHashForSpec(spec);
+    String address = AddressUtil.getAddressString(ChannelGlobals.ADDRESS_STRING, address_hash);
+
 
     byte[] encoded_pub= tls_wkp.getPublicKey().toByteArray();
     SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(
       ASN1Sequence.getInstance(encoded_pub));
 
-    String dn="CN=Test, O=B";
+    String dn=String.format("CN=%s, O=SnowChannel", address);
     X500Name issuer = new X500Name(dn);
     BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
     Date notBefore = new Date(System.currentTimeMillis());

src/ChannelGlobals.java

@@ -0,0 +1,9 @@
+package snowblossom.channels;
+
+public class ChannelGlobals
+{
+  public static final String ADDRESS_STRING="node";
+
+
+
+}

src/SnowTrustManagerFactorySpi.java

@@ -111,9 +111,10 @@ public void checkServerTrusted(X509Certificate[] chain, String authType)
         ASN1Encodable o = parser.readObject();
         DEROctetStringParser dero = (DEROctetStringParser) o;
         sm = SignedMessage.parseFrom(dero.getOctetStream());
+
+
         ChannelSigUtil.validateSignedMessage(sm);
         SignedMessagePayload payload = SignedMessagePayload.parseFrom(sm.getPayload());
-        //System.out.println("Payload: " + payload);
         address_spec = payload.getClaim();
         tls_pub_key = payload.getTlsPublicKey();
       }
@@ -135,12 +136,10 @@ public void checkServerTrusted(X509Certificate[] chain, String authType)
           throw new CertificateException("Server did not claim the expected address");
         }
       }
-      //if (address_spec.getRequiredSigners() != 1) throw new CertificateException("Multisig not supported for TLS certs");
-      //if (address_spec.getSigSpecsCount() != 1) throw new CertificateException("Multisig not supported for TLS certs");
+
       try
       {
 
-        //String algo = SignatureUtil.getAlgo(address_spec.getSigSpecs(0).getSignatureType());
         String algo = "RSA";
         PublicKey address_key = KeyUtil.decodeKey(tls_pub_key, algo);
 
@@ -152,7 +151,6 @@ public void checkServerTrusted(X509Certificate[] chain, String authType)
         //System.out.println("Address key: " + HexUtil.getHexString(address_key_bs));
         //System.out.println("Cert key: " + HexUtil.getHexString(cert_key_bs));
 
-        //if (!address_key.equals(cert.getPublicKey()))
         if (!address_key_bs.equals(cert_key_bs))
         {
           throw new CertificateException("Public key mismatch");

test/CertGenTest.java

@@ -53,7 +53,6 @@ public void testGenAndService()
   {
     TreeMap<String,String> config_map = new TreeMap<>();
     config_map.put("key_count", "1");
-    //config_map.put("key_mode", "tls");
 
     WalletDatabase db = WalletUtil.makeNewDatabase(new ConfigMem(config_map), new NetworkParamsProd());