init

.gitignore

@@ -0,0 +1 @@
+node_modules

README.md

@@ -0,0 +1,30 @@
+# guld-auth
+
+Peer to peer authentication using OpenPGP identities to manage individual Certificate Authorities and mutual TLS sessions.
+
+### OpenPGP + CA Handshake
+
+![pgp ca handshake](/pgp-mtls.jpg)
+
+### Dependencies
+
+This package will be made isomorphic, but for now it is node-only and requires the following:
+
+ + OpenSSL
+ + [peerca](https://github.com/substack/peerca)
+
+### Install
+
+##### Node
+
+This package is not yet published in npm or any other package managers.
+
+```sh
+git clone https://github.com/isysd-mirror/guld-auth.git
+cd guld-auth
+npm i
+```
+
+### License
+
+MIT Copyright isysd <[email protected]>

index.js

@@ -0,0 +1,3 @@
+// Set options as a parameter, environment variable, or rc file.
+require = require("esm")(module/*, options*/)
+module.exports = require("./main.js")

main.js

@@ -0,0 +1,53 @@
+import * as keyring  from 'keyring-gpg'
+import * as forge  from 'node-forge'
+import { default as peerca } from 'peerca'
+import * as fs from 'fs'
+import * as os from 'os'
+import * as path from 'path'
+import { spawn } from 'child_process'
+const hostname = os.hostname()
+const ca = peerca({host: hostname})
+
+export async function signCSR (csr) {  
+  return keyring.sign(csr)
+}
+
+export async function verifyCSR (pem, signature) {
+  var csr = forge.pki.certificationRequestFromPem(pem)
+  if (!csr.verify()) return false
+  var cn = csr.subject.getField({name: 'commonName'})
+  if (cn && cn.value) {
+    cn = cn.value
+    if (cn.indexOf('.')) cn = cn.split('.').pop()
+    var fpr = await keyring.listKeys(`${cn}@${cn}.guld`)
+    if (!fpr || fpr.length === 0) return false
+    if keyring.verify(pem, signature, Object.keys(fpr))
+  } else {
+    return false
+  }
+}
+
+export async function authorizeCSR (pem, cn) {
+  return new Promise((resolve, reject) => {
+    var proc = child_process.spawn('peerca', ['authorize', cn, '-h', hostname]) // eslint-disable-line camelcase
+    const buffers = []
+    let buffersLength = 0
+    let stderr = ''
+    proc.stdout.on('data', function (buf) {
+      buffers.push(buf)
+      buffersLength += buf.length
+    })
+    proc.stderr.on('data', function (buf) {
+      stderr += buf.toString('utf8')
+    })
+    proc.on('close', function (code) {
+      if (code !== 0 && stderr !== '') reject(new Error(stderr))
+      resolve(Buffer.concat(buffers, buffersLength))
+    })
+    proc.stdin.end(pem)
+  })
+}
+
+export function save (pem, cn) {
+  ca.save(cn).end(pem)
+}

package.json

@@ -0,0 +1,28 @@
+{
+  "name": "guld-auth",
+  "version": "0.1.0",
+  "description": "Authenticate using OpenPGP Web of Trust and mutual TLS.",
+  "main": "index.js",
+  "module": "main.js",
+  "scripts": {
+    "test": "node test.js"
+  },
+  "keywords": [
+    "guld",
+    "openpgp",
+    "pgp",
+    "gpg",
+    "gnupg",
+    "auth",
+    "web",
+    "security"
+  ],
+  "author": "isysd",
+  "license": "MIT",
+  "dependencies": {
+    "esm": "^3.2.19",
+    "keyring-gpg": "^0.4.1",
+    "node-forge": "^0.8.2",
+    "peerca": "^1.0.3"
+  }
+}