holochain · neonphog · Jul 30, 2020 · Jul 30, 2020 · Jul 30, 2020 · Jul 30, 2020
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/holochain_wasm/Cargo.toml b/crates/holochain_wasm/Cargo.toml
@@ -14,4 +14,5 @@ crate-type = ["cdylib"]
 
 [dependencies]
 holochain_core_types = { version = "=0.0.51-alpha1", path = "../core_types" }
-wasm-bindgen = "=0.2.32"
+wasm-bindgen = "=0.2.48"
+
diff --git a/crates/holochain_wasm/install/default.nix b/crates/holochain_wasm/install/default.nix
@@ -2,7 +2,7 @@
 let
   name = "hc-conductor-wasm-bindgen-install";
 
-  version = "0.2.32";
+  version = "0.2.48";
 
   script = pkgs.writeShellScriptBin name
   ''

diff --git a/crates/in_stream/Cargo.toml b/crates/in_stream/Cargo.toml
@@ -21,6 +21,7 @@ native-tls = "0.2"
 net2 = "0.2"
 openssl = "0.10"
 parking_lot = "0.9"
+rcgen = "=0.8.0"
 serde = { version = "=1.0.104", features = ["rc"] }
 serde_json = { version = "=1.0.47", features = ["preserve_order"] }
 serde_derive = "=1.0.104"

diff --git a/crates/in_stream/src/tls/certificate.rs b/crates/in_stream/src/tls/certificate.rs
@@ -1,61 +1,6 @@
 static FAKE_PKCS12: &[u8] = include_bytes!("fake_key.p12");
 static FAKE_PASS: &str = "hello";
 
-use openssl::{
-    asn1::Asn1Time,
-    bn::{BigNum, MsbOption},
-    hash::MessageDigest,
-    pkey::{PKey, Private},
-    rsa::Rsa,
-    x509::{self, X509Name, X509},
-};
-
-type PrivateKey = PKey<Private>;
-type Certificate = x509::X509;
-
-/// private helper - generate a self-signed cert given an x509 name
-fn generate_self_signed(name: X509Name) -> (PrivateKey, Certificate) {
-    let rsa = Rsa::generate(2048).unwrap();
-    let key = PKey::from_rsa(rsa).unwrap();
-
-    let serial_number = {
-        let mut serial = BigNum::new().unwrap();
-        serial.rand(159, MsbOption::MAYBE_ZERO, false).unwrap();
-        serial.to_asn1_integer().unwrap()
-    };
-
-    let mut builder = X509::builder().unwrap();
-    builder.set_serial_number(&serial_number).unwrap();
-    builder.set_version(2).unwrap();
-    builder.set_subject_name(&name).unwrap();
-    builder.set_issuer_name(&name).unwrap();
-    builder.set_pubkey(&key).unwrap();
-    let not_before = Asn1Time::days_from_now(0).unwrap();
-    builder.set_not_before(&not_before).unwrap();
-    let not_after = Asn1Time::days_from_now(3650).unwrap();
-    builder.set_not_after(&not_after).unwrap();
-    builder.sign(&key, MessageDigest::sha256()).unwrap();
-
-    let cert: Certificate = builder.build();
-
-    (key, cert)
-}
-
-/// private helper - generate a self-signed dev certificate
-fn generate_dev() -> (PrivateKey, Certificate) {
-    let o = "InStreamDevCertificate";
-    let cn = nanoid::simple();
-
-    let mut name = X509Name::builder().unwrap();
-    name.append_entry_by_nid(openssl::nid::Nid::ORGANIZATIONNAME, o)
-        .unwrap();
-    name.append_entry_by_nid(openssl::nid::Nid::COMMONNAME, &cn)
-        .unwrap();
-    let name = name.build();
-
-    generate_self_signed(name)
-}
-
 /// represents an encrypted TLS certificate, and the passphrase to decrypt it
 /// obviously, when serializing, you should only encode the data, not the passphrase
 #[derive(Debug, Clone, PartialEq)]
@@ -67,10 +12,21 @@ pub struct TlsCertificate {
 impl TlsCertificate {
     /// generate a self-signed dev certificate
     pub fn generate_dev() -> Self {
-        let (key, cert) = generate_dev();
+        let id = format!("a{}a.a{}a", nanoid::simple(), nanoid::simple());
+        let mut params = rcgen::CertificateParams::new(vec![id]);
+        // would be nice to ed25519 - but seems incompatible with this openssl
+        //params.alg = &rcgen::PKCS_ED25519;
+        params.alg = &rcgen::PKCS_ECDSA_P256_SHA256;
+        let cert = rcgen::Certificate::from_params(params).expect("gen cert");
+
+        let key = cert.serialize_private_key_der();
+        let key = openssl::pkey::PKey::private_key_from_der(&key).expect("private key");
+
+        let cert = cert.serialize_der().expect("cert der");
+        let cert = openssl::x509::X509::from_der(&cert).expect("cert der");
 
         let pkcs12 = openssl::pkcs12::Pkcs12::builder()
-            .build("dev-passphrase", "in_stream_tls", &*key, &cert)
+            .build("dev-passphrase", "in_stream_tls", &key, &cert)
             .unwrap();
 
         Self {

diff --git a/crates/net/src/sim2h_worker.rs b/crates/net/src/sim2h_worker.rs
@@ -42,9 +42,12 @@ const BATCHING_INTERVAL_MS: u64 = 1000;
 
 fn connect(url: Lib3hUri, timeout_ms: u64) -> NetResult<TcpWss> {
     //    let config = WssConnectConfig::new(TlsConnectConfig::new(TcpConnectConfig::default()));
-    let config = WssConnectConfig::new(TcpConnectConfig {
+    //let config = WssConnectConfig::new(TcpConnectConfig {
+    //    connect_timeout_ms: Some(timeout_ms),
+    //});
+    let config = WssConnectConfig::new(TlsConnectConfig::new(TcpConnectConfig {
         connect_timeout_ms: Some(timeout_ms),
-    });
+    }));
     Ok(InStreamWss::connect(&url::Url::from(url).into(), config)?)
 }
 

diff --git a/crates/net/tests/integration.rs b/crates/net/tests/integration.rs
@@ -116,6 +116,7 @@ fn sim2h_worker_talks_to_sim2h() {
         },
     );
 
+    #[derive(Debug)]
     struct ResultData {
         pub got_handle_store: bool,
         pub got_handle_dm: bool,
@@ -147,6 +148,11 @@ fn sim2h_worker_talks_to_sim2h() {
             let s = s.lock().unwrap();
             s.got_handle_store && s.got_handle_dm && s.got_handle_a_list && s.got_handle_g_list
         }
+
+        pub fn assert_is_ok(s: &Arc<Mutex<Self>>) {
+            let repr = format!("{:#?}", *s.lock().unwrap());
+            assert!(ResultData::is_ok(s), repr);
+        }
     }
 
     let result_data = ResultData::new();
@@ -195,7 +201,7 @@ fn sim2h_worker_talks_to_sim2h() {
         )))
         .unwrap();
 
-    for _ in 0..5 {
+    for _ in 0..10 {
         std::thread::sleep(std::time::Duration::from_millis(25));
 
         println!("tick: {:?}", worker.tick());
@@ -205,6 +211,12 @@ fn sim2h_worker_talks_to_sim2h() {
     // to prove out join space is properly re-sent
     worker.test_close_connection_cause_reconnect();
 
+    for _ in 0..10 {
+        std::thread::sleep(std::time::Duration::from_millis(25));
+
+        println!("tick: {:?}", worker.tick());
+    }
+
     worker
         .receive(ht::test_wrap_enc(Lib3hClientProtocol::PublishEntry(
             ProvidedEntryData {
@@ -223,6 +235,12 @@ fn sim2h_worker_talks_to_sim2h() {
         )))
         .unwrap();
 
+    for _ in 0..10 {
+        std::thread::sleep(std::time::Duration::from_millis(25));
+
+        println!("tick: {:?}", worker.tick());
+    }
+
     worker
         .receive(ht::test_wrap_enc(Lib3hClientProtocol::SendDirectMessage(
             DirectMessageData {
@@ -235,7 +253,7 @@ fn sim2h_worker_talks_to_sim2h() {
         )))
         .unwrap();
 
-    for _ in 0..40 {
+    for _ in 0..60 {
         std::thread::sleep(std::time::Duration::from_millis(25));
 
         println!("tick: {:?}", worker.tick());
@@ -247,5 +265,5 @@ fn sim2h_worker_talks_to_sim2h() {
 
     // -- end sim2h worker test -- //
 
-    assert!(ResultData::is_ok(&result_data));
+    ResultData::assert_is_ok(&result_data);
 }
diff --git a/crates/sim2h/src/connection_mgr.rs b/crates/sim2h/src/connection_mgr.rs
@@ -284,7 +284,7 @@ impl ConnectionMgr {
         )
     }
 
-    fn handle_connect_data(&mut self, uri: Lib3hUri, wss: InStreamWss<InStreamTcp>) {
+    fn handle_connect_data(&mut self, uri: Lib3hUri, wss: TcpWss) {
         debug!(?uri);
         let cmd_send = spawn_wss_task(uri.clone(), wss, self.evt_send_from_children.clone());
         if let Some(old) = self.wss_map.insert(uri.clone(), cmd_send) {

diff --git a/crates/sim2h/src/lib.rs b/crates/sim2h/src/lib.rs
@@ -203,10 +203,10 @@ impl Drop for MetricsTimer {
     }
 }
 
-//pub(crate) type TcpWssServer = InStreamListenerWss<InStreamListenerTls<InStreamListenerTcp>>;
-//pub(crate) type TcpWss = InStreamWss<InStreamTls<InStreamTcp>>;
-pub(crate) type TcpWssServer = InStreamListenerWss<InStreamListenerTcp>;
-pub type TcpWss = InStreamWss<InStreamTcp>;
+pub(crate) type TcpWssServer = InStreamListenerWss<InStreamListenerTls<InStreamListenerTcp>>;
+pub type TcpWss = InStreamWss<InStreamTls<InStreamTcp>>;
+//pub(crate) type TcpWssServer = InStreamListenerWss<InStreamListenerTcp>;
+//pub type TcpWss = InStreamWss<InStreamTcp>;
 
 mod connection_mgr;
 use connection_mgr::*;
@@ -1196,7 +1196,7 @@ impl Sim2h {
         );
 
         let config = TcpBindConfig::default();
-        //        let config = TlsBindConfig::new(config).dev_certificate();
+        let config = TlsBindConfig::new(config).dev_certificate();
 
         // if we don't get any messages within a timeframe from a connection,
         // the connection will throw a timeout error and disconnect.

diff --git a/crates/stress/src/bin/sim2h_max_connections.rs b/crates/stress/src/bin/sim2h_max_connections.rs
@@ -14,8 +14,8 @@ use sim2h::{
 use std::sync::{Arc, Mutex};
 use url2::prelude::*;
 
-//fn await_in_stream_connect(connect_uri: &Lib3hUri) -> InStreamWss<InStreamTls<InStreamTcp>> {
-fn await_in_stream_connect(connect_uri: &Lib3hUri) -> InStreamWss<InStreamTcp> {
+fn await_in_stream_connect(connect_uri: &Lib3hUri) -> InStreamWss<InStreamTls<InStreamTcp>> {
+    //fn await_in_stream_connect(connect_uri: &Lib3hUri) -> InStreamWss<InStreamTcp> {
     let timeout = std::time::Instant::now()
         .checked_add(std::time::Duration::from_millis(20000))
         .unwrap();
@@ -24,8 +24,8 @@ fn await_in_stream_connect(connect_uri: &Lib3hUri) -> InStreamWss<InStreamTcp> {
 
     // keep trying to connect
     loop {
-        //let config = WssConnectConfig::new(TlsConnectConfig::new(TcpConnectConfig::default()));
-        let config = WssConnectConfig::new(TcpConnectConfig::default());
+        let config = WssConnectConfig::new(TlsConnectConfig::new(TcpConnectConfig::default()));
+        //let config = WssConnectConfig::new(TcpConnectConfig::default());
         info!("try new connection -- {}", connect_uri);
         let mut connection = InStreamWss::connect(&(**connect_uri).clone().into(), config).unwrap();
         connection.write(WsFrame::Ping(b"".to_vec())).unwrap();
@@ -66,8 +66,8 @@ struct Job {
     #[allow(dead_code)]
     pub_key: Arc<Mutex<Box<dyn lib3h_crypto_api::Buffer>>>,
     sec_key: Arc<Mutex<Box<dyn lib3h_crypto_api::Buffer>>>,
-    connection: InStreamWss<InStreamTcp>,
-    //connection: InStreamWss<InStreamTls<InStreamTcp>>,
+    //connection: InStreamWss<InStreamTcp>,
+    connection: InStreamWss<InStreamTls<InStreamTcp>>,
     last_ping: std::time::Instant,
     last_pong: std::time::Instant,
 }

diff --git a/crates/stress/src/bin/sim2h_stress.rs b/crates/stress/src/bin/sim2h_stress.rs
@@ -187,8 +187,8 @@ impl Opt {
     }
 }
 
-//fn await_in_stream_connect(connect_uri: &Lib3hUri) -> InStreamWss<InStreamTls<InStreamTcp>> {
-fn await_in_stream_connect(connect_uri: &Lib3hUri) -> InStreamWss<InStreamTcp> {
+fn await_in_stream_connect(connect_uri: &Lib3hUri) -> InStreamWss<InStreamTls<InStreamTcp>> {
+    //fn await_in_stream_connect(connect_uri: &Lib3hUri) -> InStreamWss<InStreamTcp> {
     let timeout = std::time::Instant::now()
         .checked_add(std::time::Duration::from_millis(10000))
         .unwrap();
@@ -197,8 +197,8 @@ fn await_in_stream_connect(connect_uri: &Lib3hUri) -> InStreamWss<InStreamTcp> {
 
     // keep trying to connect
     loop {
-        //let config = WssConnectConfig::new(TlsConnectConfig::new(TcpConnectConfig::default()));
-        let config = WssConnectConfig::new(TcpConnectConfig::default());
+        let config = WssConnectConfig::new(TlsConnectConfig::new(TcpConnectConfig::default()));
+        //let config = WssConnectConfig::new(TcpConnectConfig::default());
         let mut connection = InStreamWss::connect(&(**connect_uri).clone().into(), config).unwrap();
         connection.write(WsFrame::Ping(b"".to_vec())).unwrap();
 
@@ -289,8 +289,8 @@ struct Job {
     #[allow(dead_code)]
     pub_key: Arc<Mutex<Box<dyn lib3h_crypto_api::Buffer>>>,
     sec_key: Arc<Mutex<Box<dyn lib3h_crypto_api::Buffer>>>,
-    connection: InStreamWss<InStreamTcp>,
-    //connection: InStreamWss<InStreamTls<InStreamTcp>>,
+    //connection: InStreamWss<InStreamTcp>,
+    connection: InStreamWss<InStreamTls<InStreamTcp>>,
     stress_config: OptStressRunConfig,
     got_ack: bool,
     next_ping: std::time::Instant,