[WIP] Start of unit test for gencerts subcommand:

[allen-munsch]

#949

• WIP for testing: produces valid and usable certificates
• generates the certificates in the expected location

However I was confused by args :

openbazaar-go/cmd/gencerts.go

Line 27 in 3df2e66

func (x *GenerateCertificates) Execute(args []string) error {

I didn't understand how args was being used, sort of looked like it wasn't being used.

As far as interesting use cases, i'm not sure how interesting the current settings are.

It'd be awesome if i could get pointed to some use cases that I could test for, if they exist somewhere.

[coveralls]

Coverage remained the same at 33.694% when pulling c4353fc on allen-munsch:am_949 into cda68e2 on OpenBazaar:master.

[cpacia]

Thanks for this. I think the number one use case is for getting the electron UI client to make a valid ssl connection to the server.

The trouble we had was programatically generating a cert that electron would accept. I believe the current code does that but not 100% sure. If we could even some how import it into electron rather than the OS level that would be OK too.

But remote connecting client to server is the use case.

[placer14]

Thanks for the unit test. A few changes requested but good over all! 🍻

[allen-munsch]

@placer14 thank you for the feedback I think I made the suggested changes.

As far as certificate import this is what i've found so far, however i'm not sure if the nssdb method is outdated, or if its cross platform.

win32/64

  certutil.exe -addstore -user Root openbazaard.crt

• https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/certutil#BKMK_Store

darwin

  security add-trusted-cert -p ssl openbazaard.crt

linux

  certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n 127.0.0.1 -i openbazaard.pem

A rough sketch of ssl configuration through electron, but only with linux support.

• https://github.com/electron/electron/blob/master/docs/api/app.md#appimportcertificateoptions-callback-linux

  if (process.platform === 'linux') {
    let sslcert = {
                   certificate: `${config.sslcert.path}`,
                   password: `${config.sslcert.password}`
                  }
    app.importCertificate(sslcert, function(result) {
      if (result != 0) {
        // https://cs.chromium.org/chromium/src/net/base/net_error_list.h
        dialog.showErrorBox('Error importing ssl certificate',
          `Error number: ${}\nCertificate path: ${config.sslcert.path}`)
      }
    })
  })

I'm still looking into how openbazaar-go and openbazaar-desktop do ssl. To better understand the test case.

[placer14]

One more round of changes, @allen-munsch. Thank you for spending your time on this. And apologies about the slow response on the review.

[allen-munsch]

@placer14 thank you very much for the review. I've been super busy, but i'm hoping to get to these changes soon. Just a personal factor, but i'm on a low bandwidth connection, like 20Gb allotment, and it get's eaten up pretty quick using openbazaar. recently switched machines and dependency downloads with 70kb connection are difficult, so i've been waiting. lol.

[placer14]

@allen-munsch I'm really sorry to hear that. Unfortunately, our dependency management is still using godep and is not kind on the bandwidth.

We've had a few people complaining about SSL not working properly. Seeing that you're already familiar with this area of the code, maybe you'd like to take a look at it? You could use your current versions to test/explore as well. #1307

[cpacia]

Reopening as #1602 in an ob-go branch