{"id":15914432,"url":"https://github.com/bbengfort/trisads","last_synced_at":"2025-04-03T03:27:36.511Z","repository":{"id":55866055,"uuid":"286058686","full_name":"bbengfort/trisads","owner":"bbengfort","description":"Implements a simple GRPC directory service for TRISA","archived":false,"fork":false,"pushed_at":"2020-12-30T19:54:33.000Z","size":1427,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-08T17:30:52.197Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bbengfort.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-08-08T14:29:20.000Z","updated_at":"2020-12-30T19:54:35.000Z","dependencies_parsed_at":"2022-08-15T08:01:16.505Z","dependency_job_id":null,"html_url":"https://github.com/bbengfort/trisads","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bbengfort%2Ftrisads","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bbengfort%2Ftrisads/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bbengfort%2Ftrisads/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bbengfort%2Ftrisads/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bbengfort","download_url":"https://codeload.github.com/bbengfort/trisads/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246930768,"owners_count":20856684,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-06T17:02:49.160Z","updated_at":"2025-04-03T03:27:36.493Z","avatar_url":"https://github.com/bbengfort.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# TRISA Directory Service\n\n**Implements a simple gRPC directory service for TRISA.**\n\nThis is a prototype implementation of a gRPC directory service that can act as a standalone server for VASP lookup queries. This is not intended to be used for production, but rather as a proof-of-concept (PoC) for directory service registration, lookups, and searches.\n\n## Generate Protocol Buffers\n\nTo regenerate the Go and Javascript code from the protocol buffers:\n\n```\n$ go generate ./...\n```\n\nThe go generate directives are stored in `pb/pb.go`. The directives create grpc Go in the `pb` package as well as grpc-web in the `web/src/pb` directory.\n\n## Quick Start\n\nThe simplest way to get started is to use the `docker-compose.yml` file to get the following services running locally:\n\n- **trsisads**: the TRISA directory service that implements the grpc protocol\n- **proxy**: an envoy proxy that translates HTTP 1.1 requests into HTTP 2.0 requests\n- **dsui**: UI that implements grpc-web to connect to the directory server via the proxy\n\nRun the services as follows:\n\n```\n$ docker-compose up\n```\n\nThen connect to the UI on https://localhost:8000/\n\n### Development\n\nFor development purposes you'll want to run and reload the servers individually. To run the directory service:\n\n```\n$ go run ./cmd/trisads serve\n```\n\nNote that you'll likely want to have the following environment variables configured:\n\n- `$SECTIGO_USERNAME`, `$SECTIGO_PASSWORD`: to access the Sectigo API\n- `$SENDGRID_API_KEY`: sending verification emails and certificates\n\nTo run the development web UI server:\n\n```\n$ cd web\n$ npx serve\n```\n\nFinally, to run the proxy, use the docker image, building if necessary:\n\n```\n$ docker run -n grpc-proxy trisacrypto/proxy:develop\n```\n\n## Sectigo API\n\nThe directory service issues certificates using Sectigo, please refer to the [API Documentation](https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA01N000000bvCJ) for more details on the endpoints and supported interactions. The `sectigo` package provides a simple client interface for interacting with the API; most of this code is handled by the server, but there is also a CLI interface that demonstrates usage.\n\nTo install the CLI server:\n\n```\n$ go install ./cmd/sectigo\n```\n\nThis should add the `sectigo` command to your `$PATH`.\n\n### Authentication\n\nThe first step is authentication, you should set your username and password in the `$SECTIGO_USERNAME` and `$SECTIGO_PASSWORD` environment variables (alternatively you can pass them as parameters on the command line). To verify your authentication status you can use:\n\n```\n$ sectigo auth\n```\n\nThe API authenticates by username and password then returns acess and refresh tokens which are stored in a local cache file. To see where your cache is stored:\n\n```\n$ sectigo auth --cache\n```\n\nIf you'd like to check your credentials state, e.g. if the access tokens are valid, refreshable, or expired, use:\n\n```\n$ sectigo auth --debug\n```\n\n### Authorities and Profiles\n\nTo begin to interact with certificates you need to list the authorities and profiles that your user account has access to.\n\n```\n$ sectigo authorities\n[\n  {\n    \"id\": 1,\n    \"ecosystemId\": 100,\n    \"signerCertificateId\": 0,\n    \"ecosystemName\": \"TRISA\",\n    \"balance\": 10,\n    \"enabled\": true,\n    \"profileId\": 42,\n    \"profileName\": \"TRISA Profile\"\n  }\n]\n```\n\nThe authority displays the methods and profiles that certificates are created under. Here the `profileId` field is very important for use in subsequent calls. You can also view how many licenses have been ordered/issued across all authorities as follows:\n\n```\n$ sectigo licenses\n{\n  \"ordered\": 2,\n  \"issued\": 2\n}\n```\n\nTo get detail information for a profile, use the profile ID with the following command:\n\n```\n$ sectigo profiles -i 42\n```\n\nThis will return the raw profile configuration. Before creating certificates with the authority, you'll need to know the required profile parameters:\n\n```\n$ sectigo profile -i 42 --params\n```\n\n### Creating Certificates\n\nYou can request a certificate to be created with the `commonName` and `pkcs12Password` params as follows (note for profiles that require other params, you'll have to use the code base directly and implement your own method):\n\n```\n$ sectigo create -a 42 -d example.com -p secrtpasswrd -b \"example.com certs\"\n{\n  \"batchId\": 24,\n  \"orderNumber\": 1024,\n  \"creationDate\": \"2020-12-10T16:35:32.805+0000\",\n  \"profile\": \"TRISA Profile\",\n  \"size\": 1,\n  \"status\": \"CREATED\",\n  \"active\": false,\n  \"batchName\": \"example.com certs\",\n  \"rejectReason\": \"\",\n  \"generatorParametersValues\": null,\n  \"userId\": 10,\n  \"downloadable\": true,\n  \"rejectable\": true\n}\n```\n\nThe `-a` flag specifies the authority, but should be a profile id. The domain must be a valid domain. If you don't specify a password, one is generated for you and printed on the CLI before exit. The `-b` flag gives a human readable name for the batch creation. The return data shows detail about the batch certificate job that was created; you can fetch the data to keep checking on the status as follows:\n\n```\n$ sectigo batches -i 24\n```\n\nYou can also get processing information for the batch:\n\n```\n$ sectigo batches -i 24 --status\n```\n\nOnce the batch is created, it's time to download the certificates in a ZIP file:\n\n```\n$ sectigo download -i 24 -o certs/\n```\n\nThis will download the batch file (usually batchId.zip, 24.zip in this case) to the `certs/` directory. Unzip the certs then decrypt the .pem file as follows:\n\n```\n$ unzip certs/24.zip\n$ openssl pkcs12 -in certs/example.com.p12 -out certs/example.com.pem -nodes\n```\n\nFor more on working with the PKCS12 file, see [Export Certificates and Private Key from a PKCS#12 File with OpenSSL](https://www.ssl.com/how-to/export-certificates-private-key-from-pkcs12-file-with-openssl/).\n\n### Managing Certificates\n\nYou can search for a certificate by name or serial number, but mostly commonly you search by the domain or common name to get the serial number:\n\n```\n$ sectigo find -n example.com\n```\n\nOnce you've obtained the serial number you can revoke the certificate as follows:\n\n```\n$ sectigo revoke -p 42 -r \"cessation of operation\" -s 12345\n```\n\nThis command expects the profile id that issued the certificate with the `-p` flag, an [RFC 5280 reason code](https://tools.ietf.org/html/rfc5280#section-5.3.1) passed via the `-r` flag (unspecified by default), and the serial number of the certificate using the `-s` flag. If this command doesn't error, then the certificate has been successfully revoked.\n\nThe RFC 5280 reasons are:\n\n- \"unspecified\"\n- \"keycompromise\"\n- \"ca compromise\"\n- \"affiliation changed\"\n- \"superseded\"\n- \"cessation of operation\"\n- \"certificate hold\"\n- \"remove from crl\"\n- \"privilege withdrawn\"\n- \"aa compromise\"\n\nNote that the reason is whitespace and case insensitive.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbbengfort%2Ftrisads","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbbengfort%2Ftrisads","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbbengfort%2Ftrisads/lists"}