https://discord.cloudflare.com logo
Join Discord
Powered by
# workers-discussions
  • d
    bad practice to have creds committed in your git repo
  • k
    But if it’s not under a git repo?
  • d
    don't I have to do this?
    Copy code
    cloudflared tunnel --url http://127.0.0.1:8787
  • c
    Oh are you trying to make the worker reachable from another worker?
  • d
    reachable from the interwebz for testing
  • c
    Oh then yeah you need to publish something or use the tunnel
  • d
    thanks. I guess the tunnel should be pretty safe as long as I don't eval any javascript or wasm.
  • d
    fun fun, nothing like seeing a 
    DOMException
    in a Worker
  • k
    my favourite error
  • d
    Copy code
    publicKey = await crypto.subtle.importKey('spki', binaryCert, {
    name: "RSASSA-PKCS1-v1_5",
    hash: "SHA-1"
  }, false, ['verify']);
Uncaught Error
  • d
    like
  • d
    how I am supposed to troubleshoot that
  • k
    will be improved
  • k
  • k
    your key is also the first part of the PR
  • d
    that's creepy
  • k
    but yes webcrypto errors suck
  • d
    oh, is it because I'm using sha-1?
  • d
  • d
    Copy code
    Signature Algorithm: sha256WithRSAEncryption
  • d
  • d
    this is so frustrating
  • d
  • d
    hmm
  • k
    so there's a few things
  • k
    1) you need to extract the public key from that .pem 2) strip the headers 3) atob the rest 4) turn it into an arraybuffer
  • d
    right, so I am doing that :/
    Copy code
    const certData = cert.replace(/-+BEGIN CERTIFICATE-+\r?\n?/, '')
    .replace(/-+END CERTIFICATE-+\r?\n?/, '')
    .replace(/\r\n/g, '\n');
  const binaryCert = new TextEncoder().encode(atob(certData)).buffer;
  const signatureBuffer = Uint8Array.from(atob(payload.Signature.replace(/-/g, '+').replace(/_/g, '/')), c => c.charCodeAt(0));
  console.debug("asdf")
  const publicKey = await crypto.subtle.importKey('spki', binaryCert, {
    name: signingAlgorithm,
    hash: { name: hashAlgorithm }
  }, false, ['verify']);
  console.debug("asdf")
  • k
    Copy code
    ts
function str2ab(str) {
  const buf = new ArrayBuffer(str.length);
  const bufView = new Uint8Array(buf);
  for (let i = 0, strLen = str.length; i < strLen; i++) {
    bufView[i] = str.charCodeAt(i);
  }
  return buf;
}

export default {
  async fetch() {
    // openssl x509 -pubkey -noout -in ./SimpleNotificationService-56e67fcb41f6fec09b0196692625d385.pem > pubkey.pem
    let cert =
      "-----BEGIN PUBLIC KEY-----\n" +
      "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5YzF4g9Y8VUo4F8DVUcQ\n" +
      "2pylVpAiPNyyq2VY5ybkw+jt7ZAKpmdnGKPdFKCfI0TuZvUBABJ6I8yz0Zw2b8oD\n" +
      "NmF+W+9cRZ0+G2VU9fakJa0jRrgJBnVecjFKoGDU9YwjDXTfT4LEGWFm8PFsvsyT\n" +
      "3cm/4yxIY2Ds4GLmg9ymrXBKFR41qNaRCTKU1VQ+WDXLAHpW8EfIBjIqDg0dncYG\n" +
      "u/u0Qx3W/BVy6BPlxMH7exn7wJA1GO6VnDPyyKQ2fwR5ks2omE+J3qRmMYAcQCfj\n" +
      "SDAfLw3t4oIPKK1RnRCdK6pgoSFxphF9QlKXn1rmNprC+MbnVnRe0CEymqhGngiQ\n" +
      "iQIDAQAB\n" +
      "-----END PUBLIC KEY-----"

    const pk_header = "-----BEGIN PUBLIC KEY-----";
    const pk_footer = "-----END PUBLIC KEY-----";

    cert = cert.substring(pk_header.length, cert.length - pk_footer.length);
    const b64 = atob(cert);
    const bin = str2ab(b64);

    const key = await crypto.subtle.importKey(
      "spki",
      bin,
      {
        name: "RSASSA-PKCS1-v1_5",
        hash: "SHA-256",
      },
      false,
      ["verify"]
    );

    return Response.json(key);
  },
};
  • d
    did that work for you?
  • k
    Copy code
    json
{"usages":["verify"],"algorithm":{"name":"RSASSA-PKCS1-v1_5","modulusLength":2048,"publicExponent":{},"hash":{"name":"SHA-256"}},"extractable":false,"type":"public"}
1...227722782279...2509Latest