From b34dcf7aecea86cf7c76cdc2c6863c27d2ea65b6 Mon Sep 17 00:00:00 2001
From: Berend Sliedrecht <sliedrecht@berend.io>
Date: Fri, 16 Aug 2024 11:16:59 +0200
Subject: [PATCH] feat: use DNS in X.509 certificate

Signed-off-by: Berend Sliedrecht <sliedrecht@berend.io>
---
 agent/src/constants.ts                              | 5 +++--
 agent/src/keyMethods/createSelfSignedCertificate.ts | 6 +++---
 docker-compose.yml                                  | 1 +
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/agent/src/constants.ts b/agent/src/constants.ts
index 514a20c..9ee4a1a 100644
--- a/agent/src/constants.ts
+++ b/agent/src/constants.ts
@@ -1,11 +1,12 @@
-if (!process.env.P256_SEED || !process.env.AGENT_HOST || !process.env.AGENT_WALLET_KEY) {
+if (!process.env.P256_SEED || !process.env.AGENT_HOST || !process.env.AGENT_WALLET_KEY || !process.env.AGENT_DNS) {
   throw new Error('P256_SEED, AGENT_HOST or AGENT_WALLET_KEY env variable not set')
 }
 
 const AGENT_HOST = process.env.AGENT_HOST
+const AGENT_DNS = process.env.AGENT_DNS
 const AGENT_WALLET_KEY = process.env.AGENT_WALLET_KEY
 
 const P256_SEED = process.env.P256_SEED
 const X509_CERTIFICATE = process.env.X509_CERTIFICATE
 
-export { AGENT_HOST, AGENT_WALLET_KEY, P256_SEED, X509_CERTIFICATE }
+export { AGENT_HOST, AGENT_WALLET_KEY, P256_SEED, X509_CERTIFICATE, AGENT_DNS }
diff --git a/agent/src/keyMethods/createSelfSignedCertificate.ts b/agent/src/keyMethods/createSelfSignedCertificate.ts
index 5309310..ffb8389 100644
--- a/agent/src/keyMethods/createSelfSignedCertificate.ts
+++ b/agent/src/keyMethods/createSelfSignedCertificate.ts
@@ -1,13 +1,13 @@
 import { type Key, X509Service } from '@credo-ts/core'
 import { agent } from '../agent'
-import { AGENT_HOST } from '../constants'
+import { AGENT_DNS } from '../constants'
 
 export const createSelfSignedCertificate = async (key: Key) =>
   (
     await X509Service.createSelfSignedCertificate(agent.context, {
       key,
-      extensions: [[{ type: 'url', value: AGENT_HOST }]],
+      extensions: [[{ type: 'dns', value: AGENT_DNS }]],
       notBefore: new Date(0), // Thu Jan 01 1970 01:00:00 GMT+0100 (Central European Standard Time)
-      notAfter: new Date(10000000000000), // Sat Nov 20 2286 18:46:40 GMT+0100 (Central European Standard Time)
+      notAfter: new Date(1763799732333), // Sat Nov 22 2025 09:22:12 GMT+0100 (Central European Standard Time)
     })
   ).toString('base64')
diff --git a/docker-compose.yml b/docker-compose.yml
index 15b715f..af5d64e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -22,6 +22,7 @@ services:
       P256_SEED: ${P256_SEED}
       X509_CERTIFICATE: ${X509_CERTIFICATE}
       AGENT_HOST: "https://funke.animo.id"
+      AGENT_DNS: "funke.animo.id"
 
     networks:
       - traefik