diodejs 0.1.0 → 0.1.3

package/README.md

@@ -25,9 +25,9 @@ const { DiodeConnection, DiodeRPC, makeReadable } = require('diodejs');
 async function main() {
   const host = 'eu2.prenet.diode.io';
   const port = 41046;
-  const certPath = 'device_certificate.pem';
+  const keyLocation = './db/keys.json'; // Optional, defaults to './db/keys.json'
 
-  const connection = new DiodeConnection(host, port, certPath);
+  const connection = new DiodeConnection(host, port, keyLocation);
   await connection.connect();
 
   const rpc = new DiodeRPC(connection);
@@ -54,24 +54,55 @@ main();
 ### Bind Port
 Here's a quick example to get you started with port forwarding using the `BindPort` class.
 
+#### Port Binding
 ```javascript
 const { DiodeConnection, BindPort } = require('diodejs');
 
 async function main() {
     const host = 'eu2.prenet.diode.io';
     const port = 41046;
-    const certPath = 'device_certificate.pem';
+    const keyLocation = './db/keys.json';
   
-    const connection = new DiodeConnection(host, port, certPath);
+    const connection = new DiodeConnection(host, port, keyLocation);
     await connection.connect();
   
-    const portForward = new BindPort(connection, 3002, 80, "5365baf29cb7ab58de588dfc448913cb609283e2");
+    // Multiple or single port binding with configuration object
+    const portsConfig = {
+      3002: { targetPort: 80, deviceIdHex: "5365baf29cb7ab58de588dfc448913cb609283e2" },
+      3003: { targetPort: 443, deviceIdHex: "5365baf29cb7ab58de588dfc448913cb609283e2" }
+    };
+    
+    const portForward = new BindPort(connection, portsConfig);
     portForward.bind();
     
+    // You can also dynamically add and remove ports
+    portForward.addPort(3004, 8080, "5365baf29cb7ab58de588dfc448913cb609283e2");
+    portForward.removePort(3003);
+}
+
+main();
+```
+
+#### Single Port Binding (Legacy)
+```javascript
+const { DiodeConnection, BindPort } = require('diodejs');
+
+async function main() {
+    const host = 'eu2.prenet.diode.io';
+    const port = 41046;
+    const keyLocation = './db/keys.json';
+  
+    const connection = new DiodeConnection(host, port, keyLocation);
+    await connection.connect();
+  
+    // Legacy method - single port binding
+    const portForward = new BindPort(connection, 3002, 80, "5365baf29cb7ab58de588dfc448913cb609283e2");
+    portForward.bind();
 }
 
 main();
 ```
+
 ### Publish Port
 
 Here's a quick example to get you started with publishing ports using the `PublishPort` class:
@@ -82,18 +113,28 @@ const { DiodeConnection, PublishPort } = require('diodejs');
 async function main() {
   const host = 'us2.prenet.diode.io';
   const port = 41046;
-  const certPath = 'device_certificate.pem';
+  const keyLocation = './db/keys.json';
 
-  const connection = new DiodeConnection(host, port, certPath);
+  const connection = new DiodeConnection(host, port, keyLocation);
   await connection.connect();
 
-  const publishedPorts = [8080]; // Ports you want to publish
-  const publishPort = new PublishPort(connection, publishedPorts, certPath);
-
+  // Option 1: Simple array of ports (all public)
+  const publishedPorts = [8080, 3000]; 
+  
+  // Option 2: Object with port configurations for public/private access control
+  const publishedPortsWithConfig = {
+    8080: { mode: 'public' },  // Public port, accessible by any device
+    3000: { 
+      mode: 'private',  
+      whitelist: ['0x1234abcd5678...', '0x9876fedc5432...'] // Only these devices can connect
+    }
+  };
+  
+  // certPath parameter is maintained for backward compatibility but not required
+  const publishPort = new PublishPort(connection, publishedPortsWithConfig);
 }
 
 main();
-
 ```
 
 ## Reference
@@ -102,19 +143,20 @@ main();
 
 #### `DiodeConnection`
 
-- **Constructor**: `new DiodeConnection(host, port, certPath)`
+- **Constructor**: `new DiodeConnection(host, port, keyLocation)`
   - `host` (string): The host address of the Diode server.
   - `port` (number): The port number of the Diode server.
-  - `certPath` (string)(default: ./cert/device_certificate.pem): The path to the device certificate. If doesn't exist, generates automaticly. 
+  - `keyLocation` (string)(default: './db/keys.json'): The path to the key storage file. If the file doesn't exist, keys are generated automatically.
 
 - **Methods**:
   - `connect()`: Connects to the Diode server. Returns a promise.
   - `sendCommand(commandArray)`: Sends a command to the Diode server. Returns a promise.
   - `sendCommandWithSessionId(commandArray, sessionId)`: Sends a command with a session ID. Returns a promise.
-  - `getEthereumAddress()`: Returns the Ethereum address derived from the device certificate.
+  - `getEthereumAddress()`: Returns the Ethereum address derived from the device keys.
   - `getServerEthereumAddress()`: Returns the Ethereum address of the server.
   - `createTicketCommand()`: Creates a ticket command for authentication. Returns a promise.
   - `close()`: Closes the connection to the Diode server.
+  - `getDeviceCertificate()`: Returns the generated certificate PEM.
 
 #### `DiodeRPC`
 
@@ -136,23 +178,47 @@ main();
 
 #### `BindPort`
 
-- **Constructor**: `new BindPort(connection, localPort, targetPort, deviceIdHex)`
-  - `connection` (DiodeConnection): An instance of `DiodeConnection`.
-  - `localPort` (number): The local port to bind.
-  - `targetPort` (number): The target port on the device.
-  - `deviceIdHex` (string): The device ID in hexadecimal format.
+- **Constructors**:
+  
+  Legacy Constructor:
+  - `new BindPort(connection, localPort, targetPort, deviceIdHex)`
+    - `connection` (DiodeConnection): An instance of `DiodeConnection`.
+    - `localPort` (number): The local port to bind.
+    - `targetPort` (number): The target port on the device.
+    - `deviceIdHex` (string): The device ID in hexadecimal format.
+  
+  New Constructor:
+  - `new BindPort(connection, portsConfig)`
+    - `connection` (DiodeConnection): An instance of `DiodeConnection`.
+    - `portsConfig` (object): A configuration object where keys are local ports and values are objects with `targetPort` and `deviceIdHex`.
+      Example: `{ 3002: { targetPort: 80, deviceIdHex: "5365baf29cb7ab58de588dfc448913cb609283e2" } }`
 
 - **Methods**:
-  - `bind()`: Binds the local port to the target port on the device.
+  - `bind()`: Binds all configured local ports to their target ports on the devices.
+  - `addPort(localPort, targetPort, deviceIdHex)`: Adds a new port binding configuration.
+  - `removePort(localPort)`: Removes a port binding configuration.
+  - `bindSinglePort(localPort)`: Binds a single local port to its target.
+  - `closeAllServers()`: Closes all active server instances.
 
 #### `PublishPort`
 
-- **Constructor**: `new PublishPort(connection, publishedPorts, certPath)`
+- **Constructor**: `new PublishPort(connection, publishedPorts, _certPath)`
   - `connection` (DiodeConnection): An instance of `DiodeConnection`.
-  - `publishedPorts` (array): An array of ports to publish.
-  - `certPath` (string): The path to the device certificate.
+  - `publishedPorts` (array|object): Either:
+    - An array of ports to publish (all public mode)
+    - An object mapping ports to their configuration: `{ port: { mode: 'public'|'private', whitelist: ['0x123...'] } }`
+  - `_certPath` (string): Has no functionality and maintained for backward compatibility.
 
 - **Methods**:
+  - `addPort(port, config)`: Adds a new port to publish. Config is optional and defaults to public mode.
+    - `port` (number): The port number to publish.
+    - `config` (object): Optional configuration with `mode` ('public'|'private') and `whitelist` array.
+  - `removePort(port)`: Removes a published port.
+    - `port` (number): The port number to remove.
+  - `addPorts(ports)`: Adds multiple ports at once (equivalent to the constructor's publishedPorts parameter).
+    - `ports` (array|object): Either an array of port numbers or an object mapping ports to their configurations.
+  - `getPublishedPorts()`: Returns a plain object with all published ports and their configurations.
+  - `clearPorts()`: Removes all published ports. Returns the number of ports that were cleared.
   - `startListening()`: Starts listening for unsolicited messages.
   - `handlePortOpen(sessionIdRaw, messageContent)`: Handles port open requests.
   - `handlePortSend(sessionIdRaw, messageContent)`: Handles port send requests.

package/bindPort.js

@@ -4,18 +4,27 @@ const DiodeRPC = require('./rpc');
 const logger = require('./logger');
 
 class BindPort {
-  constructor(connection, localPort, targetPort,deviceIdHex) {
+  constructor(connection, localPortOrPortsConfig, targetPort, deviceIdHex) {
     this.connection = connection;
-    this.localPort = localPort;
-    this.targetPort = targetPort;
-    this.deviceIdHex = deviceIdHex;
+    
+    // Handle legacy constructor (connection, localPort, targetPort, deviceIdHex)
+    if (typeof localPortOrPortsConfig === 'number' && targetPort !== undefined && deviceIdHex !== undefined) {
+      this.portsConfig = {
+        [localPortOrPortsConfig]: { targetPort, deviceIdHex }
+      };
+    } else {
+      // New constructor (connection, portsConfig)
+      this.portsConfig = localPortOrPortsConfig || {};
+    }
+    
+    this.servers = new Map(); // Track server instances by localPort
+    this.rpc = new DiodeRPC(this.connection);
+    
+    // Set up listener for unsolicited messages once
+    this._setupMessageListener();
   }
-
-  bind () {
-    const deviceId = Buffer.from(this.deviceIdHex, 'hex');
-    // Remove local clientSockets map and use the one from connection
-    const rpc = new DiodeRPC(this.connection);
-
+  
+  _setupMessageListener() {
     // Listen for data events from the device
     this.connection.on('unsolicited', (message) => {
       // message is [messageId, [messageType, ...]]
@@ -44,7 +53,6 @@ class BindPort {
         }
       } else if (messageType === 'portclose') {
         const refRaw = messageContent[1];
-
         const dataRef = Buffer.from(refRaw);
 
         // Close the associated client socket
@@ -60,24 +68,91 @@ class BindPort {
         }
       }
     });
+    
+    // Handle device disconnect
+    this.connection.on('end', () => {
+      logger.info('Disconnected from Diode.io server');
+      this.closeAllServers();
+    });
 
+    // Handle connection errors
+    this.connection.on('error', (err) => {
+      logger.error(`Connection error: ${err}`);
+      this.closeAllServers();
+    });
+  }
+
+  addPort(localPort, targetPort, deviceIdHex) {
+    if (this.servers.has(localPort)) {
+      logger.warn(`Port ${localPort} is already bound`);
+      return false;
+    }
+    
+    this.portsConfig[localPort] = { targetPort, deviceIdHex };
+    
+    // If we're already bound, set up this new port immediately
+    if (this.servers.size > 0) {
+      this.bindSinglePort(localPort);
+    }
+    
+    return true;
+  }
+  
+  removePort(localPort) {
+    if (!this.portsConfig[localPort]) {
+      logger.warn(`Port ${localPort} is not configured`);
+      return false;
+    }
+    
+    // Close the server if it's running
+    if (this.servers.has(localPort)) {
+      const server = this.servers.get(localPort);
+      server.close(() => {
+        logger.info(`Server on port ${localPort} closed`);
+      });
+      this.servers.delete(localPort);
+    }
+    
+    // Remove from config
+    delete this.portsConfig[localPort];
+    return true;
+  }
+  
+  closeAllServers() {
+    for (const [localPort, server] of this.servers.entries()) {
+      server.close();
+      logger.info(`Server on port ${localPort} closed`);
+    }
+    this.servers.clear();
+  }
+  
+  bindSinglePort(localPort) {
+    const config = this.portsConfig[localPort];
+    if (!config) {
+      logger.error(`No configuration found for port ${localPort}`);
+      return false;
+    }
+    
+    const { targetPort, deviceIdHex } = config;
+    const deviceId = Buffer.from(deviceIdHex, 'hex');
+    
     // Set up local server
     const server = net.createServer(async (clientSocket) => {
-      logger.info('Client connected to local server');
+      logger.info(`Client connected to local server on port ${localPort}`);
 
       // Open a new port on the device for this client
       let ref;
       try {
-        ref = await rpc.portOpen(deviceId, this.targetPort, 'rw');
+        ref = await this.rpc.portOpen(deviceId, targetPort, 'rw');
         if (!ref) {
-          logger.error('Error opening port on device');
+          logger.error(`Error opening port ${targetPort} on deviceId: ${deviceIdHex}`);
           clientSocket.destroy();
-          return
+          return;
         } else {
-          logger.info(`Port opened on device with ref: ${ref.toString('hex')} for client`);
+          logger.info(`Port ${targetPort} opened on device with ref: ${ref.toString('hex')} for client`);
         }
       } catch (error) {
-        logger.error(`Error opening port on device: ${error}`);
+        logger.error(`Error opening port ${targetPort} on device: ${error}`);
         clientSocket.destroy();
         return;
       }
@@ -88,7 +163,7 @@ class BindPort {
       // When data is received from the client, send it to the device
       clientSocket.on('data', async (data) => {
         try {
-          await rpc.portSend(ref, data);
+          await this.rpc.portSend(ref, data);
         } catch (error) {
           logger.error(`Error sending data to device: ${error}`);
           clientSocket.destroy();
@@ -100,7 +175,7 @@ class BindPort {
         logger.info('Client disconnected');
         if (ref && this.connection.hasClientSocket(ref)) {
           try {
-            await rpc.portClose(ref);
+            await this.rpc.portClose(ref);
             logger.info(`Port closed on device for ref: ${ref.toString('hex')}`);
             this.connection.deleteClientSocket(ref);
           } catch (error) {
@@ -117,21 +192,22 @@ class BindPort {
       });
     });
 
-    server.listen(this.localPort, () => {
-      logger.info(`Local server listening on port ${this.localPort}`);
-    });
-
-    // Handle device disconnect
-    this.connection.on('end', () => {
-      logger.info('Disconnected from Diode.io server');
-      server.close();
+    server.listen(localPort, () => {
+      logger.info(`Local server listening on port ${localPort} forwarding to device port ${targetPort}`);
     });
+    
+    this.servers.set(parseInt(localPort), server);
+    return true;
+  }
 
-    // Handle connection errors
-    this.connection.on('error', (err) => {
-      logger.error(`Connection error: ${err}`);
-      server.close();
-    });
+  bind() {
+    // Close any existing servers first
+    this.closeAllServers();
+    
+    // Create servers for each port in the config
+    for (const localPort in this.portsConfig) {
+      this.bindSinglePort(parseInt(localPort));
+    }
   }
 }
 

package/connection.js

@@ -3,7 +3,7 @@ const tls = require('tls');
 const fs = require('fs');
 const { RLP } = require('@ethereumjs/rlp');
 const EventEmitter = require('events');
-const { makeReadable, parseRequestId, parseResponseType, parseReason, generateCert } = require('./utils');
+const { makeReadable, parseRequestId, parseResponseType, parseReason, generateCert, ensureDirectoryExistence, loadOrGenerateKeyPair } = require('./utils');
 const { Buffer } = require('buffer'); // Import Buffer
 const asn1 = require('asn1.js');
 const secp256k1 = require('secp256k1');
@@ -12,12 +12,14 @@ const crypto = require('crypto');
 const DiodeRPC = require('./rpc');
 const abi = require('ethereumjs-abi');
 const logger = require('./logger');
+const path = require('path');
+
 class DiodeConnection extends EventEmitter {
-  constructor(host, port, certPath = './cert/device_certificate.pem') {
+  constructor(host, port, keyLocation = './db/keys.json') {
     super();
     this.host = host;
     this.port = port;
-    this.certPath = certPath;
+    this.keyLocation = keyLocation;
     this.socket = null;
     this.requestId = 0; // Initialize request ID counter
     this.pendingRequests = new Map(); // Map to store pending requests
@@ -32,18 +34,19 @@ class DiodeConnection extends EventEmitter {
     // Add maps for storing client sockets and connections
     this.clientSockets = new Map(); // For BindPort
     this.connections = new Map(); // For PublishPort
-
-    // Check if certPath exists, if not generate the certificate
-    if (!fs.existsSync(this.certPath)) {
-      generateCert(this.certPath);
-    }
+    this.certPem = null;
+    // Load or generate keypair
+    this.keyPair = loadOrGenerateKeyPair(this.keyLocation);
   }
 
   connect() {
     return new Promise((resolve, reject) => {
+      // Generate a temporary certificate valid for 1 month
+      this.certPem = generateCert(this.keyPair.prvKeyObj, this.keyPair.pubKeyObj);
+
       const options = {
-        cert: fs.readFileSync(this.certPath),
-        key: fs.readFileSync(this.certPath),
+        cert: this.certPem,
+        key: this.certPem,
         rejectUnauthorized: false,
         ciphers: 'ECDHE-ECDSA-AES256-GCM-SHA384',
         ecdhCurve: 'secp256k1',
@@ -276,63 +279,10 @@ class DiodeConnection extends EventEmitter {
 
   getEthereumAddress() {
     try {
-      const pem = fs.readFileSync(this.certPath, 'utf8');
-      let privateKeyPem;
-      let privateKeyDer;
-      let privateKeyBytes;
-
-      if (pem.includes('-----BEGIN PRIVATE KEY-----')) {
-        // Handle PKCS#8 format
-        privateKeyPem = pem
-          .replace('-----BEGIN PRIVATE KEY-----', '')
-          .replace('-----END PRIVATE KEY-----', '')
-          .replace(/\r?\n|\r/g, '');
-
-        privateKeyDer = Buffer.from(privateKeyPem, 'base64');
-
-        // Define ASN.1 structure for PKCS#8 private key
-        const PrivateKeyInfoASN = asn1.define('PrivateKeyInfo', function () {
-          this.seq().obj(
-            this.key('version').int(),
-            this.key('privateKeyAlgorithm').seq().obj(
-              this.key('algorithm').objid(),
-              this.key('parameters').optional()
-            ),
-            this.key('privateKey').octstr(),
-            this.key('attributes').implicit(0).any().optional(),
-            this.key('publicKey').implicit(1).bitstr().optional()
-          );
-        });
-
-        // Decode the DER-encoded private key
-        const privateKeyInfo = PrivateKeyInfoASN.decode(privateKeyDer, 'der');
-        const privateKeyOctetString = privateKeyInfo.privateKey;
-
-        // Now parse the ECPrivateKey structure inside the octet string
-        const ECPrivateKeyASN = asn1.define('ECPrivateKey', function () {
-          this.seq().obj(
-            this.key('version').int(),
-            this.key('privateKey').octstr(),
-            this.key('parameters').explicit(0).objid().optional(),
-            this.key('publicKey').explicit(1).bitstr().optional()
-          );
-        });
-
-        const ecPrivateKey = ECPrivateKeyASN.decode(privateKeyOctetString, 'der');
-        privateKeyBytes = ecPrivateKey.privateKey;
-        logger.debug(`Private key bytes: ${privateKeyBytes.toString('hex')}`);
-      } else {
-        throw new Error('Unsupported key format. Expected EC PRIVATE KEY or PRIVATE KEY in PEM format.');
-      }
-
-      // Compute the public key
-      const publicKeyUint8Array = secp256k1.publicKeyCreate(privateKeyBytes, false); // uncompressed
-
-      // Convert publicKey to Buffer if necessary
-      const publicKeyBuffer = Buffer.isBuffer(publicKeyUint8Array)
-        ? publicKeyUint8Array
-        : Buffer.from(publicKeyUint8Array);
-
+      // Use the stored keyPair.pubKeyObj to derive Ethereum address
+      const publicKeyDer = this.keyPair.prvKeyObj.generatePublicKeyHex();
+      const publicKeyBuffer = Buffer.from(publicKeyDer, 'hex');
+      
       // Derive the Ethereum address
       const addressBuffer = ethUtil.pubToAddress(publicKeyBuffer, true);
       const address = '0x' + addressBuffer.toString('hex');
@@ -369,106 +319,15 @@ class DiodeConnection extends EventEmitter {
     }
   }
 
-  // getServerEthereumAddress() {
-  //   try {
-  //     const serverCert = this.socket.getPeerCertificate(true);
-  //     if (!serverCert.raw) {
-  //       throw new Error('Failed to get server certificate.');
-  //     }
-  
-  //     // Extract public key from the certificate
-  //     const publicKey = serverCert.pubkey; // May need to parse ASN.1 structure to get the public key
-  //     // Assume you have a method to extract the public key buffer from the certificate
-  
-  //     // Compute Ethereum address from public key
-  //     const publicKeyBuffer = Buffer.from(publicKey); // Ensure it's a Buffer
-  //     const addressBuffer = ethUtil.pubToAddress(publicKeyBuffer, true);
-  
-  //     return addressBuffer; // Return as Buffer
-  //   } catch (error) {
-  //     console.error('Error extracting server Ethereum address:', error);
-  //     throw error;
-  //   }
-  // }
-
-  // Method to extract private key bytes from certPath
+  // Method to extract private key bytes from keyPair
   getPrivateKey() {
-    // Similar to getEthereumAddress(), but return privateKeyBytes
-    // Ensure to handle different key formats (EC PRIVATE KEY and PRIVATE KEY)
     try {
-      const pem = fs.readFileSync(this.certPath, 'utf8');
-      let privateKeyPem;
-      let privateKeyDer;
-      let privateKeyBytes;
-
-      if (pem.includes('-----BEGIN PRIVATE KEY-----')) {
-        // Handle PKCS#8 format
-        privateKeyPem = pem
-          .replace('-----BEGIN PRIVATE KEY-----', '')
-          .replace('-----END PRIVATE KEY-----', '')
-          .replace(/\r?\n|\r/g, '');
-
-        privateKeyDer = Buffer.from(privateKeyPem, 'base64');
-
-        // Define ASN.1 structure for PKCS#8 private key
-        const PrivateKeyInfoASN = asn1.define('PrivateKeyInfo', function () {
-          this.seq().obj(
-            this.key('version').int(),
-            this.key('privateKeyAlgorithm').seq().obj(
-              this.key('algorithm').objid(),
-              this.key('parameters').optional()
-            ),
-            this.key('privateKey').octstr(),
-            this.key('attributes').implicit(0).any().optional(),
-            this.key('publicKey').implicit(1).bitstr().optional()
-          );
-        });
-
-        // Decode the DER-encoded private key
-        const privateKeyInfo = PrivateKeyInfoASN.decode(privateKeyDer, 'der');
-        const privateKeyOctetString = privateKeyInfo.privateKey;
-
-        // Now parse the ECPrivateKey structure inside the octet string
-        const ECPrivateKeyASN = asn1.define('ECPrivateKey', function () {
-          this.seq().obj(
-            this.key('version').int(),
-            this.key('privateKey').octstr(),
-            this.key('parameters').explicit(0).objid().optional(),
-            this.key('publicKey').explicit(1).bitstr().optional()
-          );
-        });
-
-        const ecPrivateKey = ECPrivateKeyASN.decode(privateKeyOctetString, 'der');
-        privateKeyBytes = ecPrivateKey.privateKey;
-      } else if (pem.includes('-----BEGIN EC PRIVATE KEY-----')) {
-        // Handle EC PRIVATE KEY format
-        privateKeyPem = pem
-          .replace('-----BEGIN EC PRIVATE KEY-----', '')
-          .replace('-----END EC PRIVATE KEY-----', '')
-          .replace(/\r?\n|\r/g, '');
-
-        privateKeyDer = Buffer.from(privateKeyPem, 'base64');
-
-        // Define ASN.1 structure for EC private key
-        const ECPrivateKeyASN = asn1.define('ECPrivateKey', function () {
-          this.seq().obj(
-            this.key('version').int(),
-            this.key('privateKey').octstr(),
-            this.key('parameters').explicit(0).objid().optional(),
-            this.key('publicKey').explicit(1).bitstr().optional()
-          );
-        });
-
-        // Decode the DER-encoded private key
-        const ecPrivateKey = ECPrivateKeyASN.decode(privateKeyDer, 'der');
-        privateKeyBytes = ecPrivateKey.privateKey;
-      } else {
-        throw new Error('Unsupported key format. Expected EC PRIVATE KEY or PRIVATE KEY in PEM format.');
-      }
-
+      // Extract private key bytes from the keyPair.prvKeyObj
+      const privateKeyHex = this.keyPair.prvKeyObj.prvKeyHex;
+      const privateKeyBytes = Buffer.from(privateKeyHex, 'hex');
       return privateKeyBytes;
     } catch (error) {
-      logger.error(`Error extracting Ethereum address: ${error}`);
+      logger.error(`Error extracting private key: ${error}`);
       throw error;
     }
   }
@@ -557,6 +416,12 @@ class DiodeConnection extends EventEmitter {
     return ticketCommand;
   }
 
+  getDeviceCertificate() {
+    return this.certPem;
+  }
+
+    
+
   _getNextRequestId() {
     // Increment the request ID counter, wrap around if necessary
     this.requestId = (this.requestId + 1) % Number.MAX_SAFE_INTEGER;

package/examples/RPCTest.js

@@ -4,9 +4,9 @@ const { makeReadable } = require('../utils');
 async function main() {
   const host = 'us2.prenet.diode.io';
   const port = 41046;
-  const certPath = 'device_certificate.pem';
+  const keyLocation = './db/keys.json';
 
-  const connection = new DiodeConnection(host, port, certPath);
+  const connection = new DiodeConnection(host, port, keyLocation);
   await connection.connect();
   const rpc = connection.RPC;
 

package/examples/portForwardTest.js

@@ -3,14 +3,30 @@ const { DiodeConnection, BindPort } = require('../index');
 async function main() {
     const host = 'us2.prenet.diode.io';
     const port = 41046;
-    const certPath = 'device_certificate.pem';
+    const keyLocation = './db/keys.json';
   
-    const connection = new DiodeConnection(host, port, certPath);
+    const connection = new DiodeConnection(host, port, keyLocation);
     await connection.connect();
   
-    const portForward = new BindPort(connection, 3002, 8080, "5365baf29cb7ab58de588dfc448913cb609283e2");
+    const portForward = new BindPort(connection, {
+        3003: { targetPort: 8080, deviceIdHex: "ca1e71d8105a598810578fb6042fa8cbc1e7f039" },
+        3004: { targetPort: 443, deviceIdHex: "5365baf29cb7ab58de588dfc448913cb609283e2" }
+      });
     portForward.bind();
+
+    // after 5 seconds, remove port 3003
+    setTimeout(() => {
+        console.log("Removing port 3003");
+        portForward.removePort(3003);
+    }, 5000);
+
+    // after 10 seconds, add port 3003 back
+    setTimeout(() => {
+        console.log("Adding port 3003 back");
+        portForward.addPort(3003, 8080, "ca1e71d8105a598810578fb6042fa8cbc1e7f039");
+    }, 10000);
+    
     
 }
 
-main();
+main().catch(console.error);

package/examples/publishAndBind.js

@@ -4,14 +4,14 @@ const BindPort = require('../bindPort')
 
 const host = 'us2.prenet.diode.io';
 const port = 41046;
-const certPath = 'device_certificate.pem';
+const keyLocation = './db/keys.json';
 
-const connection = new DiodeConnection(host, port, certPath);
+const connection = new DiodeConnection(host, port, keyLocation);
 
 async function main() {
     await connection.connect();
     const publishedPorts = [8080]; // Ports you want to publish
-    const publishPort = new PublishPort(connection, publishedPorts, certPath);
+    const publishPort = new PublishPort(connection, publishedPorts);
 
     const portForward = new BindPort(connection, 3002, 8080, "5365baf29cb7ab58de588dfc448913cb609283e2");
     portForward.bind();

package/examples/publishPortTest.js

@@ -1,19 +1,40 @@
 // example.js
 
-const DiodeConnection = require('../connection')
-const PublishPort = require('../publishPort')
+const { DiodeConnection, PublishPort } = require('../index');
 
 async function startPublishing() {
   const host = 'us2.prenet.diode.io';
   const port = 41046;
-  const certPath = 'device_certificate.pem';
+  const keyLocation = './db/keys.json';
 
-  const connection = new DiodeConnection(host, port, certPath);
+  const connection = new DiodeConnection(host, port, keyLocation);
   await connection.connect();
 
-  const publishedPorts = [8080]; // Ports you want to publish
-  const publishPort = new PublishPort(connection, publishedPorts, certPath);
-
+  // Create a PublishPort instance with initial ports
+  const publishPort = new PublishPort(connection, {
+    3000: { mode: 'public' },
+    8080: { 
+      mode: 'private',
+      whitelist: ['0xca1e71d8105a598810578fb6042fa8cbc1e7f039'] // Replace with actual addresses
+    }
+  }, keyLocation);
+  
+  console.log('Initial published ports:', publishPort.getPublishedPorts());
+  
+  // After 10 seconds, remove a port
+  setTimeout(() => {
+    console.log("Removing port 8080");
+    publishPort.removePort(3000);
+    console.log('Updated published ports:', publishPort.getPublishedPorts());
+  }, 10000);
+  
+  // After 15 seconds, add multiple ports
+  setTimeout(() => {
+    console.log("Adding multiple ports");
+    publishPort.addPort(3000,{ mode: 'public' });
+    console.log('Updated published ports:', publishPort.getPublishedPorts());
+  }, 15000);
+  
 }
 
-startPublishing();
+startPublishing().catch(console.error);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "diodejs",
-  "version": "0.1.0",
+  "version": "0.1.3",
   "description": "A JavaScript client for interacting with the Diode network. It provides functionalities to bind and publish ports, send RPC commands, and handle responses.",
   "main": "index.js",
   "scripts": {

package/publishPort.js

@@ -36,14 +36,98 @@ class DiodeSocket extends Duplex {
 }
 
 class PublishPort extends EventEmitter {
-  constructor(connection, publishedPorts, certPath) {
+  constructor(connection, publishedPorts, _certPath = null) {
     super();
     this.connection = connection;
-    this.publishedPorts = new Set(publishedPorts); // Convert array to a Set
-    // Remove local connections map and use the one from connection
-    this.startListening();
     this.rpc = new DiodeRPC(connection);
-    this.certPath = certPath;
+    
+    // Convert publishedPorts to a Map with configurations
+    this.publishedPorts = new Map();
+    
+    // Initialize with the provided ports
+    if (publishedPorts) {
+      this.addPorts(publishedPorts);
+    }
+    
+    this.startListening();
+    if (this.publishedPorts.size > 0) {
+      logger.info(`Publishing ports: ${Array.from(this.publishedPorts.keys())}`);
+    } else {
+      logger.info("No ports published initially");
+    }
+  }
+
+  // Add a single port with configuration
+  addPort(port, config = { mode: 'public', whitelist: [] }) {
+    const portNum = parseInt(port, 10);
+    
+    // Normalize the configuration
+    const portConfig = {
+      mode: config.mode || 'public',
+      whitelist: Array.isArray(config.whitelist) ? config.whitelist : []
+    };
+    
+    // Add to map
+    this.publishedPorts.set(portNum, portConfig);
+    logger.info(`Added published port ${portNum} with mode: ${portConfig.mode}`);
+    
+    return true;
+  }
+  
+  // Remove a published port
+  removePort(port) {
+    const portNum = parseInt(port, 10);
+    
+    if (!this.publishedPorts.has(portNum)) {
+      logger.warn(`Port ${portNum} is not published`);
+      return false;
+    }
+    
+    // Close any active connections for this port
+    // This could require tracking active connections by port
+    // For now, let's log about active connections
+    const activeConnections = Array.from(this.connection.connections.values())
+      .filter(conn => conn.port === portNum);
+      
+    if (activeConnections.length > 0) {
+      logger.warn(`Removing port ${portNum} with ${activeConnections.length} active connections`);
+      // We could close these connections, but they'll be rejected naturally on next data transfer
+    }
+    
+    this.publishedPorts.delete(portNum);
+    logger.info(`Removed published port ${portNum}`);
+    
+    return true;
+  }
+  
+  // Add multiple ports at once (from array or object)
+  addPorts(ports) {
+    if (Array.isArray(ports)) {
+      // Legacy array format - treat all ports as public
+      ports.forEach(port => {
+        this.addPort(port);
+      });
+    } else if (typeof ports === 'object' && ports !== null) {
+      // New object format with configurations
+      Object.entries(ports).forEach(([port, config]) => {
+        this.addPort(port, config);
+      });
+    }
+    
+    return this;
+  }
+  
+  // Get all published ports with their configurations
+  getPublishedPorts() {
+    return Object.fromEntries(this.publishedPorts.entries());
+  }
+  
+  // Clear all published ports
+  clearPorts() {
+    const portCount = this.publishedPorts.size;
+    this.publishedPorts.clear();
+    logger.info(`Cleared ${portCount} published ports`);
+    return portCount;
   }
 
   startListening() {
@@ -76,7 +160,7 @@ class PublishPort extends EventEmitter {
     const sessionId = Buffer.from(sessionIdRaw);
     const portString = makeReadable(portStringRaw);
     const ref = Buffer.from(refRaw);
-    const deviceId = Buffer.from(deviceIdRaw).toString('hex');
+    const deviceId = `0x${Buffer.from(deviceIdRaw).toString('hex')}`;
 
     logger.info(`Received portopen request for portString ${portString} with ref ${ref.toString('hex')} from device ${deviceId}`);
 
@@ -87,7 +171,6 @@ class PublishPort extends EventEmitter {
       port = portString;
     } else {
       var [protocol, portStr] = portString.split(':');
-      console.log(`Protocol: ${protocol}, Port: ${portStr}`);
       if (!portStr) {
         portStr = protocol;
         protocol = 'tcp';
@@ -96,20 +179,31 @@ class PublishPort extends EventEmitter {
     }
 
     // Check if the port is published
-    if (!this.publishedPorts.has(port)) { // Use .has() instead of .includes()
+    if (!this.publishedPorts.has(port)) {
       logger.warn(`Port ${port} is not published. Rejecting request.`);
       // Send error response
       this.rpc.sendError(sessionId, ref, 'Port is not published');
       return;
     }
 
+    // Get port configuration and check whitelist if in private mode
+    const portConfig = this.publishedPorts.get(port);
+    if (portConfig.mode === 'private' && Array.isArray(portConfig.whitelist)) {
+      if (!portConfig.whitelist.includes(deviceId)) {
+        logger.warn(`Device ${deviceId} is not whitelisted for port ${port}. Rejecting request.`);
+        this.rpc.sendError(sessionId, ref, 'Device not whitelisted');
+        return;
+      }
+      logger.info(`Device ${deviceId} is whitelisted for port ${port}. Accepting request.`);
+    }
+
     // Handle based on protocol
     if (protocol === 'tcp') {
-      this.handleTCPConnection(sessionId, ref, port);
+      this.handleTCPConnection(sessionId, ref, port, deviceId);
     } else if (protocol === 'tls') {
-      this.handleTLSConnection(sessionId, ref, port);
+      this.handleTLSConnection(sessionId, ref, port, deviceId);
     } else if (protocol === 'udp') {
-      this.handleUDPConnection(sessionId, ref, port);
+      this.handleUDPConnection(sessionId, ref, port, deviceId);
     } else {
       logger.warn(`Unsupported protocol: ${protocol}`);
       this.rpc.sendError(sessionId, ref, `Unsupported protocol: ${protocol}`);
@@ -141,7 +235,7 @@ class PublishPort extends EventEmitter {
     }
   }
 
-  handleTCPConnection(sessionId, ref, port) {
+  handleTCPConnection(sessionId, ref, port, deviceId) {
     // Create a TCP connection to the local service on the specified port
     const localSocket = net.connect({ port: port }, () => {
       logger.info(`Connected to local TCP service on port ${port}`);
@@ -153,17 +247,19 @@ class PublishPort extends EventEmitter {
     this.setupLocalSocketHandlers(localSocket, ref, 'tcp');
 
     // Store the local socket with the ref using connection's method
-    this.connection.addConnection(ref, { socket: localSocket, protocol: 'tcp' });
+    this.connection.addConnection(ref, { socket: localSocket, protocol: 'tcp', port, deviceId });
   }
 
-  handleTLSConnection(sessionId, ref, port) {
+  handleTLSConnection(sessionId, ref, port, deviceId) {
     // Create a DiodeSocket instance
     const diodeSocket = new DiodeSocket(ref, this.rpc);
 
+    certPem = this.connection.getDeviceCertificate();
+
     // TLS options with your server's certificate and key
     const tlsOptions = {
-      cert: fs.readFileSync(this.certPath),
-      key: fs.readFileSync(this.certPath),
+      cert: certPem,
+      key: certPem,
       rejectUnauthorized: false,
       ciphers: 'ECDHE-ECDSA-AES256-GCM-SHA384',
       ecdhCurve: 'secp256k1',
@@ -195,7 +291,6 @@ class PublishPort extends EventEmitter {
     });
 
     tlsSocket.on('close', () => {
-      console.log('TLS Socket closed');
       this.connection.deleteConnection(ref);
     });
 
@@ -205,10 +300,12 @@ class PublishPort extends EventEmitter {
       tlsSocket,
       localSocket,
       protocol: 'tls',
+      port,
+      deviceId,
     });
   }
 
-  handleUDPConnection(sessionId, ref, port) {
+  handleUDPConnection(sessionId, ref, port, deviceId) {
     // Create a UDP socket
     const localSocket = dgram.createSocket('udp4');
 
@@ -223,6 +320,8 @@ class PublishPort extends EventEmitter {
       socket: localSocket,
       protocol: 'udp',
       remoteInfo,
+      port,
+      deviceId
     });
 
     logger.info(`UDP connection set up on port ${port}`);
@@ -253,8 +352,26 @@ class PublishPort extends EventEmitter {
     const data = Buffer.from(dataRaw)//.slice(4);
 
     const connectionInfo = this.connection.getConnection(ref);
+    // Check if the port is still open and address is still in whitelist
     if (connectionInfo) {
-      const { socket: localSocket, protocol, remoteInfo } = connectionInfo;
+      const { socket: localSocket, protocol, remoteInfo, port, deviceId } = connectionInfo;
+
+      if (!this.publishedPorts.has(port)) {
+        logger.warn(`Port ${port} is not published. Sending portclose.`);
+        this.rpc.portClose(ref);
+        this.connection.deleteConnection(ref);
+        return;
+      }
+
+      const portConfig = this.publishedPorts.get(port);
+      if (portConfig.mode === 'private' && Array.isArray(portConfig.whitelist)) {
+        if (!portConfig.whitelist.includes(deviceId)) {
+          logger.warn(`Device ${deviceId} is not whitelisted for port ${port}. Sending portclose.`);
+          this.rpc.portClose(ref);
+          this.connection.deleteConnection(ref);
+          return;
+        }
+      }
 
       if (protocol === 'udp') {
         // Send data to the local UDP service

package/utils.js

@@ -80,19 +80,32 @@ function parseReason(reasonRaw) {
   }
 }
 
-function generateCert(path) {
-  var kp = KEYUTIL.generateKeypair("EC", "secp256k1");
-
-  var priv = KEYUTIL.getPEM(kp.prvKeyObj, "PKCS8PRV");
-
-  pub = KEYUTIL.getPEM(kp.pubKeyObj, "PKCS8PUB");
-
+function generateCert(privateKeyObj, publicKeyObj) {
+  // Generate a certificate valid for 1 month
+  function formatDate(date) {
+    const pad = n => n < 10 ? '0' + n : n;
+    return String(date.getUTCFullYear()).slice(2) +
+           pad(date.getUTCMonth() + 1) +
+           pad(date.getUTCDate()) +
+           pad(date.getUTCHours()) +
+           pad(date.getUTCMinutes()) +
+           pad(date.getUTCSeconds()) +
+           'Z';
+  }
+  
+  const now = new Date();
+  const notBefore = formatDate(new Date(now.getTime() - 30 * 24 * 60 * 60 * 1000)); // 30 days before now
+  const notAfter = formatDate(new Date(now.getTime() + 30 * 24 * 60 * 60 * 1000));  // 30 days after now
+  
+  
   var x = new KJUR.asn1.x509.Certificate({
       version: 3,
-      serial: { int: 4 },
+      serial: { int: Math.floor(Math.random() * 1000000) },
       issuer: { str: "/CN=device" },
+      notbefore: notBefore,
+      notafter: notAfter,
       subject: { str: "/CN=device" },
-      sbjpubkey: kp.pubKeyObj, 
+      sbjpubkey: publicKeyObj, 
       ext: [
           { extname: "basicConstraints", cA: false },
           { extname: "keyUsage", critical: true, names: ["digitalSignature"] },
@@ -102,14 +115,52 @@ function generateCert(path) {
           }
       ],
       sigalg: "SHA256withECDSA",
-      cakey: kp.prvKeyObj
+      cakey: privateKeyObj
   });
 
+  // Get PEM representations
+  const priv = KEYUTIL.getPEM(privateKeyObj, "PKCS8PRV");
+  
+  
+  // Return the certificate with private key
+  return priv + x.getPEM();
+}
 
-  const pemFile = priv + x.getPEM();
-  ensureDirectoryExistence(path);
-
-  fs.writeFileSync(path, pemFile , 'utf8');
+function loadOrGenerateKeyPair(keyLocation) {
+  try {
+    ensureDirectoryExistence(keyLocation);
+    
+    // Try to load existing keys
+    if (fs.existsSync(keyLocation)) {
+      logger.info(`Loading keys from ${keyLocation}`);
+      const keyData = JSON.parse(fs.readFileSync(keyLocation, 'utf8'));
+      
+      // Convert the stored JSON back to keypair objects
+      const prvKeyObj = KEYUTIL.getKeyFromPlainPrivatePKCS8PEM(keyData.privateKey);
+      const pubKeyObj = KEYUTIL.getKey(keyData.publicKey);
+      
+      return { prvKeyObj, pubKeyObj };
+    } else {
+      // Generate new keypair
+      logger.info(`Generating new key pair at ${keyLocation}`);
+      const kp = KEYUTIL.generateKeypair("EC", "secp256k1");
+      
+      // Store the keys in a serializable format
+      const keyData = {
+        privateKey: KEYUTIL.getPEM(kp.prvKeyObj, "PKCS8PRV"),
+        publicKey: KEYUTIL.getPEM(kp.pubKeyObj, "PKCS8PUB"),
+        check: kp.prvKeyObj.prvKeyHex
+      };
+      
+      // Save to file
+      fs.writeFileSync(keyLocation, JSON.stringify(keyData, null, 2), 'utf8');
+      
+      return kp;
+    }
+  } catch (error) {
+    logger.error(`Error loading or generating key pair: ${error}`);
+    throw error;
+  }
 }
 
 function ensureDirectoryExistence(filePath) {
@@ -121,4 +172,12 @@ function ensureDirectoryExistence(filePath) {
   fs.mkdirSync(dirname);
 }
 
-module.exports = { makeReadable, parseRequestId, parseResponseType, parseReason, generateCert };
+module.exports = { 
+  makeReadable, 
+  parseRequestId, 
+  parseResponseType, 
+  parseReason, 
+  generateCert, 
+  loadOrGenerateKeyPair,
+  ensureDirectoryExistence 
+};