FEAT: Extend binary to generate certificates

multiversx · Dec 18, 2023 · 4c2a2e4 · 4c2a2e4
1 parent ba1c9fe
commit 4c2a2e4
Show file tree

Hide file tree

Showing 6 changed files with 72 additions and 54 deletions.
diff --git a/cert/cert.go b/cert/cert.go
@@ -32,6 +32,8 @@ type FileCfg struct {
 	PkFile   string
 }
 
+const day = time.Hour * 24
+
 func GenerateCert(cfg CertCfg) ([]byte, *rsa.PrivateKey, error) {
 	pk, err := rsa.GenerateKey(rand.Reader, 2048)
 	if err != nil {
@@ -52,7 +54,7 @@ func GenerateCert(cfg CertCfg) ([]byte, *rsa.PrivateKey, error) {
 		},
 		DNSNames:              []string{cfg.DNSName},
 		NotBefore:             time.Now(),
-		NotAfter:              time.Now().Add(time.Duration(cfg.Availability) * time.Hour),
+		NotAfter:              time.Now().Add(time.Duration(cfg.Availability) * day),
 		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
 		BasicConstraintsValid: true,

diff --git a/cert/certificate.crt b/cert/certificate.crt
diff --git a/cert/cmd/cert/flags.go b/cert/cmd/cert/flags.go
@@ -0,0 +1,21 @@
+package main
+
+import "github.com/urfave/cli"
+
+var (
+	organizationFlag = cli.StringFlag{
+		Name:  "organization",
+		Usage: "This flag specifies the organization name which will generate the certificate",
+		Value: "MultiversX",
+	}
+	dnsFlag = cli.StringFlag{
+		Name:  "dns",
+		Usage: "This flag specifies the server's dns for tls connection",
+		Value: "localhost",
+	}
+	availabilityFlag = cli.StringFlag{
+		Name:  "availability",
+		Usage: "This flag specifies the certificate's availability in days starting from current timestamp",
+		Value: "365",
+	}
+)
diff --git a/cert/cmd/cert/main.go b/cert/cmd/cert/main.go
@@ -1,22 +1,64 @@
 package main
 
 import (
-	"fmt"
+	"os"
 
+	logger "github.com/multiversx/mx-chain-logger-go"
 	"github.com/multiversx/mx-chain-sovereign-bridge-go/cert"
+	"github.com/urfave/cli"
 )
 
+var log = logger.GetOrCreate("cert")
+
 func main() {
+
+	app := cli.NewApp()
+	app.Name = "Certificate generator"
+	app.Usage = "Generate certificate (.crt + .pem) for grpc tls connection between server and client.\n" +
+		"->Certificate Generation: To enable secure communication, generate a certificate pair containing a .crt (certificate) " +
+		"and a .pem (private key) for both the server and the sovereign nodes (clients). This will facilitate the encryption and " +
+		"authentication required for the gRPC TLS connection.\n" +
+		"->Authentication of Clients: The server, acting as the hot wallet binary, should authenticate and validate the sovereign nodes (clients) " +
+		"attempting to connect. Only trusted clients with the matching certificate will be granted access to interact with the hot wallet binary.\n" +
+		"->Ensuring Secure Transactions: Utilize the certificate-based authentication mechanism to ensure that only authorized sovereign nodes can access the hot wallet binary. " +
+		"This step is crucial in maintaining the integrity and security of transactions being sent from the sovereign shards to the main chain.\n" +
+		"->Ongoing Security Measures: Regularly review and update the certificate mechanism to maintain security. This includes renewal of certificates, " +
+		"implementing security best practices, and promptly revoking access for compromised or unauthorized clients."
+	app.Action = generateCertificate
+	app.Flags = []cli.Flag{
+		organizationFlag,
+		dnsFlag,
+		availabilityFlag,
+	}
+
+	err := app.Run(os.Args)
+	if err != nil {
+		log.Error(err.Error())
+		os.Exit(1)
+	}
+
+}
+
+func generateCertificate(ctx *cli.Context) error {
+	organization := ctx.GlobalString(organizationFlag.Name)
+	dns := ctx.GlobalString(dnsFlag.Name)
+	availability := ctx.GlobalInt64(availabilityFlag.Name)
+
 	err := cert.GenerateCertFile(cert.CertificateCfg{
 		CertCfg: cert.CertCfg{
-			Organization: "MultiversX",
-			DNSName:      "localhost",
-			Availability: 10,
+			Organization: organization,
+			DNSName:      dns,
+			Availability: availability,
 		},
 		CertFileCfg: cert.FileCfg{
 			CertFile: "certificate.crt",
 			PkFile:   "private_key.pem",
 		},
 	})
-	fmt.Println(err)
+	if err != nil {
+		return err
+	}
+
+	log.Info("generated files successfully")
+	return nil
 }
diff --git a/cert/private_key.pem b/cert/private_key.pem
diff --git a/server/cmd/server/main.go b/server/cmd/server/main.go
@@ -82,8 +82,8 @@ func startServer(ctx *cli.Context) error {
 	if err != nil {
 		return err
 	}
-	tlsCredentials := credentials.NewTLS(tlsConfig)
 
+	tlsCredentials := credentials.NewTLS(tlsConfig)
 	grpcServer := grpc.NewServer(
 		grpc.Creds(tlsCredentials),
 	)