FEAT: Create cert file with cfg

multiversx · Dec 15, 2023 · a24f7cc · a24f7cc
1 parent 5510f1c
commit a24f7cc
Show file tree

Hide file tree

Showing 10 changed files with 115 additions and 159 deletions.
diff --git a/cert/cert.go b/cert/cert.go
@@ -10,86 +10,96 @@ import (
 	"math/big"
 	"os"
 	"time"
+
+	logger "github.com/multiversx/mx-chain-logger-go"
 )
 
-func GenerateCert() (*tls.Certificate, error) {
+var log = logger.GetOrCreate("cert")
+
+type CertificateCfg struct {
+	CertCfg     CertCfg
+	CertFileCfg CertFileCfg
+}
+
+type CertCfg struct {
+	Organization string
+	DNSName      string
+	Availability int64
+}
+
+type CertFileCfg struct {
+	OutFileCert string
+	OutFilePk   string
+}
+
+func GenerateCert(cfg CertCfg) ([]byte, *rsa.PrivateKey, error) {
 	pk, err := rsa.GenerateKey(rand.Reader, 2048)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
+	}
+
+	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
+	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
+	if err != nil {
+		return nil, nil, err
 	}
 
 	template := &x509.Certificate{
-		SerialNumber: big.NewInt(1),
+		SerialNumber: serialNumber,
 		Subject: pkix.Name{
-			Organization: []string{"MultiversX"},
-			CommonName:   "Username", // Will be checked by the server
+			Organization: []string{cfg.Organization},
+			CommonName:   cfg.Organization,
 		},
+		DNSNames:              []string{cfg.DNSName},
 		NotBefore:             time.Now(),
-		NotAfter:              time.Now().Add(time.Hour),
+		NotAfter:              time.Now().Add(time.Duration(cfg.Availability) * time.Hour),
 		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
-		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
 		BasicConstraintsValid: true,
 	}
 
 	cert, err := x509.CreateCertificate(rand.Reader, template, template, pk.Public(), pk)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 
-	tlsCert := tls.Certificate{
-		Certificate: [][]byte{cert},
-		PrivateKey:  pk,
-	}
-
-	return &tlsCert, nil
-
-	//conn, err := grpc.DialContext(ctx, net.JoinHostPort(addr, port),
-	//	grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig)),
-	//)
+	return cert, pk, nil
 }
 
-func GenerateCertFile() error {
-	pk, err := rsa.GenerateKey(rand.Reader, 2048)
+func GenerateCertFile(cfg CertificateCfg) error {
+	cert, pk, err := GenerateCert(cfg.CertCfg)
 	if err != nil {
 		return err
 	}
 
-	template := &x509.Certificate{
-		SerialNumber: big.NewInt(1),
-		Subject: pkix.Name{
-			Organization: []string{"MultiversX"},
-			CommonName:   "MultiversX Bridge", // Will be checked by the server
-		},
-		DNSNames:              []string{"localhost"},
-		NotBefore:             time.Now(),
-		NotAfter:              time.Now().Add(time.Hour),
-		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
-		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
-		BasicConstraintsValid: true,
+	certOut, err := os.Create(cfg.CertFileCfg.OutFileCert)
+	if err != nil {
+		return err
 	}
+	defer func() {
+		err = certOut.Close()
+		log.LogIfError(err)
+	}()
 
-	cert, err := x509.CreateCertificate(rand.Reader, template, template, pk.Public(), pk)
+	err = pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: cert})
 	if err != nil {
 		return err
 	}
 
-	certFile := "certificate.crt"
-	keyFile := "private_key.pem"
-
-	certOut, err := os.Create(certFile)
+	keyOut, err := os.Create(cfg.CertFileCfg.OutFilePk)
 	if err != nil {
 		return err
 	}
-	defer certOut.Close()
-	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: cert})
+	defer func() {
+		err = keyOut.Close()
+		log.LogIfError(err)
+	}()
 
-	keyOut, err := os.Create(keyFile)
+	privBytes := x509.MarshalPKCS1PrivateKey(pk)
+	err = pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: privBytes})
 	if err != nil {
 		return err
 	}
-	defer keyOut.Close()
-	privBytes := x509.MarshalPKCS1PrivateKey(pk)
-	pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: privBytes})
 
 	return nil
 }

diff --git a/cert/certificate.crt b/cert/certificate.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMzCCAhugAwIBAgIQZRWJbdDEYUsEetoVBpuWpTANBgkqhkiG9w0BAQsFADAq
+MRMwEQYDVQQKEwpNdWx0aXZlcnNYMRMwEQYDVQQDEwpNdWx0aXZlcnNYMB4XDTIz
+MTIxNTEzMDQxOFoXDTIzMTIxNTIzMDQxOFowKjETMBEGA1UEChMKTXVsdGl2ZXJz
+WDETMBEGA1UEAxMKTXVsdGl2ZXJzWDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAL9Me6/qYZSCYMrvEQaUOLPSa0x0UC2xzCo894wYEG4zf/oCnBvjEssg
+prFbjqiIBKiIxgl4EjwHaOnSblhv0xWsdxiZHtQDzo2VwAts50mj8mqfEpGPkXKi
+u2m2K2TdLytkrVnn2iIUij31uII25Bd72uVZWdJbQZPNRjgnVfEfx+1fuA7g0gA1
+YkN8Ao0NW8Jj3KxT/xZbZSXk/uc8XhXBQPqE8CNmgSg1t7ZDl9s0Ek3HxkHUjCqV
+zHlhm6+FXE8QWSrGiFcW+WPqCdNvm7ySkeTOaJCR8Ii4mhlpm5o5+f8ZAnMp4u3H
+68gWkqz132Lk4yFopbktziT4I8eqW4MCAwEAAaNVMFMwDgYDVR0PAQH/BAQDAgWg
+MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBQG
+A1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAJHm8LUuV8mgr
+gpgpJarNxUw0WQfyIdxsYC6yiLP3R69leb3DGpOwAHbeAjvq6cEtgAEHWb8pYXDL
+f6zBbNbsnu70e2CZP/Dp4Rvob1Sl8QLlhDhftl4jKOhhXzUXRo5mogy3cAPSTCHz
+UDeatEunvC3lKOGb2Og+8sbBfYAcnThVqF3efI8NPRnzsUMJKSzGNobIYFjDYrtm
+zOHhx5gaAZ6GCNueA+CAEBue74I/JfdbiFjTU3Racwci0cUCXxjXNOI0MWmYi7J5
+93rYKsWvhPNcyJ3jEksorhfKAjW4s6zvPwOZv2m01TIJ6KTVqqPRCAtiVm2mWXyW
+vc6vRcBWBg==
+-----END CERTIFICATE-----
diff --git a/cert/cmd/cert/main.go b/cert/cmd/cert/main.go
@@ -7,6 +7,16 @@ import (
 )
 
 func main() {
-	err := cert.GenerateCertFile()
+	err := cert.GenerateCertFile(cert.CertificateCfg{
+		CertCfg: cert.CertCfg{
+			Organization: "MultiversX",
+			DNSName:      "localhost",
+			Availability: 10,
+		},
+		CertFileCfg: cert.CertFileCfg{
+			OutFileCert: "certificate.crt",
+			OutFilePk:   "private_key.pem",
+		},
+	})
 	fmt.Println(err)
 }
diff --git a/cert/private_key.pem b/cert/private_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAv0x7r+phlIJgyu8RBpQ4s9JrTHRQLbHMKjz3jBgQbjN/+gKc
+G+MSyyCmsVuOqIgEqIjGCXgSPAdo6dJuWG/TFax3GJke1APOjZXAC2znSaPyap8S
+kY+RcqK7abYrZN0vK2StWefaIhSKPfW4gjbkF3va5VlZ0ltBk81GOCdV8R/H7V+4
+DuDSADViQ3wCjQ1bwmPcrFP/FltlJeT+5zxeFcFA+oTwI2aBKDW3tkOX2zQSTcfG
+QdSMKpXMeWGbr4VcTxBZKsaIVxb5Y+oJ02+bvJKR5M5okJHwiLiaGWmbmjn5/xkC
+cyni7cfryBaSrPXfYuTjIWiluS3OJPgjx6pbgwIDAQABAoIBACYhUZob5r1aS37H
+riYYj0DQlVCU8pJZGS/mHRWQil3c6ApmUMWCOnHAnVlGvaW8Dumk8YxboY7Tj0bk
+CdiY2YM9cDO3+Zwa8iXojnH4kBVul1hHQsU+z6gA5chJZlbhe5BzrdX4z9LxMyjs
+fI1/8XD44AXNDIlQZT7XsMJqnMfFzJ1Lw659iOTe+QqgKPJXFiDYtisEZG71rfjA
+9awmvX39jejzcyiUkNlv4wyRyuiX0xr24FOcXuHk0DNwkdDHLaFqWzF9IpXUOJqu
+JQNMroSnhaPd0P2MvQOH4HtcLlYkoCamn9IYD9AD3PM8I4mmwaLgQJX68+ifhDEr
+Iue6lxkCgYEA03vWxpW0EkkVTdm8jUqmUSkChxDyG1Prftg1RoDnXp6dN+//9spB
+bmQM1f8LDn66dWEO6XXcgPh+aCGQSySs3wvOYJN5amBRFwqkpbXjpgsCIp1qm1g9
+uYKzm0CH8UaDnjdoE+vhAjKQwHZdGcj3nZCVtI9gn+dzaEtOW6wpgU0CgYEA55Dx
+KY5Q6wR6he3AaDeklmNkh0qhYFAzt7FICsPhsbVchExmDBovGUXDFWePjxh/Q09q
+J2Tum5VqqMCb7S1Tyak+FC/mNcF92wBr8e7BF3kLcP7t9zW/V6/fLCHKSqqCeoXZ
+NvI1xbR//lxsQ1/XtBnNdUXnnGTWRNW8wB1G6A8CgYEAsi6H0b81/aYHxhTq0RyR
+LpZf4866PZ4iLzgZAvL+fXEkQ4n5XkQghtLTIcYF2cuaa+U/vCGqjBtR3YhR243l
+/PMkiagXRzIpgEFeYaPzTuW9gc6hkIrzToa5rtfa8cUYhchm70nwxXo3DYFshZoW
+TnIQQBYBMhi+2qOAPKq8OY0CgYBubLvT6T3FFLmorBuYlxAxduw1Z+1UlGpVKoEE
+QSybJbUckaIIG2RiVNYWmu/mePQXEQO6DXOLVdEq785rZ7YQ8FfeIIlTERYHHUhc
+clI580r1c1vfCw5XrlJqJSLmQDFAZBuVDCOAR/bRQRmPd2DRTYygY9lyxtM2uAXu
+RwfNGQKBgQCC8TVhfhu5dtFZqyTewN0YIIG1fuZBhXvKkWinSlmSsM6XO9oqE9p9
+bGqv6IFvsyI2NbM5omETfAvaedbnjG7TL8NszGv+3u98dn8vZMZdgvXAsnqzf/tO
+79TMMpzTuZATHX7qlUMXRTSGEinVCKXvGJXudvfDZwqooq9DkV1NWw==
+-----END RSA PRIVATE KEY-----
diff --git a/client/cmd/client/certificate.crt b/client/cmd/client/certificate.crt
diff --git a/client/cmd/client/private_key.pem b/client/cmd/client/private_key.pem
diff --git a/client/factory.go b/client/factory.go
@@ -36,7 +36,7 @@ func CreateClient(cfg *config.ClientConfig) (ClientHandler, error) {
 func connectWithRetrials(host string) (GRPCConn, error) {
 	//credentials := insecure.NewCredentials()
 	//opts := grpc.WithTransportCredentials(credentials)
-	certt, err := cert.LoadCertificate("certificate.crt", "private_key.pem")
+	certt, err := cert.LoadCertificate("../../../cert/certificate.crt", "../../../cert/private_key.pem")
 	if err != nil {
 		return nil, err
 	}

diff --git a/server/cmd/server/certificate.crt b/server/cmd/server/certificate.crt
diff --git a/server/cmd/server/main.go b/server/cmd/server/main.go
@@ -78,34 +78,17 @@ func startServer(ctx *cli.Context) error {
 		return err
 	}
 
-	certCfg, err := cert.GenerateCert()
-	if err != nil {
-		return err
-	}
-
-	CertPool := x509.NewCertPool()
-
-	//certLeaf, err := x509.ParseCertificate(certCfg.Certificate[0])
-	//if err != nil {
-	//	return err
-	//}
-
-	tlsConfig := &tls.Config{
-		Certificates: []tls.Certificate{*certCfg},
-		ClientCAs:    CertPool,
-		ClientAuth:   tls.RequireAndVerifyClientCert,
-	}
-
-	certt, err := cert.LoadCertificate("certificate.crt", "private_key.pem")
+	certt, err := cert.LoadCertificate("../../../cert/certificate.crt", "../../../cert/private_key.pem")
 	if err != nil {
 		return err
 	}
 	certLeaf, err := x509.ParseCertificate(certt.Certificate[0])
 	if err != nil {
 		return err
 	}
+	CertPool := x509.NewCertPool()
 	CertPool.AddCert(certLeaf)
-	tlsConfig = &tls.Config{
+	tlsConfig := &tls.Config{
 		Certificates: []tls.Certificate{certt},
 		ClientCAs:    CertPool,
 		ClientAuth:   tls.RequireAndVerifyClientCert,

diff --git a/server/cmd/server/private_key.pem b/server/cmd/server/private_key.pem