Skip to content

Commit

Permalink
Merge pull request #166 from ssvlabs/redo-certificats
Browse files Browse the repository at this point in the history
chore: fix certificat creation in entry point
  • Loading branch information
MatusKysel authored Dec 12, 2024
2 parents a1a25d2 + e2bd629 commit b2eb96a
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 17 deletions.
4 changes: 2 additions & 2 deletions cli/flags/operator.go
Original file line number Diff line number Diff line change
Expand Up @@ -122,12 +122,12 @@ func OperatorIDFlag(c *cobra.Command) {

// ServerTLSCertPath sets path to server TLS certificate
func SetServerTLSCertPath(c *cobra.Command) {
AddPersistentStringFlag(c, serverTLSCertPath, "./ssl/tls.crt", "Path to server TLS certificate", false)
AddPersistentStringFlag(c, serverTLSCertPath, "./data/ssl/tls.crt", "Path to server TLS certificate", false)
}

// ServerTLSKeyPath sets path to server server TLS private key
func SetServerTLSKeyPath(c *cobra.Command) {
AddPersistentStringFlag(c, serverTLSKeyPath, "./ssl/tls.key", "Path to server TLS private key", false)
AddPersistentStringFlag(c, serverTLSKeyPath, "./data/ssl/tls.key", "Path to server TLS private key", false)
}

// SetEthEndpointURL
Expand Down
41 changes: 27 additions & 14 deletions entry-point.sh
Original file line number Diff line number Diff line change
@@ -1,27 +1,40 @@
#!/bin/sh

# Setup directory for certificates
CERT_DIR=./ssl
CERT_DIR=./data/ssl
mkdir -p "$CERT_DIR"

# Paths to the certificate and key files
CERT_FILE="$CERT_DIR/tls.crt"
KEY_FILE="$CERT_DIR/tls.key"

# Check if the first argument is "start-operator"
if [ "$1" = "start-operator" ]; then
# Generate a self-signed SSL certificate only if it doesn't exist
if [ ! -f "$CERT_FILE" ] || [ ! -f "$KEY_FILE" ]; then
echo "Certificate or key file not found. Generating new SSL certificate and key."
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
-keyout "$KEY_FILE" -out "$CERT_FILE" \
-subj "/C=CN/ST=GD/L=SZ/O=$CN, Inc./CN=$CN" \
-addext "subjectAltName = DNS:$CN" \
-CA $CA -CAkey $CAkey
else
echo "Existing SSL certificate and key found. Using them."
fi

# Generate a self-signed SSL certificate only if it doesn't exist
if [ ! -f "$CERT_FILE" ] || [ ! -f "$KEY_FILE" ]; then
echo "Certificate or key file not found. Generating new SSL certificate and key."
if [ -z "$CN" ] || [ -z "$CA" ] || [ -z "$CAkey" ]; then
echo "Generating self-signed certificate..."
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
-keyout "$KEY_FILE" -out "$CERT_FILE" \
-subj "/C=CN/ST=GD/L=SZ/O=localhost, Inc./CN=localhost" || {
echo "Error: Failed to generate self-signed certificate."
exit 1
}
else
echo "Generating CA-signed certificate..."
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
-keyout "$KEY_FILE" -out "$CERT_FILE" \
-subj "/C=CN/ST=GD/L=SZ/O=$CN, Inc./CN=$CN" \
-addext "subjectAltName=DNS:$CN" \
-CA "$CA" -CAkey "$CAkey" || {
echo "Error: Failed to generate CA-signed certificate."
exit 1
}
fi
else
echo "Existing SSL certificate and key found. Using them."
fi


# Execute the main binary and pass all script arguments
exec /bin/ssv-dkg "$@"
2 changes: 1 addition & 1 deletion examples/config/resign.example.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,6 @@ logLevel: info
logFormat: json
logLevelFormat: capitalColor
logFilePath: ./data/initiator/output/initiator_debug.log
proofsFilePath: ./data/initiator/output/ceremony-2024-11-18--16-04-55.529/proofs.json
proofsFilePath: ./data/initiator/output/ceremony-2024-10-14--13-44-41.296/proofs.json
signatures: 8eb5bce8a1bf52f106233954b096504c934d08962003c41eff1a29e05ddeeebe34133dd66c7fa9512ae74d3124a9f60ee270f312c08c60512a5009ac9bca78911b
clientCACertPath: ./data/initiator/rootCA.crt

0 comments on commit b2eb96a

Please sign in to comment.