From e2bd629fbba36fd8cb06eb22b9f2ca87e8ec2048 Mon Sep 17 00:00:00 2001 From: Matus Kysel Date: Tue, 10 Dec 2024 09:47:16 +0100 Subject: [PATCH] chore: fix certificat creation in entry point --- cli/flags/operator.go | 4 +-- entry-point.sh | 41 +++++++++++++++++++---------- examples/config/resign.example.yaml | 2 +- 3 files changed, 30 insertions(+), 17 deletions(-) diff --git a/cli/flags/operator.go b/cli/flags/operator.go index 1de44ce9..bed485e9 100644 --- a/cli/flags/operator.go +++ b/cli/flags/operator.go @@ -122,12 +122,12 @@ func OperatorIDFlag(c *cobra.Command) { // ServerTLSCertPath sets path to server TLS certificate func SetServerTLSCertPath(c *cobra.Command) { - AddPersistentStringFlag(c, serverTLSCertPath, "./ssl/tls.crt", "Path to server TLS certificate", false) + AddPersistentStringFlag(c, serverTLSCertPath, "./data/ssl/tls.crt", "Path to server TLS certificate", false) } // ServerTLSKeyPath sets path to server server TLS private key func SetServerTLSKeyPath(c *cobra.Command) { - AddPersistentStringFlag(c, serverTLSKeyPath, "./ssl/tls.key", "Path to server TLS private key", false) + AddPersistentStringFlag(c, serverTLSKeyPath, "./data/ssl/tls.key", "Path to server TLS private key", false) } // SetEthEndpointURL diff --git a/entry-point.sh b/entry-point.sh index 6e783ab5..03dbc08d 100644 --- a/entry-point.sh +++ b/entry-point.sh @@ -1,27 +1,40 @@ #!/bin/sh # Setup directory for certificates -CERT_DIR=./ssl +CERT_DIR=./data/ssl mkdir -p "$CERT_DIR" # Paths to the certificate and key files CERT_FILE="$CERT_DIR/tls.crt" KEY_FILE="$CERT_DIR/tls.key" -# Check if the first argument is "start-operator" -if [ "$1" = "start-operator" ]; then - # Generate a self-signed SSL certificate only if it doesn't exist - if [ ! -f "$CERT_FILE" ] || [ ! -f "$KEY_FILE" ]; then - echo "Certificate or key file not found. Generating new SSL certificate and key." - openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \ - -keyout "$KEY_FILE" -out "$CERT_FILE" \ - -subj "/C=CN/ST=GD/L=SZ/O=$CN, Inc./CN=$CN" \ - -addext "subjectAltName = DNS:$CN" \ - -CA $CA -CAkey $CAkey - else - echo "Existing SSL certificate and key found. Using them." - fi + +# Generate a self-signed SSL certificate only if it doesn't exist +if [ ! -f "$CERT_FILE" ] || [ ! -f "$KEY_FILE" ]; then + echo "Certificate or key file not found. Generating new SSL certificate and key." + if [ -z "$CN" ] || [ -z "$CA" ] || [ -z "$CAkey" ]; then + echo "Generating self-signed certificate..." + openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \ + -keyout "$KEY_FILE" -out "$CERT_FILE" \ + -subj "/C=CN/ST=GD/L=SZ/O=localhost, Inc./CN=localhost" || { + echo "Error: Failed to generate self-signed certificate." + exit 1 + } + else + echo "Generating CA-signed certificate..." + openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \ + -keyout "$KEY_FILE" -out "$CERT_FILE" \ + -subj "/C=CN/ST=GD/L=SZ/O=$CN, Inc./CN=$CN" \ + -addext "subjectAltName=DNS:$CN" \ + -CA "$CA" -CAkey "$CAkey" || { + echo "Error: Failed to generate CA-signed certificate." + exit 1 + } + fi +else + echo "Existing SSL certificate and key found. Using them." fi + # Execute the main binary and pass all script arguments exec /bin/ssv-dkg "$@" diff --git a/examples/config/resign.example.yaml b/examples/config/resign.example.yaml index 36a10e6b..a592df85 100644 --- a/examples/config/resign.example.yaml +++ b/examples/config/resign.example.yaml @@ -29,6 +29,6 @@ logLevel: info logFormat: json logLevelFormat: capitalColor logFilePath: ./data/initiator/output/initiator_debug.log -proofsFilePath: ./data/initiator/output/ceremony-2024-11-18--16-04-55.529/proofs.json +proofsFilePath: ./data/initiator/output/ceremony-2024-10-14--13-44-41.296/proofs.json signatures: 8eb5bce8a1bf52f106233954b096504c934d08962003c41eff1a29e05ddeeebe34133dd66c7fa9512ae74d3124a9f60ee270f312c08c60512a5009ac9bca78911b clientCACertPath: ./data/initiator/rootCA.crt