Add optional --ca arg to use an existing private CA when generating c…

…erts (#16) * Add optional --ca arg to use an existing private CA when generating certs * Add a check for any other errors
Chia-Network · Sep 11, 2024 · 3e9f79d · 3e9f79d
1 parent 1a4c6a0
commit 3e9f79d
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 4 deletions.
diff --git a/cmd/certs/generate.go b/cmd/certs/generate.go
@@ -1,6 +1,12 @@
 package certs
 
 import (
+	"crypto/rsa"
+	"crypto/x509"
+	"errors"
+	"os"
+	"path"
+
 	"github.com/chia-network/go-chia-libs/pkg/tls"
 	"github.com/chia-network/go-modules/pkg/slogs"
 	"github.com/spf13/cobra"
@@ -13,15 +19,59 @@ var generateCmd = &cobra.Command{
 	Short:   "Generates a full set of certificates for chia-blockchain",
 	Example: "chia-tools certs generate --output ~/.chia/mainnet/config/ssl",
 	Run: func(cmd *cobra.Command, args []string) {
-		err := tls.GenerateAllCerts(viper.GetString("cert-output"))
+		var privateCACert *x509.Certificate
+		var privateCAKey *rsa.PrivateKey
+		caDir := viper.GetString("ca")
+		if caDir != "" {
+			caCertPath := path.Join(caDir, "private_ca.crt")
+			caKeyPath := path.Join(caDir, "private_ca.key")
+
+			if _, err := os.Stat(caCertPath); err != nil {
+				if errors.Is(err, os.ErrNotExist) {
+					slogs.Logr.Fatal("private_ca.crt does not exist at the provided path", "path", caCertPath)
+				} else {
+					slogs.Logr.Fatal("error checking private_ca.crt", "error", err)
+				}
+			}
+
+			certBytes, err := os.ReadFile(caCertPath)
+			if err != nil {
+				slogs.Logr.Fatal("error reading ca cert from filesystem", "error", err)
+			}
+			privateCACert, err = tls.ParsePemCertificate(certBytes)
+			if err != nil {
+				slogs.Logr.Fatal("error parsing certificate", "error", err)
+			}
+
+			if _, err := os.Stat(caKeyPath); err != nil {
+				if errors.Is(err, os.ErrNotExist) {
+					slogs.Logr.Fatal("private_ca.key does not exist at the provided path", "path", caKeyPath)
+				} else {
+					slogs.Logr.Fatal("error checking private_ca.key", "error", err)
+				}
+			}
+
+			keyBytes, err := os.ReadFile(caKeyPath)
+			if err != nil {
+				slogs.Logr.Fatal("error reading ca key from filesystem", "error", err)
+			}
+			privateCAKey, err = tls.ParsePemKey(keyBytes)
+			if err != nil {
+				slogs.Logr.Fatal("error parsing key", "error", err)
+			}
+		}
+		err := tls.GenerateAllCerts(viper.GetString("cert-output"), privateCACert, privateCAKey)
 		if err != nil {
 			slogs.Logr.Fatal("error generating certificates", "error", err)
 		}
 	},
 }
 
 func init() {
+	generateCmd.PersistentFlags().String("ca", "", "Optionally specify a directory that has an existing private_ca.crt/key")
 	generateCmd.PersistentFlags().StringP("output", "o", "certs", "Output directory for certs")
+
+	cobra.CheckErr(viper.BindPFlag("ca", generateCmd.PersistentFlags().Lookup("ca")))
 	cobra.CheckErr(viper.BindPFlag("cert-output", generateCmd.PersistentFlags().Lookup("output")))
 
 	certsCmd.AddCommand(generateCmd)

diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ module github.com/chia-network/chia-tools
 go 1.22.4
 
 require (
-	github.com/chia-network/go-chia-libs v0.10.0
+	github.com/chia-network/go-chia-libs v0.11.0
 	github.com/chia-network/go-modules v0.0.5
 	github.com/spf13/cobra v1.8.1
 	github.com/spf13/viper v1.19.0

diff --git a/go.sum b/go.sum
@@ -1,5 +1,5 @@
-github.com/chia-network/go-chia-libs v0.10.0 h1:kJyeIB4YdUX1AfoJXxPs28PcdqthWV9P+wHbLGAsGL4=
-github.com/chia-network/go-chia-libs v0.10.0/go.mod h1:npTqaFSjTdMxE7hc0LOmWJmWGqcs+IERarK5fDxXk/I=
+github.com/chia-network/go-chia-libs v0.11.0 h1:SisfYZgD8pwvUZfidNZkrayZFZXEI7Pt2RRG/MXthdY=
+github.com/chia-network/go-chia-libs v0.11.0/go.mod h1:npTqaFSjTdMxE7hc0LOmWJmWGqcs+IERarK5fDxXk/I=
 github.com/chia-network/go-modules v0.0.5 h1:5luTVlP6RgBXodnFcWFBk2sLdJn+6vQ4wObim683C7c=
 github.com/chia-network/go-modules v0.0.5/go.mod h1:5AiYBxQSvf2aFSOizTqFXXSeb9AucZWrWmRCVwUMO3A=
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=