From 77d5623d7e9f33c7a0dc0e5e51a5b82eda08e7e4 Mon Sep 17 00:00:00 2001 From: Chris Marslender Date: Wed, 11 Sep 2024 09:33:56 -0500 Subject: [PATCH 1/2] Add optional --ca arg to use an existing private CA when generating certs --- cmd/certs/generate.go | 48 ++++++++++++++++++++++++++++++++++++++++++- go.mod | 2 +- go.sum | 4 ++-- 3 files changed, 50 insertions(+), 4 deletions(-) diff --git a/cmd/certs/generate.go b/cmd/certs/generate.go index 031a55e..97f3a81 100644 --- a/cmd/certs/generate.go +++ b/cmd/certs/generate.go @@ -1,6 +1,12 @@ package certs import ( + "crypto/rsa" + "crypto/x509" + "errors" + "os" + "path" + "github.com/chia-network/go-chia-libs/pkg/tls" "github.com/chia-network/go-modules/pkg/slogs" "github.com/spf13/cobra" @@ -13,7 +19,44 @@ var generateCmd = &cobra.Command{ Short: "Generates a full set of certificates for chia-blockchain", Example: "chia-tools certs generate --output ~/.chia/mainnet/config/ssl", Run: func(cmd *cobra.Command, args []string) { - err := tls.GenerateAllCerts(viper.GetString("cert-output")) + var privateCACert *x509.Certificate + var privateCAKey *rsa.PrivateKey + caDir := viper.GetString("ca") + if caDir != "" { + caCertPath := path.Join(caDir, "private_ca.crt") + caKeyPath := path.Join(caDir, "private_ca.key") + + if _, err := os.Stat(caCertPath); err != nil { + if errors.Is(err, os.ErrNotExist) { + slogs.Logr.Fatal("private_ca.crt does not exist at the provided path", "path", caCertPath) + } + } + + certBytes, err := os.ReadFile(caCertPath) + if err != nil { + slogs.Logr.Fatal("error reading ca cert from filesystem", "error", err) + } + privateCACert, err = tls.ParsePemCertificate(certBytes) + if err != nil { + slogs.Logr.Fatal("error parsing certificate", "error", err) + } + + if _, err := os.Stat(caKeyPath); err != nil { + if errors.Is(err, os.ErrNotExist) { + slogs.Logr.Fatal("private_ca.key does not exist at the provided path", "path", caKeyPath) + } + } + + keyBytes, err := os.ReadFile(caKeyPath) + if err != nil { + slogs.Logr.Fatal("error reading ca key from filesystem", "error", err) + } + privateCAKey, err = tls.ParsePemKey(keyBytes) + if err != nil { + slogs.Logr.Fatal("error parsing key", "error", err) + } + } + err := tls.GenerateAllCerts(viper.GetString("cert-output"), privateCACert, privateCAKey) if err != nil { slogs.Logr.Fatal("error generating certificates", "error", err) } @@ -21,7 +64,10 @@ var generateCmd = &cobra.Command{ } func init() { + generateCmd.PersistentFlags().String("ca", "", "Optionally specify a directory that has an existing private_ca.crt/key") generateCmd.PersistentFlags().StringP("output", "o", "certs", "Output directory for certs") + + cobra.CheckErr(viper.BindPFlag("ca", generateCmd.PersistentFlags().Lookup("ca"))) cobra.CheckErr(viper.BindPFlag("cert-output", generateCmd.PersistentFlags().Lookup("output"))) certsCmd.AddCommand(generateCmd) diff --git a/go.mod b/go.mod index 7fa0907..701be01 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/chia-network/chia-tools go 1.22.4 require ( - github.com/chia-network/go-chia-libs v0.10.0 + github.com/chia-network/go-chia-libs v0.11.0 github.com/chia-network/go-modules v0.0.5 github.com/spf13/cobra v1.8.1 github.com/spf13/viper v1.19.0 diff --git a/go.sum b/go.sum index 8838a11..f260392 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -github.com/chia-network/go-chia-libs v0.10.0 h1:kJyeIB4YdUX1AfoJXxPs28PcdqthWV9P+wHbLGAsGL4= -github.com/chia-network/go-chia-libs v0.10.0/go.mod h1:npTqaFSjTdMxE7hc0LOmWJmWGqcs+IERarK5fDxXk/I= +github.com/chia-network/go-chia-libs v0.11.0 h1:SisfYZgD8pwvUZfidNZkrayZFZXEI7Pt2RRG/MXthdY= +github.com/chia-network/go-chia-libs v0.11.0/go.mod h1:npTqaFSjTdMxE7hc0LOmWJmWGqcs+IERarK5fDxXk/I= github.com/chia-network/go-modules v0.0.5 h1:5luTVlP6RgBXodnFcWFBk2sLdJn+6vQ4wObim683C7c= github.com/chia-network/go-modules v0.0.5/go.mod h1:5AiYBxQSvf2aFSOizTqFXXSeb9AucZWrWmRCVwUMO3A= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= From 3ba5a3fcbc47b7bb433ef221f6eca16a2aee0b87 Mon Sep 17 00:00:00 2001 From: Chris Marslender Date: Wed, 11 Sep 2024 10:39:40 -0500 Subject: [PATCH 2/2] Add a check for any other errors --- cmd/certs/generate.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cmd/certs/generate.go b/cmd/certs/generate.go index 97f3a81..dccdfb3 100644 --- a/cmd/certs/generate.go +++ b/cmd/certs/generate.go @@ -29,6 +29,8 @@ var generateCmd = &cobra.Command{ if _, err := os.Stat(caCertPath); err != nil { if errors.Is(err, os.ErrNotExist) { slogs.Logr.Fatal("private_ca.crt does not exist at the provided path", "path", caCertPath) + } else { + slogs.Logr.Fatal("error checking private_ca.crt", "error", err) } } @@ -44,6 +46,8 @@ var generateCmd = &cobra.Command{ if _, err := os.Stat(caKeyPath); err != nil { if errors.Is(err, os.ErrNotExist) { slogs.Logr.Fatal("private_ca.key does not exist at the provided path", "path", caKeyPath) + } else { + slogs.Logr.Fatal("error checking private_ca.key", "error", err) } }