generate rpc certs using openssl

darwin · May 1, 2019 · ef5f290 · ef5f290
1 parent 046cefa
commit ef5f290
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 26 deletions.
diff --git a/recipes/cookbook/scaffold/docker/_aux/runtime/lib/utils.sh b/recipes/cookbook/scaffold/docker/_aux/runtime/lib/utils.sh
@@ -19,4 +19,44 @@ wait_for_socket() {
       return 1
     fi
   done
+}
+
+generate_cert() {
+  local name=${1:-ssl}
+  local cert_file="$name.cert"
+  local key_file="$name.key"
+  local csr_file="$name.csr"
+  local cnf_file=openssl.cnf
+
+  cat /etc/ssl/openssl.cnf > "$cnf_file"
+  cat >> "$cnf_file" <<EOF
+
+[ SAN ]
+subjectAltName=DNS:*
+
+EOF
+
+  openssl ecparam \
+    -genkey \
+    -name secp521r1 \
+    -out "$key_file"
+  openssl req \
+    -new \
+    -out "$csr_file" \
+    -sha512 -key "$key_file" \
+    -subj '/CN=localhost/O=simverse' \
+    -extensions SAN \
+    -config "$cnf_file"
+  openssl req \
+    -x509 \
+    -out "$cert_file" \
+    -sha512 \
+    -days 36500 \
+    -key "$key_file" \
+    -in "$csr_file" \
+    -extensions SAN \
+    -config "$cnf_file"
+
+  rm "$csr_file"
+  rm "$cnf_file"
 }
diff --git a/recipes/cookbook/scaffold/docker/pre/Dockerfile b/recipes/cookbook/scaffold/docker/pre/Dockerfile
@@ -1,32 +1,7 @@
-FROM simverse/buildtime:local as simverse_buildtime_pre
-
-WORKDIR /root/build
-
-# we want to populate the module cache based on the go.{mod,sum} files.
-COPY ./repos/btcd/go.mod .
-COPY ./repos/btcd/go.sum .
-
-# pre-cache deps
-# see https://container-solutions.com/faster-builds-in-docker-with-go-1-11/
-RUN go mod download
-
-WORKDIR $GOPATH/src/github.com/btcsuite/btcd
-
-# https://github.com/btcsuite/btcd#installation
-COPY "repos/btcd" .
-COPY "docker/btcd/patches/btcctl-regtest.patch" .
-RUN git apply btcctl-regtest.patch
-RUN GO111MODULE=on go install -v . ./cmd/...
-
-# ---------------------------------------------------------------------------------------------------------------------------
-
 FROM simverse/runtime:local as simverse_runtime_pre
 
 RUN apk add --no-cache python
 
-# copy the compiled binaries from the builder image.
-COPY --from=simverse_buildtime_pre /go/bin/gencerts /bin/
-
 USER simnet
 
 WORKDIR /home/simnet

diff --git a/recipes/cookbook/scaffold/docker/pre/home/start.sh b/recipes/cookbook/scaffold/docker/pre/home/start.sh
@@ -1,13 +1,17 @@
 #!/usr/bin/env bash
 
 source lib/init.sh
+source lib/utils.sh
 
 CERTS_DIR=/certs
 if [[ -f "$CERTS_DIR/rpc.cert" ]]; then
   echo "certificate present at '$CERTS_DIR/rpc.cert', nothing to do"
 else
   echo "certificate not present at '$CERTS_DIR/rpc.cert', generating a new one..."
-  gencerts --host="*" -o="gencerts" --directory="$CERTS_DIR" --force
+  pushd "$CERTS_DIR" > /dev/null
+  generate_cert "rpc"
+  openssl x509 -text -noout -in "rpc.cert"
+  popd
 fi
 
 # linux/ubuntu needs some time for changes to propagate?