From c366e8acfab0e3262f12d117131caa9fc460bf40 Mon Sep 17 00:00:00 2001 From: Ravin Perera <33562092+ravinsp@users.noreply.github.com> Date: Fri, 5 Feb 2021 15:36:11 +0530 Subject: [PATCH] Generate tls key files on hpcore new. (#237) --- dev-setup.sh | 3 ++ src/conf.cpp | 78 ++++++++++++++++------------ test/local-cluster/cluster-create.sh | 3 -- test/vm-cluster/setup-hp.sh | 6 --- 4 files changed, 48 insertions(+), 42 deletions(-) diff --git a/dev-setup.sh b/dev-setup.sh index e7f90fc2..15840863 100755 --- a/dev-setup.sh +++ b/dev-setup.sh @@ -110,6 +110,9 @@ sudo apt-get install -y libboost-stacktrace-dev # Sqlite sudo apt-get install -y sqlite3 libsqlite3-dev +# jq command (needed for remote cluster scripts) +sudo apt-get install -y jq + # Update linker library cache. sudo ldconfig diff --git a/src/conf.cpp b/src/conf.cpp index 24692030..fe1b2faa 100644 --- a/src/conf.cpp +++ b/src/conf.cpp @@ -124,47 +124,59 @@ namespace conf //Create config file with default settings. //We populate the in-memory struct with default settings and then save it to the file. + { + hp_config cfg = {}; - hp_config cfg = {}; + crypto::generate_signing_keys(cfg.node.public_key, cfg.node.private_key); + cfg.node.public_key_hex = util::to_hex(cfg.node.public_key); + cfg.node.private_key_hex = util::to_hex(cfg.node.private_key); - crypto::generate_signing_keys(cfg.node.public_key, cfg.node.private_key); - cfg.node.public_key_hex = util::to_hex(cfg.node.public_key); - cfg.node.private_key_hex = util::to_hex(cfg.node.private_key); + cfg.hp_version = util::HP_VERSION; - cfg.hp_version = util::HP_VERSION; + cfg.node.role = ROLE::VALIDATOR; + cfg.node.full_history = false; - cfg.node.role = ROLE::VALIDATOR; - cfg.node.full_history = false; + cfg.contract.id = crypto::generate_uuid(); + cfg.contract.execute = true; + cfg.contract.log_output = false; + cfg.contract.version = "1.0"; + //Add self pubkey to the unl. + cfg.contract.unl.emplace(cfg.node.public_key); + cfg.contract.bin_path = ""; + cfg.contract.roundtime = 1000; + cfg.contract.is_consensus_public = false; + cfg.contract.is_npl_public = false; - cfg.contract.id = crypto::generate_uuid(); - cfg.contract.execute = true; - cfg.contract.log_output = false; - cfg.contract.version = "1.0"; - //Add self pubkey to the unl. - cfg.contract.unl.emplace(cfg.node.public_key); - cfg.contract.bin_path = ""; - cfg.contract.roundtime = 1000; - cfg.contract.is_consensus_public = false; - cfg.contract.is_npl_public = false; + cfg.mesh.port = 22860; + cfg.mesh.msg_forwarding = false; + cfg.mesh.idle_timeout = 120; + cfg.mesh.peer_discovery.enabled = false; + cfg.mesh.peer_discovery.interval = 30000; - cfg.mesh.port = 22860; - cfg.mesh.msg_forwarding = false; - cfg.mesh.idle_timeout = 120; - cfg.mesh.peer_discovery.enabled = false; - cfg.mesh.peer_discovery.interval = 30000; + cfg.user.port = 8080; + cfg.user.idle_timeout = 0; - cfg.user.port = 8080; - cfg.user.idle_timeout = 0; + cfg.log.max_file_count = 50; + cfg.log.max_mbytes_per_file = 10; + cfg.log.loglevel = "inf"; + cfg.log.loggers.emplace("console"); + cfg.log.loggers.emplace("file"); - cfg.log.max_file_count = 50; - cfg.log.max_mbytes_per_file = 10; - cfg.log.loglevel = "inf"; - cfg.log.loggers.emplace("console"); - cfg.log.loggers.emplace("file"); + //Save the default settings into the config file. + if (write_config(cfg) != 0) + return -1; + } - //Save the default settings into the config file. - if (write_config(cfg) != 0) - return -1; + // Attempt to generate tls key files if openssl command is available. + { + const std::string tls_command = "openssl req -newkey rsa:2048 -new -nodes -x509 -days 365 -keyout " + + ctx.config_dir + "/tlskey.pem" + " -out " + ctx.config_dir + "/tlscert.pem " + + "-subj \"/C=HP/ST=HP/L=HP/O=HP/CN=" + cfg.node.public_key_hex + ".hotpocket.contract\" > /dev/null 2>&1"; + + // We don't mind if this command fails, because when running the contract we'll check and inform the user that + // tls key files are missing, so they can create them manually. + system(tls_command.c_str()); + } std::cout << "Contract directory created at " << ctx.contract_dir << std::endl; @@ -621,7 +633,7 @@ namespace conf if (path == ctx.tls_key_file || path == ctx.tls_cert_file) { std::cerr << path << " does not exist. Please provide self-signed certificates. Can generate using command\n" - << "openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout tlskey.pem -out tlscert.pem\n" + << "openssl req -newkey rsa:2048 -new -nodes -x509 -days 365 -keyout tlskey.pem -out tlscert.pem\n" << "and add it to " + ctx.config_dir << std::endl; } else if (path == ctx.hpfs_exe_path || path == ctx.hpws_exe_path) diff --git a/test/local-cluster/cluster-create.sh b/test/local-cluster/cluster-create.sh index 6343beaf..d36d1329 100755 --- a/test/local-cluster/cluster-create.sh +++ b/test/local-cluster/cluster-create.sh @@ -120,9 +120,6 @@ do }, null, 2)" > hp.cfg rm tmp.json - # Generate ssl certs - openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout tlskey.pem -out tlscert.pem \ - -subj "/C=AU/ST=ST/L=L/O=O/OU=OU/CN=localhost/emailAddress=hpnode${n}@example" > /dev/null 2>&1 popd > /dev/null 2>&1 # Copy the contract files and appbill. diff --git a/test/vm-cluster/setup-hp.sh b/test/vm-cluster/setup-hp.sh index 3a71d9a0..45fa5531 100755 --- a/test/vm-cluster/setup-hp.sh +++ b/test/vm-cluster/setup-hp.sh @@ -42,12 +42,6 @@ $basedir/hpfiles/bin/hpcore new $contdir if [ -f $basedir/hpfiles/ssl/tlscert.pem ]; then echo "Copying ssl certs to contract directory..." cp -rf $basedir/hpfiles/ssl/* $contdir/cfg/ -else - echo "Generating default ssl certs..." - pushd $contdir/cfg > /dev/null 2>&1 - openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout tlskey.pem -out tlscert.pem \ - -subj "/C=AU/ST=ST/L=L/O=O/OU=OU/CN=localhost/emailAddress=hp@example" > /dev/null 2>&1 - popd > /dev/null 2>&1 fi if [ $mode = "new" ] || [ $mode = "reconfig" ]; then