Add method for creating in-memory certificates

2026-04-04 07:41:48 -04:00 · 2022-11-01 10:23:12 +01:00
parent a4f5682851
commit cbe41fb85f
2 changed files with 14 additions and 11 deletions
--- a/ocis-pkg/crypto/gencert.go
+++ b/ocis-pkg/crypto/gencert.go
@@ -4,6 +4,7 @@ import (
 	"crypto/ecdsa"
 	"crypto/rand"
 	"crypto/rsa"
+	"crypto/tls"
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
@@ -12,6 +13,7 @@ import (
 	"path/filepath"

 	"github.com/owncloud/ocis/v2/ocis-pkg/log"
+	mtls "go-micro.dev/v4/util/tls"
 )

 var (
@@ -50,6 +52,16 @@ func GenCert(certName string, keyName string, l log.Logger) error {
 	return nil
 }

+// GenTempCertForAddr generates temporary TLS-Certificates in memory.
+func GenTempCertForAddr(addr string) (tls.Certificate, error) {
+	subjects := defaultHosts
+
+	if host, _, err := net.SplitHostPort(addr); err == nil && host != "" {
+		subjects = []string{host}
+	}
+	return mtls.Certificate(subjects...)
+}
+
 // persistCertificate generates a certificate using pk as private key and proceeds to store it into a file named certName.
 func persistCertificate(certName string, l log.Logger, pk interface{}) error {
 	if err := ensureExistsDir(certName); err != nil {
--- a/ocis-pkg/service/grpc/service.go
+++ b/ocis-pkg/service/grpc/service.go
@@ -3,17 +3,16 @@ package grpc
 import (
 	"crypto/tls"
 	"fmt"
-	"net"
 	"strings"
 	"time"

 	mgrpcs "github.com/go-micro/plugins/v4/server/grpc"
 	"github.com/go-micro/plugins/v4/wrapper/monitoring/prometheus"
 	"github.com/go-micro/plugins/v4/wrapper/trace/opencensus"
+	ociscrypto "github.com/owncloud/ocis/v2/ocis-pkg/crypto"
 	"github.com/owncloud/ocis/v2/ocis-pkg/registry"
 	"go-micro.dev/v4"
 	"go-micro.dev/v4/server"
-	mtls "go-micro.dev/v4/util/tls"
 )

 // Service simply wraps the go-micro grpc service.
@@ -38,15 +37,7 @@ func NewService(opts ...Option) (Service, error) {
 		} else {
 			// Generate a self-signed server certificate on the fly. This requires the clients
 			// to connect with InsecureSkipVerify.
-			subj := []string{sopts.Address}
-			if host, _, err := net.SplitHostPort(sopts.Address); err == nil && host != "" {
-				subj = []string{host}
-			}
-
-			sopts.Logger.Warn().Str("address", sopts.Address).
-				Msg("GRPC: No server certificate configured. Generating a temporary self-signed certificate")
-
-			cert, err = mtls.Certificate(subj...)
+			cert, err = ociscrypto.GenTempCertForAddr(sopts.Address)
 			if err != nil {
 				return Service{}, fmt.Errorf("grpc service error creating temporary self-signed certificate: %w", err)
 			}