From cbe41fb85fcb72262aa95e47d2a7ec4586f9a019 Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rhaferkamp@owncloud.com>
Date: Tue, 1 Nov 2022 10:23:12 +0100
Subject: [PATCH] Add method for creating in-memory certificates

---
 ocis-pkg/crypto/gencert.go       | 12 ++++++++++++
 ocis-pkg/service/grpc/service.go | 13 ++-----------
 2 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/ocis-pkg/crypto/gencert.go b/ocis-pkg/crypto/gencert.go
index 581f14e68e..6787f9890b 100644
--- a/ocis-pkg/crypto/gencert.go
+++ b/ocis-pkg/crypto/gencert.go
@@ -4,6 +4,7 @@ import (
 	"crypto/ecdsa"
 	"crypto/rand"
 	"crypto/rsa"
+	"crypto/tls"
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
@@ -12,6 +13,7 @@ import (
 	"path/filepath"
 
 	"github.com/owncloud/ocis/v2/ocis-pkg/log"
+	mtls "go-micro.dev/v4/util/tls"
 )
 
 var (
@@ -50,6 +52,16 @@ func GenCert(certName string, keyName string, l log.Logger) error {
 	return nil
 }
 
+// GenTempCertForAddr generates temporary TLS-Certificates in memory.
+func GenTempCertForAddr(addr string) (tls.Certificate, error) {
+	subjects := defaultHosts
+
+	if host, _, err := net.SplitHostPort(addr); err == nil && host != "" {
+		subjects = []string{host}
+	}
+	return mtls.Certificate(subjects...)
+}
+
 // persistCertificate generates a certificate using pk as private key and proceeds to store it into a file named certName.
 func persistCertificate(certName string, l log.Logger, pk interface{}) error {
 	if err := ensureExistsDir(certName); err != nil {
diff --git a/ocis-pkg/service/grpc/service.go b/ocis-pkg/service/grpc/service.go
index 3ea16be048..823ad5430a 100644
--- a/ocis-pkg/service/grpc/service.go
+++ b/ocis-pkg/service/grpc/service.go
@@ -3,17 +3,16 @@ package grpc
 import (
 	"crypto/tls"
 	"fmt"
-	"net"
 	"strings"
 	"time"
 
 	mgrpcs "github.com/go-micro/plugins/v4/server/grpc"
 	"github.com/go-micro/plugins/v4/wrapper/monitoring/prometheus"
 	"github.com/go-micro/plugins/v4/wrapper/trace/opencensus"
+	ociscrypto "github.com/owncloud/ocis/v2/ocis-pkg/crypto"
 	"github.com/owncloud/ocis/v2/ocis-pkg/registry"
 	"go-micro.dev/v4"
 	"go-micro.dev/v4/server"
-	mtls "go-micro.dev/v4/util/tls"
 )
 
 // Service simply wraps the go-micro grpc service.
@@ -38,15 +37,7 @@ func NewService(opts ...Option) (Service, error) {
 		} else {
 			// Generate a self-signed server certificate on the fly. This requires the clients
 			// to connect with InsecureSkipVerify.
-			subj := []string{sopts.Address}
-			if host, _, err := net.SplitHostPort(sopts.Address); err == nil && host != "" {
-				subj = []string{host}
-			}
-
-			sopts.Logger.Warn().Str("address", sopts.Address).
-				Msg("GRPC: No server certificate configured. Generating a temporary self-signed certificate")
-
-			cert, err = mtls.Certificate(subj...)
+			cert, err = ociscrypto.GenTempCertForAddr(sopts.Address)
 			if err != nil {
 				return Service{}, fmt.Errorf("grpc service error creating temporary self-signed certificate: %w", err)
 			}