testnet/brain-mock
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added support for self signed TLS certs

Browse Source
This commit is contained in:
ghe0 2025-03-28 16:16:11 +02:00
parent 9eeb9390fd
commit 1a1af408a8
Signed by: ghe0
GPG Key ID: 451028EE56A0FBB4
11 changed files with 204 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1,3 @@
/target /target
secrets
tmp

4
Cargo.lock generated
View File

@ -1578,7 +1578,9 @@ version = "0.23.25"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "822ee9188ac4ec04a2f0531e55d035fb2de73f18b41a63c70c2712503b6fb13c" checksum = "822ee9188ac4ec04a2f0531e55d035fb2de73f18b41a63c70c2712503b6fb13c"
dependencies = [ dependencies = [
"log",
"once_cell", "once_cell",
"ring",
"rustls-pki-types", "rustls-pki-types",
"rustls-webpki", "rustls-webpki",
"subtle", "subtle",
@ -1999,8 +2001,10 @@ dependencies = [
"percent-encoding", "percent-encoding",
"pin-project", "pin-project",
"prost", "prost",
"rustls-pemfile",
"socket2", "socket2",
"tokio", "tokio",
"tokio-rustls",
"tokio-stream", "tokio-stream",
"tower 0.4.13", "tower 0.4.13",
"tower-layer", "tower-layer",

2
Cargo.toml
View File

@ -18,7 +18,7 @@ serde_yaml = "0.9.34"
thiserror = "2.0.11" thiserror = "2.0.11"
tokio = { version = "1.42.0", features = ["macros", "rt-multi-thread"] } tokio = { version = "1.42.0", features = ["macros", "rt-multi-thread"] }
tokio-stream = "0.1.17" tokio-stream = "0.1.17"
tonic = "0.12" tonic = { version = "0.12", features = ["tls"] }
uuid = { version = "1.11.0", features = ["v4"] } uuid = { version = "1.11.0", features = ["v4"] }
detee-shared = { git = "ssh://git@gitea.detee.cloud/testnet/proto", branch = "main" } detee-shared = { git = "ssh://git@gitea.detee.cloud/testnet/proto", branch = "main" }

35
scripts/ca_cert.pem Normal file
View File

@ -0,0 +1,35 @@
-----BEGIN CERTIFICATE-----
MIIF/TCCA+WgAwIBAgIULPbWfncT/qhqcWgA+ryYqubND78wDQYJKoZIhvcNAQEL
BQAwgY0xCzAJBgNVBAYTAlZHMRAwDgYDVQQIDAdUb3J0b2xhMRIwEAYDVQQHDAlS
b2FkIFRvd24xEjAQBgNVBAoMCURlVEVFIEx0ZDENMAsGA1UECwwEV2ViMzETMBEG
A1UEAwwKZGV0ZWUtcm9vdDEgMB4GCSqGSIb3DQEJARYRc3VwcG9ydEBkZXRlZS5s
dGQwHhcNMjUwMzI3MTQ1OTQxWhcNMzUwMzI1MTQ1OTQxWjCBjTELMAkGA1UEBhMC
VkcxEDAOBgNVBAgMB1RvcnRvbGExEjAQBgNVBAcMCVJvYWQgVG93bjESMBAGA1UE
CgwJRGVURUUgTHRkMQ0wCwYDVQQLDARXZWIzMRMwEQYDVQQDDApkZXRlZS1yb290
MSAwHgYJKoZIhvcNAQkBFhFzdXBwb3J0QGRldGVlLmx0ZDCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAOtwb0JqT61l058FKkXWxYwxcn9mkIQ3JY5t67xL
dM/eaSYcLCFvQQ8LZilhYUxEIkqF2+qloyhMgru5erHcn/xul7RnIPpj/ActPFEU
5Snr4lHP6WJebDSFHmKkh4ogwFqMpq3SvAJ0/h1MxZu1hf369hCmyMvevjINX1kB
VzZGMKUe3M1YOi62Vbhfd3JUkAMedrVmcZoeOE63Fz4NYs/UMbAQYBtEvPp3qYvM
vLnDJlCrb9fAia4qFOnzqIa40LEcbDiG7Yxw9jvacb9+rKboaPkNWcZqyNl7CQYr
yOlSPYa6ehoZ4WGrDzrZMOGp88i3Qkd55VxuivSouUS4bkmSS+QPkRHyOGovatfp
7AmhgQmfozjovSR2Tk+kGD3VxsAPAQWYxJLYHUtjidBUFQnwjAWpU0gh/iydpb0Q
q1yEUkijMhUP6uHCLrEb+GGrkGgKgFKfgKsbyKjhXe5ftFdBJnMv8jeTxvkca3Ff
/Tu8DXq3GVj3UZzCqv9w1a1UJTLH5WkAKrGcFsJ1QwW7yLHXW47cIgKUEAkurpWA
TXJv7faUGcHBhywSMVCXuBRRg5zk/bdK4KXKtPt9U0QHmnNRXfl2t+1jZKVDAfF2
x3S0x87URL4IZhGgmfTPoIlpc8ktplPQoxKpdrbMj+6BvXTRmRZRH/LoroRWunba
1g4BAgMBAAGjUzBRMB0GA1UdDgQWBBQRnZzDpOUYk0CeW0R2pALfN80JFzAfBgNV
HSMEGDAWgBQRnZzDpOUYk0CeW0R2pALfN80JFzAPBgNVHRMBAf8EBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4ICAQBQBjchxrS2LDH2HNlSOsKwar8F30tkjYG/E00Y0qjn
x3ciC0Zlo4M0odhAF8rGkLorEbm5JN/k8lI8oKTzne1YF7g05kt4JDlr6C8vmEL2
KpLkWc+h42z8jjc1Othj6vhHdl+vOKP+W3f2idoImvAijd2JS0+E3XWI8cgMiwHQ
lxdMqpwk/dwS1D0E4zvXH041VAXJmlE/ys4DTEq234IwEp41AW0z9Pd9EN7QEDaq
qUaDVOsaYCAdFCWuEucB2v0NcBNDAJVlepH+uGaQ7UH0afADTscIdrSNcNtf87ad
1U20wiO2ayBTL5s1dz/XyGc/f3QzCSniE2fILkNg31O0wijrfLUhGbxdx0fVfcXS
jTabojeQkmRoMguW1H5LaKvPSK06gHxFpaPqhJ8XC9Z5xrtvtVI60kquNHX7Sjwd
wU7s40J3z5+btYHH4mPdXGsSWXS4xqmKvktzLKBJKVSgjjvzLTKspAAAFsHpIjwN
YxxQYQl+/hmppCsp/XHE5FbT0051nIxepdtJgWfT4Xo8SxtoQy9C8RzWjMiTiYxG
IuYkATUex//jBRxABy99v6Kx1Wa2agx7aqnAuC1VinTXG+c1RasAoNWg0vgvnUXn
4x9HmZYJ4J3PxZjWXdn7Bna7ZV6tmmbDMlp4zy2hNEGtOVlE/ffXRyz/vkLD88Bq
QA==
-----END CERTIFICATE-----

1
scripts/ca_cert.srl Normal file
View File

@ -0,0 +1 @@
449CCB0DA49A05BA82A5F123866D4822A64AAAC5

49
scripts/create_certs.sh Executable file
View File

@ -0,0 +1,49 @@
#!/bin/bash
cd -- "$( dirname -- "${BASH_SOURCE[0]}" )"
mkdir -p secrets
mkdir -p tmp
chmod 700 secrets
[[ -f "secrets/ca_key.pem" ]] || {
openssl genrsa -out secrets/ca_key.pem 4096
chmod 400 secrets/ca_key.pem
}
[[ -f "ca_cert.pem" ]] || {
openssl req -x509 -new -nodes \
-key secrets/ca_key.pem -sha256 \
-days 3650 -out ca_cert.pem
}
[[ -f "secrets/staging_key.pem" ]] || {
openssl genrsa -out secrets/staging_key.pem 2048
chmod 400 secrets/staging_key.pem
}
[[ -f "tmp/staging_csr.pem" ]] || {
openssl req -new -key secrets/staging_key.pem \
-out tmp/staging_csr.pem -config staging_brain.cnf
}
[[ -f "staging_cert.pem" ]] || {
openssl x509 -req -in tmp/staging_csr.pem -CA ca_cert.pem -CAkey secrets/ca_key.pem \
-CAcreateserial -out staging_cert.pem -days 825 -sha256 \
-extfile staging_brain.cnf -extensions req_ext
}
[[ -f "secrets/testnet_key.pem" ]] || {
openssl genrsa -out secrets/testnet_key.pem 4096
chmod 400 secrets/testnet_key.pem
}
[[ -f "tmp/testnet_csr.pem" ]] || {
openssl req -new -key secrets/testnet_key.pem \
-out tmp/testnet_csr.pem -config testnet_brain.cnf
}
[[ -f "testnet_cert.pem" ]] || {
openssl x509 -req -in tmp/testnet_csr.pem -CA ca_cert.pem -CAkey secrets/ca_key.pem \
-CAcreateserial -out testnet_cert.pem -days 825 -sha256 \
-extfile testnet_brain.cnf -extensions req_ext
}

20
scripts/staging_brain.cnf Normal file
View File

@ -0,0 +1,20 @@
[ req ]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
C = VG
ST = Tortola
L = Road Town
O = DeTEE Ltd
OU = Web3
CN = staging-brain
[ req_ext ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = staging-brain

29
scripts/staging_cert.pem Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIE5jCCAs6gAwIBAgIURJzLDaSaBbqCpfEjhm1IIqZKqsMwDQYJKoZIhvcNAQEL
BQAwgY0xCzAJBgNVBAYTAlZHMRAwDgYDVQQIDAdUb3J0b2xhMRIwEAYDVQQHDAlS
b2FkIFRvd24xEjAQBgNVBAoMCURlVEVFIEx0ZDENMAsGA1UECwwEV2ViMzETMBEG
A1UEAwwKZGV0ZWUtcm9vdDEgMB4GCSqGSIb3DQEJARYRc3VwcG9ydEBkZXRlZS5s
dGQwHhcNMjUwMzI4MTQxMzIwWhcNMjcwNzAxMTQxMzIwWjBuMQswCQYDVQQGEwJW
RzEQMA4GA1UECAwHVG9ydG9sYTESMBAGA1UEBwwJUm9hZCBUb3duMRIwEAYDVQQK
DAlEZVRFRSBMdGQxDTALBgNVBAsMBFdlYjMxFjAUBgNVBAMMDXN0YWdpbmctYnJh
aW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcXmOZ1GYsOghZzzS1
c4139hs1VwB5kK4z2JLXR15SHc1dyDfQO1FBMDMUD/jfROVgTFx3l7X/MGv0hoeA
h4QsyiDaHcba/WqFJ59rWDNIz5GvI4bDw8OctNrNMrhUtNYtfC9gTkk3N4c06TDE
8ga9cTuPDw+fCKghvK7TJVF7UDZYaqjf4Et4zo+ahefkeJF8NUD+HTUbZcg5Ebuz
me4/8b/zORMtXXmRUzcOCZTY5TnQfdGKtO+aYcUEuJusWPvjq3+8duprIElKn3sH
e8Ju7qrJpX+NurJHEonbtzWspIgJP8/4GO4oetHN/ppXrHtE5qqG6qvS+Fna71DQ
HGORAgMBAAGjXDBaMBgGA1UdEQQRMA+CDXN0YWdpbmctYnJhaW4wHQYDVR0OBBYE
FP7OXu7YjWhacQVz7Xi9HqixkcoeMB8GA1UdIwQYMBaAFBGdnMOk5RiTQJ5bRHak
At83zQkXMA0GCSqGSIb3DQEBCwUAA4ICAQBIQ/EboY0ZVf1VTWtBZKXIWFANDlGc
vFgejlxeruXGsiJpeQCsAXP6ZMSgVTapSBzTCURbV64vwhlSMJGFzV8m8XFYw6/o
7mn0VCJjM2309A9uKs/Vk8dhG+BAMUT+bgQW+yyO/agpi5I1ChEVHHNyVI5JVxAR
wAmKHVKccGnW5Ji9OVFCt14IXWqPo3cE/Y+IaFG9OJYENa3JNRLfXMDoxHpiQ6I3
v2/YcN2E0m1WwrMgsUpRE8hroLQWCghgzMGjJn0YQ6yTGeh6ibRkIg9yaXLxHygq
sauPn+JFhY7V/AP0V212ksEfEPHciZPaNriK3y2m2SDVYpXRVHHqWhQxb5yc+B6A
QWdu45pP1gVM6SGnJDuIrtihg9hUXVB22Uoea6kOGhdlS5m9fv1KRH1ScF7Onbzd
TjxPLoEzvj6/cNu7XEixjQOSmcs68PX8t+Jp8I2gMCQ++ZzQ7oyS5xzwKcDYcjPm
2rud5px7H8zwNdP+cNFifSYNHs4ltgXmTDKOhvntGWXjNsq3Olw2tvbLIPQETRQc
T5BTDMcNPNeXquzer/OJZOkJrZeG5RvbVeQ8AfdldMUNoX9fhSOtIY1L99wculHU
XqC2NVpZxXDUwR8GKQuLGuOkMQmCdTLd1svJh5Deih4IddII1LP6qP2Izo3CUgDV
LuxVyvp8squzVg==
-----END CERTIFICATE-----

20
scripts/testnet_brain.cnf Normal file
View File

@ -0,0 +1,20 @@
[ req ]
default_bits = 4096
prompt = no
default_md = sha256
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
C = VG
ST = Tortola
L = Road Town
O = DeTEE Ltd
OU = Web3
CN = testnet-brain
[ req_ext ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = testnet-brain

34
scripts/testnet_cert.pem Normal file
View File

@ -0,0 +1,34 @@
-----BEGIN CERTIFICATE-----
MIIF5jCCA86gAwIBAgIURJzLDaSaBbqCpfEjhm1IIqZKqsUwDQYJKoZIhvcNAQEL
BQAwgY0xCzAJBgNVBAYTAlZHMRAwDgYDVQQIDAdUb3J0b2xhMRIwEAYDVQQHDAlS
b2FkIFRvd24xEjAQBgNVBAoMCURlVEVFIEx0ZDENMAsGA1UECwwEV2ViMzETMBEG
A1UEAwwKZGV0ZWUtcm9vdDEgMB4GCSqGSIb3DQEJARYRc3VwcG9ydEBkZXRlZS5s
dGQwHhcNMjUwMzI4MTQxNDE1WhcNMjcwNzAxMTQxNDE1WjBuMQswCQYDVQQGEwJW
RzEQMA4GA1UECAwHVG9ydG9sYTESMBAGA1UEBwwJUm9hZCBUb3duMRIwEAYDVQQK
DAlEZVRFRSBMdGQxDTALBgNVBAsMBFdlYjMxFjAUBgNVBAMMDXRlc3RuZXQtYnJh
aW4wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwbfN9iq/Zl97etbqW
q1DR8WOupTK94r1pZ2cGAyozED2JuQVdslaLU8Jt9QZUlhLYYVf/vXanPmgxh+NA
VxvLPUjI/RZ84qGi58Uii3YCEQm6AwW0M21HPRQyctBqFc2KvxBBsCNg/G0wLpEI
qdEP9mHP1k/hlW6nxKsM/jAgeIuEGWH83sqkZnzRb6jVjQw9yPYvY/4UzSX13fdD
J+ML9H+0qfYgYkpv0Y9LjEwJEOM7tZY5y9LcOBb/CAKgBjb1MWqJuKhTen9ZryGi
snmqXRMgOygTMiUUKV/cy4SUnlKymUDUxt5sSbV+2f/lzamYzjXreycR+6m4ol4n
Xz8IfLROEDp0lk07r33fj1z9Z4huH7J9L1eOQpViDNI762hrZzz8my1VyOfyyhOr
wbg2GtIaM5pnakeWFXRw/+NGQEy2quSDBrHsWliEN2F/pDiDByZhaotNxNTN56Jq
mmOyOv4HjPgmK5iSmUp+Dpf8CWT+PPec9UqRQfV/6gUeRD68VvRsPD5UmQ+wl/3Y
DLq0y2GkGmzGOFk2LN916Tl4gynlj1EDtsiXFyHGvJk05ZjjNy/QDJG4BlQIR1yV
a7uHVCi4GOhE5CUS2XVLZ+kQC/IAiXM2Cw8z9W0JPv4p/CnH8riWacCY22kIz9oH
Rn7x31YKRsrULjgRMA57up/ycwIDAQABo1wwWjAYBgNVHREEETAPgg10ZXN0bmV0
LWJyYWluMB0GA1UdDgQWBBSsKdb7/zgpiNza73tRZc+Iw83f3zAfBgNVHSMEGDAW
gBQRnZzDpOUYk0CeW0R2pALfN80JFzANBgkqhkiG9w0BAQsFAAOCAgEAeDG2X2Lk
wgbwSrx3fzRVP2KIho7C3rBVX/6p4eisl4s50pHXF9UAHwc2BXY4r+gl1TisF24y
hWTD9OfYW+q4d7+gcF5smQVeSmwIPSZgIRRaz4YI7p5grICw9+7Qh6IgLw+WsEUw
URCll5a81CdpITmrKxy4O+MScBY4+M4PZziqaZw60cdjC6hFikrndox91hEYvNdc
EQXoivYjfB9TO55gwzKHdmBHGzI1hPlTJMdBn4l0QixkJeIk2TBCWWhp15tgrNTC
HdawZ0cTwVH1CkeXr4jdi1afvX7cGbHPufjKW2KeyasLNaUagVH13NdYTe9et4Nf
rY3byqXICj9UMZuuMc7GJv07hRJ4DNyZMWtRr0duqAo3frGzJk4C4v25nU9msfCY
YjqM0KWOlrVPpnH7e8eMLFKZgrD6rV1a+cqvtjGSwNhbOZJ3xCPe/m+zeIOPkgDH
hDKoOagHVyBS+9ryIeEYmipxg7yjpbFUmI9Z8FE+teZdA0iBRjyikqzgtten7ZP8
uJiSAEbqn0l1O/qAyI6SlD/nsCX513KRk6kvFEWSud2vePsSQ9gtwjKCw3E4/OdL
AWUEOWQlCHVQioyrVc2WwRtO6o+prb+Nk/TTp9Gyp1fQjqMquESIsNoUvhrMOwXf
nIUh6pszMpdBlOnyry4RUK3I0sgM5TACZ1Y=
-----END CERTIFICATE-----

9
src/main.rs
View File

@ -13,7 +13,9 @@ use grpc::BrainGeneraClilMock;
use grpc::BrainVmCliMock; use grpc::BrainVmCliMock;
use grpc::BrainVmDaemonMock; use grpc::BrainVmDaemonMock;
use std::sync::Arc; use std::sync::Arc;
use tonic::transport::Identity;
use tonic::transport::Server; use tonic::transport::Server;
use tonic::transport::ServerTlsConfig;
#[tokio::main] #[tokio::main]
async fn main() { async fn main() {
@ -43,7 +45,14 @@ async fn main() {
let general_service_server = BrainGeneralCliServer::new(BrainGeneraClilMock::new(data.clone())); let general_service_server = BrainGeneralCliServer::new(BrainGeneraClilMock::new(data.clone()));
let cert = std::fs::read_to_string("/etc/detee/brain-mock/brain-crt.pem").unwrap();
let key = std::fs::read_to_string("/etc/detee/brain-mock/brain-key.pem").unwrap();
let identity = Identity::from_pem(cert, key);
Server::builder() Server::builder()
.tls_config(ServerTlsConfig::new().identity(identity))
.unwrap()
.add_service(snp_daemon_server) .add_service(snp_daemon_server)
.add_service(snp_cli_server) .add_service(snp_cli_server)
.add_service(sgx_cli_server) .add_service(sgx_cli_server)