Use new go-chia-libs functions for only having the cert and key in me…

…mory
Chia-Network · Sep 12, 2024 · b90c981 · b90c981
1 parent 16d28e3
commit b90c981
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 12 deletions.
diff --git a/go.mod b/go.mod
@@ -3,6 +3,7 @@ module github.com/chia-network/chia-operator
 go 1.22.2
 
 require (
+	github.com/chia-network/go-chia-libs v0.12.0
 	github.com/google/go-cmp v0.6.0
 	github.com/onsi/ginkgo/v2 v2.20.2
 	github.com/onsi/gomega v1.34.2
@@ -18,7 +19,6 @@ require (
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/chia-network/go-chia-libs v0.11.2-0.20240912050005-bf342f43c99b // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emicklei/go-restful/v3 v3.12.1 // indirect
 	github.com/evanphx/json-patch v5.9.0+incompatible // indirect

diff --git a/go.sum b/go.sum
@@ -2,12 +2,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/chia-network/go-chia-libs v0.11.1 h1:Jor1gE0ktXCQ3SvI7Z94En9dyoOrduIBRPvjlr13Cy0=
-github.com/chia-network/go-chia-libs v0.11.1/go.mod h1:npTqaFSjTdMxE7hc0LOmWJmWGqcs+IERarK5fDxXk/I=
-github.com/chia-network/go-chia-libs v0.11.2-0.20240912044818-0ba83b5bd868 h1:nCmu5H1QhR+efecdF+uN2LDjhpEXT2AseIoTwkNfUZU=
-github.com/chia-network/go-chia-libs v0.11.2-0.20240912044818-0ba83b5bd868/go.mod h1:npTqaFSjTdMxE7hc0LOmWJmWGqcs+IERarK5fDxXk/I=
-github.com/chia-network/go-chia-libs v0.11.2-0.20240912050005-bf342f43c99b h1:cklJdMqulYIo/2TOlbZ5l5cHQ1ga6blGb1aUlN+FkAU=
-github.com/chia-network/go-chia-libs v0.11.2-0.20240912050005-bf342f43c99b/go.mod h1:npTqaFSjTdMxE7hc0LOmWJmWGqcs+IERarK5fDxXk/I=
+github.com/chia-network/go-chia-libs v0.12.0 h1:3bwrQQAi6IiN7ltBW3++Y+3Kqa3SLx0wutMgOR9TD2E=
+github.com/chia-network/go-chia-libs v0.12.0/go.mod h1:npTqaFSjTdMxE7hc0LOmWJmWGqcs+IERarK5fDxXk/I=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=

diff --git a/internal/controller/chiaca/controller.go b/internal/controller/chiaca/controller.go
@@ -75,18 +75,40 @@ func (r *ChiaCAReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr
 	caExists, err := r.caSecretExists(ctx, ca)
 	if err != nil {
 		metrics.OperatorErrors.Add(1.0)
-		return ctrl.Result{}, fmt.Errorf("ChiaCAReconciler ChiaCA=%s encountered error querying for existing CA Secret: %v", req.NamespacedName, err)
+		return ctrl.Result{}, fmt.Errorf("encountered error querying for existing CA Secret: %v", err)
 	}
 
 	// If CA Secret doesn't exist, generate a CA and create one
 	if !caExists {
-		chiaCACrt, chiaCAKey := tls.GetChiaCACertAndKey()
-		privateCACrt, privateCAKey, err := tls.GenerateNewCA("")
+		// Get the public CA cert and key byte slices
+		publicCACrtBytes, publicCAKeyBytes := tls.GetChiaCACertAndKey()
+
+		// Parse the public CA crt and key to Go structs
+		chiaCACert, err := tls.ParsePemCertificate(publicCACrtBytes)
+		if err != nil {
+			metrics.OperatorErrors.Add(1.0)
+			return ctrl.Result{}, fmt.Errorf("encountered error parsing public CA cert: %v", err)
+		}
+		chiaCAKey, err := tls.ParsePemKey(publicCAKeyBytes)
 		if err != nil {
 			metrics.OperatorErrors.Add(1.0)
-			return ctrl.Result{}, fmt.Errorf("ChiaCAReconciler ChiaCA=%s encountered error generating new CA cert and key: %v", req.NamespacedName, err)
+			return ctrl.Result{}, fmt.Errorf("encountered error parsing public CA key: %v", err)
 		}
-		secret := assembleCASecret(ca, string(chiaCACrt), string(chiaCAKey), string(privateCACrt), string(privateCAKey))
+
+		// Generate a private CA cert and key signed by Chia's public CA
+		privateCACrt, privateCAKey, err := tls.GenerateCASignedCert(chiaCACert, chiaCAKey)
+		if err != nil {
+			metrics.OperatorErrors.Add(1.0)
+			return ctrl.Result{}, fmt.Errorf("encountered error generating new private CA cert and key: %v", err)
+		}
+
+		privateCACrtBytes, privateCAKeyBytes, err := tls.EncodeCertAndKeyToPEM(privateCACrt, privateCAKey)
+		if err != nil {
+			metrics.OperatorErrors.Add(1.0)
+			return ctrl.Result{}, fmt.Errorf("encountered error encoding private CA cert and key to PEM: %v", err)
+		}
+
+		secret := assembleCASecret(ca, string(publicCACrtBytes), string(publicCAKeyBytes), string(privateCACrtBytes), string(privateCAKeyBytes))
 		if err = r.Create(ctx, &secret); err != nil {
 			metrics.OperatorErrors.Add(1.0)
 			return ctrl.Result{}, fmt.Errorf("error creating CA Secret \"%s\": %v", secret.Name, err)