From b90c981e8232413a3f2494a7451edaea9751d2f8 Mon Sep 17 00:00:00 2001
From: Starttoaster <b.butler@chia.net>
Date: Thu, 12 Sep 2024 09:42:03 -0700
Subject: [PATCH] Use new go-chia-libs functions for only having the cert and
 key in memory

---
 go.mod                                   |  2 +-
 go.sum                                   |  8 ++----
 internal/controller/chiaca/controller.go | 32 ++++++++++++++++++++----
 3 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/go.mod b/go.mod
index 2de8d53..6f866ea 100644
--- a/go.mod
+++ b/go.mod
@@ -3,6 +3,7 @@ module github.com/chia-network/chia-operator
 go 1.22.2
 
 require (
+	github.com/chia-network/go-chia-libs v0.12.0
 	github.com/google/go-cmp v0.6.0
 	github.com/onsi/ginkgo/v2 v2.20.2
 	github.com/onsi/gomega v1.34.2
@@ -18,7 +19,6 @@ require (
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/chia-network/go-chia-libs v0.11.2-0.20240912050005-bf342f43c99b // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emicklei/go-restful/v3 v3.12.1 // indirect
 	github.com/evanphx/json-patch v5.9.0+incompatible // indirect
diff --git a/go.sum b/go.sum
index fa78f24..618d733 100644
--- a/go.sum
+++ b/go.sum
@@ -2,12 +2,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/chia-network/go-chia-libs v0.11.1 h1:Jor1gE0ktXCQ3SvI7Z94En9dyoOrduIBRPvjlr13Cy0=
-github.com/chia-network/go-chia-libs v0.11.1/go.mod h1:npTqaFSjTdMxE7hc0LOmWJmWGqcs+IERarK5fDxXk/I=
-github.com/chia-network/go-chia-libs v0.11.2-0.20240912044818-0ba83b5bd868 h1:nCmu5H1QhR+efecdF+uN2LDjhpEXT2AseIoTwkNfUZU=
-github.com/chia-network/go-chia-libs v0.11.2-0.20240912044818-0ba83b5bd868/go.mod h1:npTqaFSjTdMxE7hc0LOmWJmWGqcs+IERarK5fDxXk/I=
-github.com/chia-network/go-chia-libs v0.11.2-0.20240912050005-bf342f43c99b h1:cklJdMqulYIo/2TOlbZ5l5cHQ1ga6blGb1aUlN+FkAU=
-github.com/chia-network/go-chia-libs v0.11.2-0.20240912050005-bf342f43c99b/go.mod h1:npTqaFSjTdMxE7hc0LOmWJmWGqcs+IERarK5fDxXk/I=
+github.com/chia-network/go-chia-libs v0.12.0 h1:3bwrQQAi6IiN7ltBW3++Y+3Kqa3SLx0wutMgOR9TD2E=
+github.com/chia-network/go-chia-libs v0.12.0/go.mod h1:npTqaFSjTdMxE7hc0LOmWJmWGqcs+IERarK5fDxXk/I=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
diff --git a/internal/controller/chiaca/controller.go b/internal/controller/chiaca/controller.go
index 3855cf3..9bb60c1 100644
--- a/internal/controller/chiaca/controller.go
+++ b/internal/controller/chiaca/controller.go
@@ -75,18 +75,40 @@ func (r *ChiaCAReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr
 	caExists, err := r.caSecretExists(ctx, ca)
 	if err != nil {
 		metrics.OperatorErrors.Add(1.0)
-		return ctrl.Result{}, fmt.Errorf("ChiaCAReconciler ChiaCA=%s encountered error querying for existing CA Secret: %v", req.NamespacedName, err)
+		return ctrl.Result{}, fmt.Errorf("encountered error querying for existing CA Secret: %v", err)
 	}
 
 	// If CA Secret doesn't exist, generate a CA and create one
 	if !caExists {
-		chiaCACrt, chiaCAKey := tls.GetChiaCACertAndKey()
-		privateCACrt, privateCAKey, err := tls.GenerateNewCA("")
+		// Get the public CA cert and key byte slices
+		publicCACrtBytes, publicCAKeyBytes := tls.GetChiaCACertAndKey()
+
+		// Parse the public CA crt and key to Go structs
+		chiaCACert, err := tls.ParsePemCertificate(publicCACrtBytes)
+		if err != nil {
+			metrics.OperatorErrors.Add(1.0)
+			return ctrl.Result{}, fmt.Errorf("encountered error parsing public CA cert: %v", err)
+		}
+		chiaCAKey, err := tls.ParsePemKey(publicCAKeyBytes)
 		if err != nil {
 			metrics.OperatorErrors.Add(1.0)
-			return ctrl.Result{}, fmt.Errorf("ChiaCAReconciler ChiaCA=%s encountered error generating new CA cert and key: %v", req.NamespacedName, err)
+			return ctrl.Result{}, fmt.Errorf("encountered error parsing public CA key: %v", err)
 		}
-		secret := assembleCASecret(ca, string(chiaCACrt), string(chiaCAKey), string(privateCACrt), string(privateCAKey))
+
+		// Generate a private CA cert and key signed by Chia's public CA
+		privateCACrt, privateCAKey, err := tls.GenerateCASignedCert(chiaCACert, chiaCAKey)
+		if err != nil {
+			metrics.OperatorErrors.Add(1.0)
+			return ctrl.Result{}, fmt.Errorf("encountered error generating new private CA cert and key: %v", err)
+		}
+
+		privateCACrtBytes, privateCAKeyBytes, err := tls.EncodeCertAndKeyToPEM(privateCACrt, privateCAKey)
+		if err != nil {
+			metrics.OperatorErrors.Add(1.0)
+			return ctrl.Result{}, fmt.Errorf("encountered error encoding private CA cert and key to PEM: %v", err)
+		}
+
+		secret := assembleCASecret(ca, string(publicCACrtBytes), string(publicCAKeyBytes), string(privateCACrtBytes), string(privateCAKeyBytes))
 		if err = r.Create(ctx, &secret); err != nil {
 			metrics.OperatorErrors.Add(1.0)
 			return ctrl.Result{}, fmt.Errorf("error creating CA Secret \"%s\": %v", secret.Name, err)