Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: support auto tls #115

Merged
merged 9 commits into from
Jul 18, 2024
Merged

Conversation

jiuker
Copy link
Contributor

@jiuker jiuker commented Jul 17, 2024

feat: support auto tls

Generated TLS certificate for host 'localhost'

Certificate: E8 96 7B 11 F0 46 91 16 1F AB B1 1E 8E B3 A8 72
             3B 7E 5F 4D F0 F6 37 30 45 C2 EE 95 AD 90 A1 1D
Public Key:  G5UKIKear644oohL5G2Un47tnnVXf3IK625YieKrC/8=

   LOG: 03:06:25.805 [200 OK]  http://127.0.0.1:9000 GET /minio/health/cluster                   1.406ms      ↑ 0 B ↓ 0 B

feat: support auto tls
@jiuker jiuker requested a review from harshavardhana July 17, 2024 10:10
main.go Outdated Show resolved Hide resolved
tls.go Show resolved Hide resolved
remove print
@jiuker jiuker marked this pull request as draft July 17, 2024 10:26
jiuker added 2 commits July 17, 2024 18:37
use p256
error
@jiuker jiuker requested a review from harshavardhana July 17, 2024 10:44
@harshavardhana
Copy link
Member

harshavardhana commented Jul 17, 2024

To print to screen you need to do this, don't copy paste it adapt it for the sidekick.

func fingerprintCert(cert *tls.Certificate) ([]byte, bool) {
	if cert == nil && len(cert.Certificate) != 1 {
		return nil, false
	}
	h := sha256.Sum256(cert.Certificate[0])
	return h[:], true
}

func fingerprintKey(cert *tls.Certificate) ([]byte, bool) {
	if cert == nil || len(cert.Certificate) != 1 {
		return nil, false
	}

	var (
		publicKeyDER []byte
		err          error
	)
	switch privateKey := cert.PrivateKey.(type) {
	default:
		return nil, false
	case *ecdsa.PrivateKey:
		publicKeyDER, err = x509.MarshalPKIXPublicKey(privateKey.Public())
	case *rsa.PrivateKey:
		publicKeyDER, err = x509.MarshalPKIXPublicKey(privateKey.Public())
	}
	if err != nil {
		return nil, false
	}
	h := sha256.Sum256(publicKeyDER)
	return h[:], true
}
func printTLSFingerprints() {
	if globalTLSCerts != nil {
		cert, _ := globalTLSCerts.GetCertificate(nil)
		if cert != nil && len(cert.Certificate) == 1 {
			if fingerprint, ok := fingerprintCert(cert); ok {
				logger.StartupMessage(colorBlue("\nCertificate: ") + fmt.Sprintf("% X", fingerprint[:len(fingerprint)/2]))
				logger.StartupMessage("             % X", fingerprint[len(fingerprint)/2:])
			}
			if fingerprint, ok := fingerprintKey(cert); ok {
				logger.StartupMessage(colorBlue("\nPublic Key:  ") + base64.StdEncoding.EncodeToString(fingerprint))
			}
		}
	}
}

Open an endpoint like /v1/health provide this at /v1/certificates and let the users get the public certificate of the server as a downloadable file as public.crt via Content-Disposition settings.

jiuker added 3 commits July 18, 2024 10:55
apply suggestion
apply suggestion
apply suggestion
@jiuker jiuker marked this pull request as ready for review July 18, 2024 03:07
main.go Outdated Show resolved Hide resolved
main.go Outdated Show resolved Hide resolved
main.go Outdated Show resolved Hide resolved
apply suggestion
@jiuker jiuker requested a review from harshavardhana July 18, 2024 07:27
format
@harshavardhana harshavardhana merged commit 6524e71 into minio:master Jul 18, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants