chore: automatically generating certs if not provided (Waku Canary) (#2408)

2024-02-12 16:28:22 +02:00 · 2024-02-12 16:28:22 +02:00 · 849d76d6d4
parent 9c0e943166
commit 849d76d6d4
2 changed files with 62 additions and 5 deletions
--- a/apps/wakucanary/certsgenerator.nim
+++ b/apps/wakucanary/certsgenerator.nim
@ -0,0 +1,42 @@
+import 
+  osproc, 
+  os, 
+  httpclient, 
+  strutils
+
+proc getPublicIP(): string =
+  let client = newHttpClient()
+  try:
+    let response = client.get("http://api.ipify.org")
+    return response.body
+  except Exception as e:
+    echo "Could not fetch public IP: " & e.msg
+    return "127.0.0.1"
+
+# Function to generate a self-signed certificate
+proc generateSelfSignedCertificate*(certPath: string, keyPath: string) : int =
+  
+  # Ensure the OpenSSL is installed
+  if findExe("openssl") == "":
+    echo "OpenSSL is not installed or not in the PATH."
+    return 1
+
+  let publicIP = getPublicIP()
+  
+  if publicIP != "127.0.0.1":
+    echo "Your public IP address is: ", publicIP 
+  
+  # Command to generate private key and cert
+  let 
+    cmd = "openssl req -x509 -newkey rsa:4096 -keyout " & keyPath & " -out " & certPath &
+            " -sha256 -days 3650 -nodes -subj '/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=" & 
+            publicIP & "'"
+    res = execCmd(cmd)
+
+  if res == 0:
+    echo "Successfully generated self-signed certificate and key."
+  else:
+    echo "Failed to generate certificate and key."
+  
+  return res
+  
--- a/apps/wakucanary/wakucanary.nim
+++ b/apps/wakucanary/wakucanary.nim
@ -3,13 +3,15 @@ import
  confutils,
  chronos,
  stew/shims/net,
-  chronicles/topics_registry
+  chronicles/topics_registry,
+  os
 import
  libp2p/protocols/ping,
  libp2p/crypto/[crypto, secp],
  libp2p/nameresolving/dnsresolver,
  libp2p/multicodec
 import
+  ./certsgenerator,
  ../../waku/waku_enr,
  ../../waku/node/peer_manager,
  ../../waku/waku_core,
@ -24,6 +26,7 @@ const ProtocolsTable = {
 }.toTable

 const WebSocketPortOffset = 1000
+const CertsDirectory = "./certs"

 # cli flags
 type
@ -154,6 +157,14 @@ proc main(rng: ref HmacDrbgContext): Future[int] {.async.} =
    nodeTcpPort = Port(conf.nodePort)
    isWs = peer.addrs[0].contains(multiCodec("ws")).get()
    isWss = peer.addrs[0].contains(multiCodec("wss")).get()
+    keyPath = if conf.websocketSecureKeyPath.len > 0:
+                conf.websocketSecureKeyPath
+              else:
+                CertsDirectory & "/key.pem"
+    certPath = if conf.websocketSecureCertPath.len > 0:
+                conf.websocketSecureCertPath
+              else:
+                CertsDirectory & "/cert.pem"

  var builder = WakuNodeBuilder.init()
  builder.withNodeKey(nodeKey)
@ -177,14 +188,18 @@ proc main(rng: ref HmacDrbgContext): Future[int] {.async.} =

  if isWss and (conf.websocketSecureKeyPath.len == 0 or
      conf.websocketSecureCertPath.len == 0):
-    error "WebSocket Secure requires key and certificate, see --help"
-    return 1
+    info "WebSocket Secure requires key and certificate. Generating them"
+    if not dirExists(CertsDirectory):
+      createDir(CertsDirectory)
+    if generateSelfSignedCertificate(certPath, keyPath) != 0:
+      error "Error generating key and certificate"
+      return 1

  builder.withRecord(record)
  builder.withNetworkConfiguration(netConfig.tryGet())
  builder.withSwitchConfiguration(
-    secureKey = some(conf.websocketSecureKeyPath),
-    secureCert = some(conf.websocketSecureCertPath),
+    secureKey = some(keyPath),
+    secureCert = some(certPath),
    nameResolver = resolver,
  )