From 5a13d7e9cd64804fcce6cdf1edccf1d14f44cc4e Mon Sep 17 00:00:00 2001 From: evan Date: Wed, 27 Mar 2024 14:25:08 +0000 Subject: [PATCH 01/12] support tls config --- common/Cargo.toml | 13 +++ common/src/lib.rs | 1 + common/src/tls.rs | 60 ++++++++++++ service/Cargo.toml | 2 + service/config/prover1_tls.toml | 7 ++ service/config/prover2_tls.toml | 7 ++ service/config/stage_tls.toml | 7 ++ service/examples/README.md | 3 + service/examples/stage.rs | 24 ++++- service/src/config.rs | 34 ++++++- service/src/main.rs | 40 ++++++-- service/src/prover_client.rs | 49 +++++++--- service/src/stage_service.rs | 37 ++++++-- tools/certs/.csr | 16 ++++ tools/certs/.key | 28 ++++++ tools/certs/.pem | 19 ++++ tools/certs/ca.key | 28 ++++++ tools/certs/ca.pem | 19 ++++ tools/certs/ca.srl | 1 + tools/certs/certgen.sh | 161 ++++++++++++++++++++++++++++++++ tools/certs/client.key | 28 ++++++ tools/certs/client.pem | 20 ++++ tools/certs/openssl.cnf | 12 +++ tools/certs/prover1.key | 28 ++++++ tools/certs/prover1.pem | 20 ++++ tools/certs/prover2.key | 28 ++++++ tools/certs/prover2.pem | 20 ++++ tools/certs/stage.key | 28 ++++++ tools/certs/stage.pem | 20 ++++ 29 files changed, 726 insertions(+), 34 deletions(-) create mode 100644 common/Cargo.toml create mode 100644 common/src/lib.rs create mode 100644 common/src/tls.rs create mode 100644 service/config/prover1_tls.toml create mode 100644 service/config/prover2_tls.toml create mode 100644 service/config/stage_tls.toml create mode 100644 tools/certs/.csr create mode 100644 tools/certs/.key create mode 100644 tools/certs/.pem create mode 100644 tools/certs/ca.key create mode 100644 tools/certs/ca.pem create mode 100644 tools/certs/ca.srl create mode 100644 tools/certs/certgen.sh create mode 100644 tools/certs/client.key create mode 100644 tools/certs/client.pem create mode 100644 tools/certs/openssl.cnf create mode 100644 tools/certs/prover1.key create mode 100644 tools/certs/prover1.pem create mode 100644 tools/certs/prover2.key create mode 100644 tools/certs/prover2.pem create mode 100644 tools/certs/stage.key create mode 100644 tools/certs/stage.pem diff --git a/common/Cargo.toml b/common/Cargo.toml new file mode 100644 index 0000000..9e99cbe --- /dev/null +++ b/common/Cargo.toml @@ -0,0 +1,13 @@ +[package] +name = "common" +version = "0.1.0" +edition = "2021" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +anyhow = "1.0.75" +serde = "1.0.92" +serde_derive = "1.0.92" +tokio = { version = "1", features = ["full"] } +tonic = { version = "0.8.1", features = ["tls", "transport"] } \ No newline at end of file diff --git a/common/src/lib.rs b/common/src/lib.rs new file mode 100644 index 0000000..dbdc4f3 --- /dev/null +++ b/common/src/lib.rs @@ -0,0 +1 @@ +pub mod tls; diff --git a/common/src/tls.rs b/common/src/tls.rs new file mode 100644 index 0000000..8e96992 --- /dev/null +++ b/common/src/tls.rs @@ -0,0 +1,60 @@ +use anyhow::anyhow; +use std::io; +use std::path::Path; +use tonic::transport::{Certificate, Identity}; + +#[derive(Clone)] +pub struct Config { + pub ca_cert: Certificate, + pub identity: Identity, +} + +impl Config { + pub async fn new( + ca_cert_path: String, + cert_path: String, + key_path: String, + ) -> anyhow::Result { + let (ca_cert, identity) = get_cert_and_identity(ca_cert_path, cert_path, key_path).await?; + Ok(Config { ca_cert, identity }) + } +} + +async fn get_cert_and_identity( + ca_cert_path: String, + cert_path: String, + key_path: String, +) -> anyhow::Result<(Certificate, Identity)> { + let ca_cert_path = Path::new(&ca_cert_path); + let cert_path = Path::new(&cert_path); + let key_path = Path::new(&key_path); + if !ca_cert_path.is_file() || !cert_path.is_file() || !key_path.is_file() { + return Err(anyhow!( + "both ca_cert_path, cert_path and key_path should be valid file" + )); + } + + let ca_cert = tokio::fs::read(ca_cert_path).await.map_err(|err| { + io::Error::new( + err.kind(), + format!("Failed to read {ca_cert_path:?}, err: {err}"), + ) + })?; + let ca_cert = Certificate::from_pem(ca_cert); + + let cert = tokio::fs::read(cert_path).await.map_err(|err| { + io::Error::new( + err.kind(), + format!("Failed to read {cert_path:?}, err: {err}"), + ) + })?; + let key = tokio::fs::read(key_path).await.map_err(|err| { + io::Error::new( + err.kind(), + format!("Failed to read {key_path:?}, err: {err}"), + ) + })?; + let identity = Identity::from_pem(cert, key); + + Ok((ca_cert, identity)) +} diff --git a/service/Cargo.toml b/service/Cargo.toml index 939670e..6f0e4d2 100644 --- a/service/Cargo.toml +++ b/service/Cargo.toml @@ -9,6 +9,7 @@ edition = "2021" prover = { path = "../prover" } stage = {path = "../stage"} executor = {path = "../executor"} +common = {path = "../common"} tonic = "0.8.1" prost = "0.11.0" tokio = { version = "1.21.0", features = ["macros", "rt-multi-thread", "signal"] } @@ -21,5 +22,6 @@ env_logger = "0.10" toml = "0.5.1" lazy_static = "1.4" clap = "4.5.2" +anyhow = "1.0.75" [build-dependencies] tonic-build = "0.8.0" \ No newline at end of file diff --git a/service/config/prover1_tls.toml b/service/config/prover1_tls.toml new file mode 100644 index 0000000..771502b --- /dev/null +++ b/service/config/prover1_tls.toml @@ -0,0 +1,7 @@ +addr = "0.0.0.0:50001" +prover_addrs = ["localhost:50001"] +snark_addrs = [] +base_dir = "/tmp/zkm/test/test_proof" +ca_cert_path = "tools/certs/ca.pem" +cert_path = "tools/certs/prover1.pem" +key_path = "tools/certs/prover1.key" \ No newline at end of file diff --git a/service/config/prover2_tls.toml b/service/config/prover2_tls.toml new file mode 100644 index 0000000..8830409 --- /dev/null +++ b/service/config/prover2_tls.toml @@ -0,0 +1,7 @@ +addr = "0.0.0.0:50002" +prover_addrs = ["localhost:50002"] +snark_addrs = [] +base_dir = "/tmp/zkm/test/test_proof" +ca_cert_path = "tools/certs/ca.pem" +cert_path = "tools/certs/prover2.pem" +key_path = "tools/certs/prover2.key" \ No newline at end of file diff --git a/service/config/stage_tls.toml b/service/config/stage_tls.toml new file mode 100644 index 0000000..77a3d15 --- /dev/null +++ b/service/config/stage_tls.toml @@ -0,0 +1,7 @@ +addr = "0.0.0.0:50000" +prover_addrs = ["localhost:50001", "localhost:50002"] +snark_addrs = ["localhost:50051"] +base_dir = "/tmp/zkm/test/test_proof" +ca_cert_path = "tools/certs/ca.pem" +cert_path = "tools/certs/stage.pem" +key_path = "tools/certs/stage.key" \ No newline at end of file diff --git a/service/examples/README.md b/service/examples/README.md index 15d95a6..e8bfe36 100644 --- a/service/examples/README.md +++ b/service/examples/README.md @@ -28,6 +28,7 @@ cargo build --release * Start prover_server. ``` +# use prover1_tls.toml and prover2_tls.toml instead if tls is enabled $ ./target/release/service --config ./service/config/prover1.toml $ ./target/release/service --config ./service/config/prover2.toml ``` @@ -35,12 +36,14 @@ $ ./target/release/service --config ./service/config/prover2.toml * Start stage_server. ``` +# use stage_tls.toml instead if tls is enabled ./target/release/service --config ./service/config/stage.toml ``` * Start example stage ``` +# set CA_CERT_PATH, CERT_PATH and KEY_PATH if tls is enabled cargo run --release --example stage ``` diff --git a/service/examples/stage.rs b/service/examples/stage.rs index d8b301c..0adb693 100644 --- a/service/examples/stage.rs +++ b/service/examples/stage.rs @@ -1,11 +1,12 @@ +use common::tls::Config; use stage_service::stage_service_client::StageServiceClient; use stage_service::{BlockFileItem, GenerateProofRequest}; - use std::env; use std::fs; use std::path::Path; - use std::time::Instant; +use tonic::transport::ClientTlsConfig; +use tonic::transport::Endpoint; pub mod stage_service { tonic::include_proto!("stage.v1"); @@ -19,6 +20,14 @@ async fn main() -> Result<(), Box> { let block_no = block_no.parse::<_>().unwrap_or(13284491); let seg_size = env::var("SEG_SIZE").unwrap_or("262144".to_string()); let seg_size = seg_size.parse::<_>().unwrap_or(262144); + let ca_cert_path = env::var("CA_CERT_PATH").unwrap_or("".to_string()); + let cert_path = env::var("CERT_PATH").unwrap_or("".to_string()); + let key_path = env::var("KEY_PATH").unwrap_or("".to_string()); + let ssl_config = if ca_cert_path.is_empty() { + None + } else { + Some(Config::new(ca_cert_path, cert_path, key_path).await?) + }; let elf_data = prover::provers::read_file_bin(&elf_path).unwrap(); let mut block_data = Vec::new(); @@ -47,7 +56,16 @@ async fn main() -> Result<(), Box> { }; println!("request: {:?}", request.proof_id.clone()); let start = Instant::now(); - let mut stage_client = StageServiceClient::connect("http://127.0.0.1:50000").await?; + let endpoint = match ssl_config { + Some(config) => { + let tls_config = ClientTlsConfig::new() + .ca_certificate(config.ca_cert) + .identity(config.identity); + Endpoint::new("http://localhost:50000")?.tls_config(tls_config)? + } + None => Endpoint::new("http://127.0.0.1:50000")?, + }; + let mut stage_client = StageServiceClient::connect(endpoint).await?; let response = stage_client.generate_proof(request).await?.into_inner(); println!("response: {:?}", response); let end = Instant::now(); diff --git a/service/src/config.rs b/service/src/config.rs index 84d002b..d805c71 100644 --- a/service/src/config.rs +++ b/service/src/config.rs @@ -11,12 +11,15 @@ pub fn instance() -> &'static Mutex { INSTANCE.get_or_init(|| Mutex::new(RuntimeConfig::new())) } -#[derive(Debug, Deserialize)] +#[derive(Debug, Deserialize, Clone)] pub struct RuntimeConfig { pub addr: String, pub prover_addrs: Vec, pub snark_addrs: Vec, pub base_dir: String, + pub ca_cert_path: Option, + pub cert_path: Option, + pub key_path: Option, } impl RuntimeConfig { @@ -26,6 +29,9 @@ impl RuntimeConfig { prover_addrs: ["0.0.0.0:50000".to_string()].to_vec(), snark_addrs: ["0.0.0.0:50000".to_string()].to_vec(), base_dir: "/tmp".to_string(), + ca_cert_path: None, + cert_path: None, + key_path: None, } } @@ -50,6 +56,17 @@ impl RuntimeConfig { return None; } }; + // both of ca_cert_path, cert_path, key_path should be some or none + if config.ca_cert_path.is_some() || config.cert_path.is_some() || config.key_path.is_some() + { + if config.ca_cert_path.is_none() + || config.cert_path.is_none() + || config.key_path.is_none() + { + error!("both of ca_cert_path, cert_path, key_path should be some or none"); + return None; + } + } instance().lock().unwrap().addr.clone_from(&config.addr); instance() .lock() @@ -66,6 +83,21 @@ impl RuntimeConfig { .unwrap() .snark_addrs .clone_from(&config.snark_addrs); + instance() + .lock() + .unwrap() + .ca_cert_path + .clone_from(&config.ca_cert_path); + instance() + .lock() + .unwrap() + .cert_path + .clone_from(&config.cert_path); + instance() + .lock() + .unwrap() + .key_path + .clone_from(&config.key_path); Some(config) } } diff --git a/service/src/main.rs b/service/src/main.rs index 65f8097..6eea15b 100644 --- a/service/src/main.rs +++ b/service/src/main.rs @@ -1,9 +1,11 @@ use clap::Parser; use prover_node::ProverNode; +use common::tls::Config as TlsConfig; use prover_service::prover_service::prover_service_server::ProverServiceServer; use stage_service::stage_service::stage_service_server::StageServiceServer; use tonic::transport::Server; +use tonic::transport::ServerTlsConfig; mod config; mod prover_client; @@ -28,19 +30,39 @@ async fn main() -> Result<(), Box> { let nodes_lock = crate::prover_node::instance(); { let mut nodes_data = nodes_lock.lock().unwrap(); - for node in runtime_config.prover_addrs { - nodes_data.add_node(ProverNode::new(&node)); + for node in &runtime_config.prover_addrs { + nodes_data.add_node(ProverNode::new(node)); } - for node in runtime_config.snark_addrs { - nodes_data.add_snark_node(ProverNode::new(&node)); + for node in &runtime_config.snark_addrs { + nodes_data.add_snark_node(ProverNode::new(node)); } } let prover = prover_service::ProverServiceSVC::default(); - let stage = stage_service::StageServiceSVC::default(); - Server::builder() - .add_service(ProverServiceServer::new(prover)) - .add_service(StageServiceServer::new(stage)) - .serve(addr) + let stage = stage_service::StageServiceSVC::new(runtime_config.clone()).await?; + if runtime_config.ca_cert_path.is_some() { + let tls_config = TlsConfig::new( + runtime_config.ca_cert_path.unwrap(), + runtime_config.cert_path.unwrap(), + runtime_config.key_path.unwrap(), + ) .await?; + Server::builder() + .tls_config( + ServerTlsConfig::new() + .identity(tls_config.identity) + .client_ca_root(tls_config.ca_cert), + )? + .add_service(ProverServiceServer::new(prover)) + .add_service(StageServiceServer::new(stage)) + .serve(addr) + .await?; + } else { + Server::builder() + .add_service(ProverServiceServer::new(prover)) + .add_service(StageServiceServer::new(stage)) + .serve(addr) + .await?; + } + Ok(()) } diff --git a/service/src/prover_client.rs b/service/src/prover_client.rs index 040ac80..91aa392 100644 --- a/service/src/prover_client.rs +++ b/service/src/prover_client.rs @@ -1,3 +1,4 @@ +use common::tls::Config as TlsConfig; use prover_service::prover_service_client::ProverServiceClient; use prover_service::AggregateAllRequest; use prover_service::FinalProofRequest; @@ -5,6 +6,7 @@ use prover_service::GetTaskResultRequest; use prover_service::ProveRequest; use prover_service::SplitElfRequest; use prover_service::{get_status_response, GetStatusRequest}; +use tonic::transport::ClientTlsConfig; use stage::tasks::{ AggAllTask, FinalTask, ProveTask, SplitTask, TASK_STATE_FAILED, TASK_STATE_PROCESSING, @@ -28,10 +30,12 @@ pub fn get_nodes() -> Vec { nodes_data.get_nodes() } -pub async fn get_idle_client() -> Option> { +pub async fn get_idle_client( + tls_config: Option, +) -> Option> { let nodes: Vec = get_nodes(); for node in nodes { - let client = is_active(&node.addr).await; + let client = is_active(&node.addr, tls_config.clone()).await; if let Some(client) = client { return Some(client); } @@ -46,10 +50,12 @@ pub fn get_snark_nodes() -> Vec { nodes_data.get_snark_nodes() } -pub async fn get_snark_client() -> Option> { +pub async fn get_snark_client( + tls_config: Option, +) -> Option> { let nodes: Vec = get_snark_nodes(); for node in nodes { - let client = is_active(&node.addr).await; + let client = is_active(&node.addr, tls_config.clone()).await; if let Some(client) = client { return Some(client); } @@ -58,12 +64,21 @@ pub async fn get_snark_client() -> Option> { None } -pub async fn is_active(addr: &String) -> Option> { +pub async fn is_active( + addr: &String, + tls_config: Option, +) -> Option> { let uri = format!("grpc://{}", addr).parse::().unwrap(); - let endpoint = tonic::transport::Channel::builder(uri) + let mut endpoint = tonic::transport::Channel::builder(uri) .connect_timeout(Duration::from_secs(5)) .timeout(Duration::from_secs(TASK_TIMEOUT)) .concurrency_limit(256); + if let Some(config) = tls_config { + let tls_config = ClientTlsConfig::new() + .ca_certificate(config.ca_cert) + .identity(config.identity); + endpoint = endpoint.tls_config(tls_config).unwrap(); + } let client = ProverServiceClient::connect(endpoint).await; if let Ok(mut client) = client { let request = GetStatusRequest {}; @@ -93,9 +108,9 @@ pub fn result_code_to_state(code: i32) -> u32 { } } -pub async fn split(mut split_task: SplitTask) -> Option { +pub async fn split(mut split_task: SplitTask, tls_config: Option) -> Option { split_task.state = TASK_STATE_UNPROCESSED; - let client = get_idle_client().await; + let client = get_idle_client(tls_config).await; if let Some(mut client) = client { let request = SplitElfRequest { chain_id: 0, @@ -124,9 +139,9 @@ pub async fn split(mut split_task: SplitTask) -> Option { Some(split_task) } -pub async fn prove(mut prove_task: ProveTask) -> Option { +pub async fn prove(mut prove_task: ProveTask, tls_config: Option) -> Option { prove_task.state = TASK_STATE_UNPROCESSED; - let client = get_idle_client().await; + let client = get_idle_client(tls_config).await; if let Some(mut client) = client { let request = ProveRequest { chain_id: 0, @@ -156,9 +171,12 @@ pub async fn prove(mut prove_task: ProveTask) -> Option { Some(prove_task) } -pub async fn aggregate_all(mut agg_all_task: AggAllTask) -> Option { +pub async fn aggregate_all( + mut agg_all_task: AggAllTask, + tls_config: Option, +) -> Option { agg_all_task.state = TASK_STATE_UNPROCESSED; - let client = get_idle_client().await; + let client = get_idle_client(tls_config).await; if let Some(mut client) = client { let request = AggregateAllRequest { chain_id: 0, @@ -190,8 +208,11 @@ pub async fn aggregate_all(mut agg_all_task: AggAllTask) -> Option { Some(agg_all_task) } -pub async fn final_proof(mut final_task: FinalTask) -> Option { - let client = get_snark_client().await; +pub async fn final_proof( + mut final_task: FinalTask, + tls_config: Option, +) -> Option { + let client = get_snark_client(tls_config).await; if let Some(mut client) = client { let request = FinalProofRequest { chain_id: 0, diff --git a/service/src/stage_service.rs b/service/src/stage_service.rs index b913674..dbc1bd5 100644 --- a/service/src/stage_service.rs +++ b/service/src/stage_service.rs @@ -1,3 +1,4 @@ +use common::tls::Config as TlsConfig; use stage_service::stage_service_server::StageService; use stage_service::{GenerateProofRequest, GenerateProofResponse}; use stage_service::{GetStatusRequest, GetStatusResponse}; @@ -15,7 +16,6 @@ use crate::config; use crate::prover_client; use prover::provers::{self, read_file_bin}; -#[allow(clippy::module_inception)] pub mod stage_service { tonic::include_proto!("stage.v1"); } @@ -27,8 +27,27 @@ lazy_static! { static ref GLOBAL_TASKMAP: Mutex> = Mutex::new(HashMap::new()); } -#[derive(Debug, Default)] -pub struct StageServiceSVC {} +pub struct StageServiceSVC { + tls_config: Option, +} + +impl StageServiceSVC { + pub async fn new(config: config::RuntimeConfig) -> anyhow::Result { + let tls_config = if config.ca_cert_path.is_some() { + Some( + TlsConfig::new( + config.ca_cert_path.unwrap(), + config.cert_path.unwrap(), + config.key_path.unwrap(), + ) + .await?, + ) + } else { + None + }; + Ok(StageServiceSVC { tls_config }) + } +} #[tonic::async_trait] impl StageService for StageServiceSVC { @@ -129,8 +148,9 @@ impl StageService for StageServiceSVC { let split_task = stage.get_split_task(); if let Some(split_task) = split_task { let tx = tx.clone(); + let tls_config = self.tls_config.clone(); tokio::spawn(async move { - let response = prover_client::split(split_task).await; + let response = prover_client::split(split_task, tls_config).await; if let Some(split_task) = response { tx.send(Task::Split(split_task)).await.unwrap(); } @@ -139,8 +159,9 @@ impl StageService for StageServiceSVC { let prove_task = stage.get_prove_task(); if let Some(prove_task) = prove_task { let tx = tx.clone(); + let tls_config = self.tls_config.clone(); tokio::spawn(async move { - let response = prover_client::prove(prove_task).await; + let response = prover_client::prove(prove_task, tls_config).await; if let Some(prove_task) = response { tx.send(Task::Prove(prove_task)).await.unwrap(); } @@ -149,8 +170,9 @@ impl StageService for StageServiceSVC { let agg_task = stage.get_agg_all_task(); if let Some(agg_task) = agg_task { let tx = tx.clone(); + let tls_config = self.tls_config.clone(); tokio::spawn(async move { - let response = prover_client::aggregate_all(agg_task).await; + let response = prover_client::aggregate_all(agg_task, tls_config).await; if let Some(agg_task) = response { tx.send(Task::Agg(agg_task)).await.unwrap(); } @@ -159,8 +181,9 @@ impl StageService for StageServiceSVC { let final_task = stage.get_final_task(); if let Some(final_task) = final_task { let tx = tx.clone(); + let tls_config = self.tls_config.clone(); tokio::spawn(async move { - let response = prover_client::final_proof(final_task).await; + let response = prover_client::final_proof(final_task, tls_config).await; if let Some(final_task) = response { tx.send(Task::Final(final_task)).await.unwrap(); } diff --git a/tools/certs/.csr b/tools/certs/.csr new file mode 100644 index 0000000..d862263 --- /dev/null +++ b/tools/certs/.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICjTCCAXUCAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM7e +KTV8wk/6+jXYUKNATT6m1kKODZRUXvYX7+fNffDJ0MlQSaUlp23xEph6BepQF9s8 +Jwu38FD++zVXnO8Bp6abzH87+JbXc3Df3sT9Y1cgFQ8SDSGBsvcV+3mUkP3OMm3e +k2Ms91hf1p/lUnwNVaX8529INTVFw6ZJ7zCvXc3jz5cAesXNlk6Em4gpiqhksPN7 +B/GZfMmJDCRWjJmJb7nL2S/Zn7tJWh+RkBAK6SAOj5zK8TS/c0rNR381I/Nxj7Nd +CZZVLPdgbeso9H4fUDB354xTOQztNRQmcv3BYNd7OWJ6mmHDK6vSFaFuUsoBGnES +EHBTdfeguUo6hTpn540CAwEAAaBIMEYGCSqGSIb3DQEJDjE5MDcwCQYDVR0TBAIw +ADALBgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0G +CSqGSIb3DQEBCwUAA4IBAQAQJFCdlpBbp+3MQZWLxSUjfztdKxUNtlYK6TS4vGkF +TrgsBhup/o2dldZLTfRqEIFOkCyU5oAY/aj0dZzrw4Q1//1pBiQcBhppPa5wdnWW +DQTLqDA0N6iHKO1Fvq44PxftCmp8BJGMg0qHyNwZVOpfWZ14lByYurQQqTn71i4G +JZXNjg1IdlCJXJn61H9yQ4uApU5SKYWzwyHyPuZqBjy9MeZ515UQhziN8ktwQA1a +XRuwQTyXTsaiPFF3ISJQrtYfU36VHnBvk+NHLlrSCLcCtlrMbfLRUWJRnvFiR8Uj +cr03NqAnwTy8wL4YMHHZTv/3UbV5fAp5l+HJ+9LjVefX +-----END CERTIFICATE REQUEST----- diff --git a/tools/certs/.key b/tools/certs/.key new file mode 100644 index 0000000..c63565d --- /dev/null +++ b/tools/certs/.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDO3ik1fMJP+vo1 +2FCjQE0+ptZCjg2UVF72F+/nzX3wydDJUEmlJadt8RKYegXqUBfbPCcLt/BQ/vs1 +V5zvAaemm8x/O/iW13Nw397E/WNXIBUPEg0hgbL3Fft5lJD9zjJt3pNjLPdYX9af +5VJ8DVWl/OdvSDU1RcOmSe8wr13N48+XAHrFzZZOhJuIKYqoZLDzewfxmXzJiQwk +VoyZiW+5y9kv2Z+7SVofkZAQCukgDo+cyvE0v3NKzUd/NSPzcY+zXQmWVSz3YG3r +KPR+H1Awd+eMUzkM7TUUJnL9wWDXezliepphwyur0hWhblLKARpxEhBwU3X3oLlK +OoU6Z+eNAgMBAAECggEAWkMGYQ+4KzS7ww3JFYpDihA60dxwoWV079T++Too9wzf +/E77a0M0PFzhO8WWWigrWJ30/YB7K6QuERbS41hqAeDeCDAvJgYJGVmdNn/HPidB ++QrrztBsObKOQPzpjMzRJS5mSfI/VICwwaDKblVVJzFj/CLaEI4Jsb91zdzexawV +s3FELLTFb7gDwokMmD+vQUajMc9oicOO5JujOLvyQ+k1UOJk7j+VU90FvTIxkDdj +ngSycWaXgXyMUVqupUYs+inufxJNa9End6VdrcaA7HFxDsX5G9+7SIN7zXdp5V6g +sNmmYV+GPRL/IIJVJGSCoHD7eBaV1tFkICJoUt7bUwKBgQDrMy9EN7WTnoJyg2N5 +yPK/32bv1DR69H/Fco01rmKZ62JsK/9Q0Ypgbh6m1McPZRJ7giCIDJuEf3od8Ao9 +1HIahDuFxDciLxV7nlpK718MzfDoPModmFhspQ1iqemINbHu6pyfPGxLPzXYOoBB +W6oQ5dpu8u0aapbm8AkGgVMOCwKBgQDhKYzrEXQkuGtyH7xYy1FFChaoyp6E49/D +H4ny3faV/pSsUk9qwQH5kXxHZV56Ln+opOgdrYE7TkNU6G2Uz49STWL13t4RY2OR +Uwa4P1GXVkbwIBnHryQAwZQ4S9Qp3Ax17HTWOu3XSG1GAV1b9U0od05aW4KDhSGb +3zVqo98XxwKBgQDo39gH6kTdcY9lRJQkzAMWWWL5SRnhN96ep+oK4av9DGN6CSIV +ajNhgQbWVkz2ADQJl/EP47PDv9gwdjAdwhBsEstAieOw8/+IU2TBVzq8WdgSicXx +AZtjjxSuwN9aHxgbH66Nt2zeICr2+g1tKQ49Buh8/AgpJKpe5AF7sGaEuwKBgGtY +0OtdVd8P4YH2aWh3/pYIukbc2viGX676QV19v0tBpYYGdAB0Zkmit/qd9I4RzyEL +BfLoPn2U0XsQmPXigvT9GhoYmAz4Mocda026Ol8JbiabV08hS+vkXpL8a/lNBM/P +3OAqFiyWRiqjCeyGpbOONdfUWwPzG9PhdekSmZEPAoGBAIyxeY5VEUgBs0cDk2Wa +eE5TflTGxXtkJOCYa0dUwXstF9gbh5fGDsKAe0V1pQ8JvzpoJrUPADOlRORdDLZZ +8G2c3E1fnM+yq6p4rUIl0Oz/NBHnpSmzHBqsdRBC9NXR4WYhqEluaS5zbmKtkQMo +t1aDuvYuBgyprBZdyDN8IRZX +-----END PRIVATE KEY----- diff --git a/tools/certs/.pem b/tools/certs/.pem new file mode 100644 index 0000000..afbc2e1 --- /dev/null +++ b/tools/certs/.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFTCCAf2gAwIBAgIUF3SUSQ185FWJQ4h5pZ3EDT1SNwUwDQYJKoZIhvcNAQEL +BQAwDjEMMAoGA1UEAwwDY2EtMB4XDTI0MDMyNjE2NDExNVoXDTM0MDMyNDE2NDEx +NVowADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM7eKTV8wk/6+jXY +UKNATT6m1kKODZRUXvYX7+fNffDJ0MlQSaUlp23xEph6BepQF9s8Jwu38FD++zVX +nO8Bp6abzH87+JbXc3Df3sT9Y1cgFQ8SDSGBsvcV+3mUkP3OMm3ek2Ms91hf1p/l +UnwNVaX8529INTVFw6ZJ7zCvXc3jz5cAesXNlk6Em4gpiqhksPN7B/GZfMmJDCRW +jJmJb7nL2S/Zn7tJWh+RkBAK6SAOj5zK8TS/c0rNR381I/Nxj7NdCZZVLPdgbeso +9H4fUDB354xTOQztNRQmcv3BYNd7OWJ6mmHDK6vSFaFuUsoBGnESEHBTdfeguUo6 +hTpn540CAwEAAaN5MHcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0lBBYw +FAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdDgQWBBSJx3CkN5S+CS9XwzXKQx8y +4PvruDAfBgNVHSMEGDAWgBRISFrALUMNyE96vIQdz1/HZkRjATANBgkqhkiG9w0B +AQsFAAOCAQEALZsZ0Axshirwv+bEm4s3W7QoG4uD6Rle/e3HwZGjVxSQYrvvGLdW +Foj5696/G2yxjP1aXUpEIHRZ3e3OEBExVjO9DCXcRHelY3U9sm27H9tdUSWNth2b +FTaKS7kMrzB6hpXk/uI1WoYOVgLhh83nXXL1vJsOFWJ5UiLPKLRcLSNm+2tswJv3 +URGqfsArZrCtVulW8JNcgeQhXQ8wwqhJ4Cug7Mh9oqqtZSTcmgehhQxl8IbBvjId +G6HD2347JfU1wlDSKTMzGOTRyoLTtiJGqkgmElAzmbA3RlaICUlTCuwaVTDrzmsL +88DvRhfLU0uFkwE357E7zJhbQCwkQKi1fA== +-----END CERTIFICATE----- diff --git a/tools/certs/ca.key b/tools/certs/ca.key new file mode 100644 index 0000000..13a667b --- /dev/null +++ b/tools/certs/ca.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCjQp/xn07gjnHE +8BUHZ8Ouiibq1Dj3mLVudWhU+oB9N57GJVmcXGHP7iAzvgJPrHARVgn25gYmEF/X +pqsGh5omtghD7NgNSk7/XlazdmelC3rgbk+r7nDzZW6eNKVOqJusHMEFAotylsEo +5RKCVtm34LE2HHgvTyGAdOzqKrJC7FRhSVeCOCqnAm60MjbkBUP8smNeyBqQwfcJ +0/gu0zNP4jxiTbN0E5AyLalKu12a2b8HepqGj2CmPWRRdclzAaMp0l+0E1WSncxq +UiRjl312gwBIMFi/GeT6i5zqV+iIqkLRnK7VyTLlA1vYXd0z8vdzTxS59hGHVzVM +IyoD3pcZAgMBAAECggEADEUyg3zZVy4JjbdMI1B4j/aU7ncZGX3WHAlRuDpUHCUp +JyQRQDvew5uWesEUCCQyD5F/gfmfmm6GX41Iox7ftntds2o6gkQ0nAOdgVM7vrc2 +SuYrkYTkIxz7Y4NaLcdlHNpT5QIgFDKRrbbKzXZE2om2E/avj0Gzp0WSdVaUa4xc +GcSSnS9NPvYY7fXwyPYeOC1bsmL6UpblvnLN9J5WxVq8g8wxyH29V3sa9QoBJ558 +Hb3LPLFxwfWhr3NYVRdmrf1dqxYH8ACqzD65870IxlJp25sAcSlOd+c10gfQwoN+ +Va0pWv3Sb/fKrHsYe08yLMlcQx354/O09E4n1QfxAQKBgQDUe3+tK5OIwRAAK+W9 +Y71voCNmOTRmDHQGvkTNor9iKtKfRIXWSG3drUG8Byg42OKqRfXq4sQ7NAzSBDIf +FCmcv5vz64pHdv5kLsCZZpIV2pEpI5xkegmEGlVm7eRB8GZ5NlS6ZXj6ApPYp395 +e9E+DOmdRx1w7MhJEb6/XqqHAQKBgQDEsmWXQD2WGyzz4R76mCkn8D4ZafbpMc4h +6Vcu5BQby0iYlh67l7y0QV9PcK0qYJlreWqzXpugPMy0QxAh6XNR0GVU30hhPl4l +VBDrMur9HFqb3C4i649UN0o3JJ0IQS8GkZTwNuZc+k4qE0nb3dQ4W7HOWUuoC88i +R4x5ZV9oGQKBgQDB3NPGmaWH9i21GlgIDcI+4CqsD7FBEkeiB2MbA0v+MvfsHEbI +FVk4EeWRui32f9t+Y0pVvgQvx/OSggWA2ZKF00RkrhiBz42Wthk/XJgYnEwo7ra3 +7ahVAPm+aXoCt2WnXey8C+zunf9qgpgJrPBh3sIen027RC4QjMIuNB7+AQKBgG7q +mlb8Jr5qfKLZo3p0K2EWHC6AjndZWn/M8RjEDILP0xQYMyRdoE+VPYWyaDOpXVo5 +kW2sP93P6y8LUiGNXzYXacy+TDZp0PUDvraic9hfEMkrE+klJCG9O+B0iQiKmVX+ +6hm7G5P6ofEgB1owcOeG7XEK8ZrFbfxKlHAwNeihAoGAWQ9S6BlJ864sP8sUyFaY +Wh4Es4pLod1QBB9KgXO89q6c7yMPmauyKIAiYZPGzTAuKK+tgwFAJRBHeE3Ll8U0 +Oa2DsnKTiAIFvYhsFjJdCYWXev8st7+F78x6VHBmOqGkupOYf1MFemIArAhkHhzs +h6Hq4hqK5yUCwYYqT3qvd2E= +-----END PRIVATE KEY----- diff --git a/tools/certs/ca.pem b/tools/certs/ca.pem new file mode 100644 index 0000000..759e691 --- /dev/null +++ b/tools/certs/ca.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDCzCCAfOgAwIBAgIULSqN37UVXR26pJl0tLAPmiTr1xUwDQYJKoZIhvcNAQEL +BQAwFTETMBEGA1UEAwwKY2EtcHJvdmVyMTAeFw0yNDAzMjYxNjQ5NDhaFw0zNDAz +MjQxNjQ5NDhaMBUxEzARBgNVBAMMCmNhLXByb3ZlcjEwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQCjQp/xn07gjnHE8BUHZ8Ouiibq1Dj3mLVudWhU+oB9 +N57GJVmcXGHP7iAzvgJPrHARVgn25gYmEF/XpqsGh5omtghD7NgNSk7/Xlazdmel +C3rgbk+r7nDzZW6eNKVOqJusHMEFAotylsEo5RKCVtm34LE2HHgvTyGAdOzqKrJC +7FRhSVeCOCqnAm60MjbkBUP8smNeyBqQwfcJ0/gu0zNP4jxiTbN0E5AyLalKu12a +2b8HepqGj2CmPWRRdclzAaMp0l+0E1WSncxqUiRjl312gwBIMFi/GeT6i5zqV+iI +qkLRnK7VyTLlA1vYXd0z8vdzTxS59hGHVzVMIyoD3pcZAgMBAAGjUzBRMB0GA1Ud +DgQWBBRSls/+/J9oo3WU2r75jNFFQu85XTAfBgNVHSMEGDAWgBRSls/+/J9oo3WU +2r75jNFFQu85XTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAy +Wkbie0RuepmkHmUJhounjMuscOBRQZSL89AI7bnrqP20ydq4HS6EY13U0VNzH/2m +uAt4Mqd91e3cnZ9bJUiNdxITwrKrLRmLI8NCldRoJ5C8IaT6roMapFQ/uRxwjCJA +JD0oHISipv48dUc9XOWwi1gzbNqyFN+IRLKRX9cHeOYMce1WKp4XGHdwqrDRspjz +xGmGcnC5ZvbcBGNDaysyziSjhkOFy97PaAWpn5ixzQhmbEn39Ssm2wYo9P8B4tC4 +coBRjwVicHHj3vRkj2maNtHOuy7nfuH6RcoZM5KPPb0Ity8jwmzfJgRkrxYAhsBQ +wcXlWhbUTuctyrSbxBX+ +-----END CERTIFICATE----- diff --git a/tools/certs/ca.srl b/tools/certs/ca.srl new file mode 100644 index 0000000..087e656 --- /dev/null +++ b/tools/certs/ca.srl @@ -0,0 +1 @@ +2C2251E5E54C147A0773389FE5DFE69C13FD8CC1 diff --git a/tools/certs/certgen.sh b/tools/certs/certgen.sh new file mode 100644 index 0000000..76f3500 --- /dev/null +++ b/tools/certs/certgen.sh @@ -0,0 +1,161 @@ +#!/bin/bash -e + +CN='' +SSL_IP='' +SSL_DNS='' + +C=CN + +SSL_SIZE=2048 + +DATE=${DATE:-3650} + +SSL_CONFIG='openssl.cnf' + +help() { + cat <<-EOF + +Usage: ./certgen.sh [OPTIONS] COMMAND + +A script for zkm cert generation. + +Options: +--help Get the help info and exit +--cn Common name of the server +--ssl-ip Extended trust ips, such as 127.0.0.1, 0.0.0.0 +--ssl-dns Extended trust dns, such as demo.zkm.com +--ssl-size The key size +--date Validity of the certificate +--ssl-config Address of config file +EOF + exit 0 +} + +echo 'cn', $2 + +while [ -n "$1" ]; do + case "$1" in + --cn) + CN="$2" + shift + ;; + --ssl-ip) + SSL_IP="$2" + shift + ;; + --ssl-dns) + SSL_DNS="$2" + shift + ;; + --ssl-size) + SSL_SIZE=$2 + shift + ;; + --date) + DATE=$2 + shift + ;; + --ssl-config) + SSL_CONFIG="$2" + shift + ;; + -h | --help) + help + ;; + --) + shift + break + ;; + *) + echo "Error: not defined option." + exit 1 + ;; + esac + shift +done + +echo "----------------------------" +echo "| SSL Cert Generator |" +echo "----------------------------" +echo + +export CA_KEY=${CA_KEY-"ca.key"} +export CA_CERT=${CA_CERT-"ca.pem"} +export CA_SUBJECT=ca-$CN +export CA_EXPIRE=${DATE} + +export SSL_CONFIG=${SSL_CONFIG} +export SSL_KEY=$CN.key +export SSL_CSR=$CN.csr +export SSL_CERT=$CN.pem +export SSL_EXPIRE=${DATE} + +export SSL_SUBJECT=${CN} +export SSL_DNS=${SSL_DNS} +export SSL_IP=${SSL_IP} + +echo ${CA_SUBJECT} +echo ${CN} +echo "--> Certificate Authority" + +if [[ -e ./${CA_KEY} ]]; then + echo "====> Using existing CA Key ${CA_KEY}" +else + echo "====> Generating new CA key ${CA_KEY}" + openssl genrsa -out ${CA_KEY} ${SSL_SIZE} >/dev/null +fi + +if [[ -e ./${CA_CERT} ]]; then + echo "====> Using existing CA Certificate ${CA_CERT}" +else + echo "====> Generating new CA Certificate ${CA_CERT}" + openssl req -x509 -sha256 -new -nodes -key ${CA_KEY} \ + -days ${CA_EXPIRE} -out ${CA_CERT} -subj "/CN=${CA_SUBJECT}" >/dev/null || exit 1 +fi + +echo "====> Generating new config file ${SSL_CONFIG}" +cat >${SSL_CONFIG} <>${SSL_CONFIG} <>${SSL_CONFIG} + done + + if [[ -n ${SSL_IP} ]]; then + ip=(${SSL_IP}) + for i in "${!ip[@]}"; do + echo IP.$((i + 1)) = ${ip[$i]} >>${SSL_CONFIG} + done + fi +fi + +echo "====> Generating new SSL KEY ${SSL_KEY}" +openssl genrsa -out ${SSL_KEY} ${SSL_SIZE} >/dev/null || exit 1 + +echo "====> Generating new SSL CSR ${SSL_CSR}" +openssl req -sha256 -new -key ${SSL_KEY} -out ${SSL_CSR} \ + -subj "/CN=${SSL_SUBJECT}" -config ${SSL_CONFIG} >/dev/null || exit 1 + +echo "====> Generating new SSL CERT ${SSL_CERT}" +openssl x509 -sha256 -req -in ${SSL_CSR} -CA ${CA_CERT} \ + -CAkey ${CA_KEY} -CAcreateserial -out ${SSL_CERT} \ + -days ${SSL_EXPIRE} -extensions v3_req \ + -extfile ${SSL_CONFIG} >/dev/null || exit 1 + +echo "====> Complete" \ No newline at end of file diff --git a/tools/certs/client.key b/tools/certs/client.key new file mode 100644 index 0000000..a50d888 --- /dev/null +++ b/tools/certs/client.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDfvqfOXHMpLhTJ +tLMtuZcU43DmDaQttUCx8/c3A1iLN0Z8PBKXvVAz0qkLdLE2+Of3ys3Og8Vdx0oT +qUGqxsrWYATnSGkOC3plNzgsoFi+deL7q7LGxtWBa/Nf4ib50pnUgK+47INjGzL7 +Tdq2b2jvOWWbcyPr2Chpg6nHHTcXupod2QiQBqf6lLnPsC4bYj3VeVmjTbYNeh3H +xVWtVtMByt0CfhauMX2QVHi7gD4AXLLMOFsbO9eVeg7ps4RKfUy0Uh97Pf75DE2t +0ZshoddrVgeJ0G6z/JMK3R/1QJf15cpocI9wskmPdnYm1OwkzFaOsUWnRDZpIPtB +uuDUj0o3AgMBAAECggEAbyBca+wS7nMKtBvhmmZBGYjVPA2ua11IopnPQS2SPqLX +iUC041SNjw+kEiKFGg6J99JsYZOk5SzkJ9u6170gZVUPWmfmdalRww+oANIrAX2/ +nMvsYTnENSGOoSLLxOzKpna70Bb4MrMBoTtL06yF67sQMiL/xlV3zOAt5M0n3cpM +Ho7nWvvr5zB48zlvhhoJHnTVXAGg/eq3ohxilwSZ0DesrvH4jAYMAX4enXKkjxur +4uxcn+r3y4N0ABqD3iUxukFAEMge3qMaUmFxtPlAZdCotv7cBk2vr4xMe8Pe3MFb +foQSHzWTwSC4IWOqW1PXz1BTpEmwuesQJrxLkLak0QKBgQD/fu2Pi1846UjgUXHV +pdNQjPyfWNpcWx2ZM+nmrc4+Oq/jFsqSfZMZ2ms+p2i6JcirlKdNWXKqQBNGlwxz +YwE/QoUjfU1JjaCCPrNbcr4Pygl0NaVfVOtnTEP3GcPIwKRNr77bceVSgduwGNXB +N80iY2hwRYfBzIJN6IObJQKOQwKBgQDgL6/7374DwE0nb5iguY+gB+7hEtKh+l++ ++ajHUyifsAy73MTGmbw6eJiMdUJ9B3P+q9KOOANY+sXvWgKQy/sWDZBQBPxV60GR +macoruHZmcWkdgmYVgJSehiFtX9mXXF9+xeoXG0FuS4KWhkvvzjYEBpEKS13DY9z +RrbeZZ5m/QKBgQCSbXRJKF9ShqC1rvfGslsBd0vxJ0M+WxoDi7Up98KT956GT7GZ +c06zKnL8XYWv6aewbmnT8se8uyxQ8JC6MKuuTblwNYft97Vd8AFrD7/N3MS+TWCR +2mFvuk3ZeHK0w3Nm8qo3qnb7amE184XOTuTKKJ7aeX7smwCzFecXK4bjcQKBgDdT +zYzNxSlL1j67TeGsqgOGsa+eY5lSHzsUhlDa9xWh7yKV84JIAqozhQJ1FfmhU0Ew +yoAK1tio2xydDDEMBmWE5264LEZQDxiN4TErJ9X6G0rhTrDn2R7dvxuQlWZ//Tho +NYh5dvaIoxIu9jRQbwjzwGe9+dh94j9C3nK4hYVJAoGBALHiJFGBuBq+P4RogLPJ +ttaFGJ/ZYsKxuTZaqAKI70qcslOUuLHGjJeIbSaENBm3VapnMuY5BDEwn8Y15fk2 +2cIoZTR+cQzqgTjnUdP3m2pD1E6Iq8laobwbMztz4k/TRUECoytpoTXEgxM40XYi +yiEA0sYmVqT/CyKUqE0SiM56 +-----END PRIVATE KEY----- diff --git a/tools/certs/client.pem b/tools/certs/client.pem new file mode 100644 index 0000000..69c51c7 --- /dev/null +++ b/tools/certs/client.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDTTCCAjWgAwIBAgIULCJR5eVMFHoHczif5d/mnBP9jMEwDQYJKoZIhvcNAQEL +BQAwFTETMBEGA1UEAwwKY2EtcHJvdmVyMTAeFw0yNDAzMjYxNjUwMTNaFw0zNDAz +MjQxNjUwMTNaMBExDzANBgNVBAMMBmNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAN++p85ccykuFMm0sy25lxTjcOYNpC21QLHz9zcDWIs3Rnw8 +Epe9UDPSqQt0sTb45/fKzc6DxV3HShOpQarGytZgBOdIaQ4LemU3OCygWL514vur +ssbG1YFr81/iJvnSmdSAr7jsg2MbMvtN2rZvaO85ZZtzI+vYKGmDqccdNxe6mh3Z +CJAGp/qUuc+wLhtiPdV5WaNNtg16HcfFVa1W0wHK3QJ+Fq4xfZBUeLuAPgBcssw4 +Wxs715V6DumzhEp9TLRSH3s9/vkMTa3RmyGh12tWB4nQbrP8kwrdH/VAl/Xlymhw +j3CySY92dibU7CTMVo6xRadENmkg+0G64NSPSjcCAwEAAaOBmDCBlTAJBgNVHRME +AjAAMAsGA1UdDwQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEw +HAYDVR0RBBUwE4IJbG9jYWxob3N0ggZjbGllbnQwHQYDVR0OBBYEFIS8TRRLsslj +bIYPUZc+KiAl9FcTMB8GA1UdIwQYMBaAFFKWz/78n2ijdZTavvmM0UVC7zldMA0G +CSqGSIb3DQEBCwUAA4IBAQA24bUA8hANiyqfpccK3lO2op6nisvwq8mGG6ltN9IG +FVLuvYM6u7ezuPk1uCwjFQYdluhrUEmGtezwvDiGdHF6n4dDvEbJWVAgsVHsB6uK +UONRKGabyNwqfxTS7cjUvREJ6QxgO+JZTz2BaUoR/K/e4lUBf6wAHd3gq90t6RJK +IH4ipN/UMLCcCP2lEX/AfDrB6Fuue9XxxnaAE5aX61C0u2ZFw0fq2D/6kAEQRuYv +g5GyNpOhmd6r9ANpjb3/DYG9dcG8K2IKC5+tqVc6XBPeiADY0ySv8s0kyAHNf8xd +4rsxxWpEHqySfIW0czJGH/WaHUQBYQVBplU7H9xGDUxS +-----END CERTIFICATE----- diff --git a/tools/certs/openssl.cnf b/tools/certs/openssl.cnf new file mode 100644 index 0000000..c9210a4 --- /dev/null +++ b/tools/certs/openssl.cnf @@ -0,0 +1,12 @@ +[req] +req_extensions = v3_req +distinguished_name = req_distinguished_name +[req_distinguished_name] +[ v3_req ] +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, serverAuth +subjectAltName = @alt_names +[alt_names] +DNS.1 = localhost +DNS.2 = client diff --git a/tools/certs/prover1.key b/tools/certs/prover1.key new file mode 100644 index 0000000..bc780ee --- /dev/null +++ b/tools/certs/prover1.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC29Am24CyooLzR +rJ7Td1pVJDje5X4XPNv1n9K7s1hC0WejBnUYUfB3OQhPBJrQDnEV75HgBYMh1rxj +EP1vYN4MO39WDZZd1GFZ8GS5HSuPvSRME+r2X+GkDfydeQGEF+26K8Ry020JRoUj +NQYLm5WsmD8msoNLqXrRo47XB1ojlyqVAirv1oOt30/4cBDgRulN/jlciLy/qufF +W3r1vrXl7LtEjpMFYd95H69ptDqGBhIXJYJxCkg4xj+dMZTEMpyA4eCKFuoHbXbl +UalVZ6Yhp0YvT5bRVI59uVST49aNvsU/3I9msvoGuV87cYTu/Qw71ZDSrcm5+C0q +w3AUT2AHAgMBAAECggEAKy42DL+kSriFWEeRxP9qhqXh9lncBMgMclCigEK4Fi0u +dL/Va0QLqVgAqgXANFL0ReUhXOpwJNB17jvYVS1buy9fwoO6dbLmtz+Rxk8oNOjD +ZGFfF39R1lKmyNQCk5bCOSqTVzaniYTnb4PYRW0XSoE0hoGjk3wQzOH5mK7Xi4Z/ +y8xA52Uhi9dyBDTZIBvuLeM64BZMred1xvaf1VcoGP3BijZGdYjtU96gncZjmVAy +/EVeRvW2MV1a3W04x4vD8vhrsm5l7nW1re3z4tGyZ5DtG5bKLC+j4u6RtTPiY1/s +inPxDLVXEIIirFSDTgaNR4iPdOEsFcGPbQLaukYIQQKBgQDo2AFBdD4jWbfB2VTD +U84LOEpvNrIzUSDsFN/d+QrCiTMGRBe9i9Oek4eZ4KAzGq/+bP+u8AQ3rhv0TkKb +WQvwhQdry1PLEk8R8LWO3DGS4Lx2I0XK1fip9OBLG9JPA6RE1Yu+6gwj2zoTrwRH +F5qgKCMwcuHDjH7a1piqSom+rwKBgQDJJd2MismuOz8Xj5nse1/wIKsaysq9h1y0 +8ke7PdyTCXrXGJCCQ1jZFIgOLjNRxKUduC0y1ApITGCbw1BR2cOkqAlZOXbq18wr +kKbuLA+GnxD/5uauVzdZNGaQhfHCeIWd1eJ3GsRMxZgAb4Khbp+ahAJ/Ikkg39vg +J8ZIlUMKKQKBgQDfyZuLWTnPqA8g1MzO3uENj5CayysCf1rxDC8NnKpmxo6v2wom +NxmxM4IEtwvBkkjMc95aOH0VNtXPPNhvjmoXRQQY6lciufoc+AjHwYIz9KOtt8EA +bh6M2ron9hlvr8RWFBg36aK5Y56yBGhMG7eVbn5DtmaeF45krhQUt4ckKQKBgF3s +qnkXzXjn/Vv5F/zO10t/VaZbDzRU4rszbr9F8ZtPD+ckd0X8QJ6M8cL9W8VQt3Eb +MS/Mx0hfMbVKDFVMBAj81fCt3pNmVNX645fPRyirWfrETO8Xlqa2yzWs9ejC8lFz +MB5Bh2v50DJT34GV8Dzsa2YGEnOhVEBlEjeOSxGRAoGAdg7tgheHCnPkSiDM4Rrk +Dts4RHydyxpIwHmo6oGySud/eZpDrnoKFvEwtvVdgOj+SIwHsU30hU/iwpHHfNQC +JM/kpoDag5b4ri4+Sv0ai+gNENoRVszQ39oEyHih3sn+A4h3l0EojQrSIr/tzZzX +7oXjwDy/YnRys9kl3WVqXbE= +-----END PRIVATE KEY----- diff --git a/tools/certs/prover1.pem b/tools/certs/prover1.pem new file mode 100644 index 0000000..83492f0 --- /dev/null +++ b/tools/certs/prover1.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDTzCCAjegAwIBAgIULCJR5eVMFHoHczif5d/mnBP9jL4wDQYJKoZIhvcNAQEL +BQAwFTETMBEGA1UEAwwKY2EtcHJvdmVyMTAeFw0yNDAzMjYxNjQ5NDhaFw0zNDAz +MjQxNjQ5NDhaMBIxEDAOBgNVBAMMB3Byb3ZlcjEwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQC29Am24CyooLzRrJ7Td1pVJDje5X4XPNv1n9K7s1hC0Wej +BnUYUfB3OQhPBJrQDnEV75HgBYMh1rxjEP1vYN4MO39WDZZd1GFZ8GS5HSuPvSRM +E+r2X+GkDfydeQGEF+26K8Ry020JRoUjNQYLm5WsmD8msoNLqXrRo47XB1ojlyqV +Airv1oOt30/4cBDgRulN/jlciLy/qufFW3r1vrXl7LtEjpMFYd95H69ptDqGBhIX +JYJxCkg4xj+dMZTEMpyA4eCKFuoHbXblUalVZ6Yhp0YvT5bRVI59uVST49aNvsU/ +3I9msvoGuV87cYTu/Qw71ZDSrcm5+C0qw3AUT2AHAgMBAAGjgZkwgZYwCQYDVR0T +BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB +MB0GA1UdEQQWMBSCCWxvY2FsaG9zdIIHcHJvdmVyMTAdBgNVHQ4EFgQUimbIZfmn +8pzQnd2rxLgCuuvng7MwHwYDVR0jBBgwFoAUUpbP/vyfaKN1lNq++YzRRULvOV0w +DQYJKoZIhvcNAQELBQADggEBAJiZV+7qf5/IBWz834Gqcwl2mG3nhMLKq1pVbyyN +gQWshbcAdTtBywGs7R/OvFJb41od9RpBaiqtd/7GtxHqGVnCVfzttCQOEx8LRSzS +uNQNTvu1lRivKyg6cqlrCea4NJzMTMMyoEK2527JS/HyM7g2aJk8a+RzW6jhS1us +TwpC52hRU9mCmv1YiLvLMjp+at2AkyemnggjKyPMTWcLgpG6hjq2UmZg/Ej3VEO7 +X9KDoN2CIA1ix5W0eIwtFqlj8oKx/TdxA3qV7NepfQceBgifOycmwP3AfUsZO5xw +ftbEM4ZNL/jJwHngTZV5eHM04WnKRJbbXLQOtenLOCf01qo= +-----END CERTIFICATE----- diff --git a/tools/certs/prover2.key b/tools/certs/prover2.key new file mode 100644 index 0000000..d26673e --- /dev/null +++ b/tools/certs/prover2.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDP6XsxIqlwR4cf +xWvRGqAJtQvsIa+PAOAmSNdvUCb5mslgkYvkKKQj2L1Dqh11ppdUzqsgyU2Bqspi +gUHfS08LZxuIe3LxNALTmjukSrS+xxJ8f2hF/T+y482oZ3J+34k/5eTRVDcghRu7 +7cfycRcWJ6r6rXviprh6MyHk2PEzffaytss6P01JXYwzNdQUyMwBkPdqEtI9OuxM +N6kZ73oNUGF2ZYe7ubldlBH9jcwEz4XHLzEYRK7ZKYSVY5UCvTGLK+QPBmiqvMFe +9plS7hrEn1HryGOFIPbgR5Kq/1qbvqyPlHkep61aH79cF/krWrgEX+NR1MVutQid +5TqAZGT/AgMBAAECggEAISvHE9fL4LYIwPDmer4cum/ALzRQpiglmvYUKRZIoZoo +dtfB0e0KAw4ZZCpH+PVTP5yZgOmdDAsLrxugPtftDIyuv9+yPvllWg1JZrTkkWuB +b4uEP2ZgO1JNBYk7ozJW23L6RsuA4BdcjWcqd2vDmy1JAiWbllWzKQvvZGuYT/aG +/P2h5uQ/6sz0LlIjfdGJSiRem99LZajjEFiYOsgJQQleEGfwe+iTjKEwu4S0iI8Z +uFnJIwaJWMtkUlTDtgVikmqf5vDutzg5icqgvo6NzHaOBSqcoh77yxldUzcc2rNX +DaR7haVJJ/qOVohzvDYi5bp4s+HvobWLJ/JbLRLNgQKBgQD69Cz8AospGHC9ERzG +iyb6ysw67H7Jidfla92M+evoXYsO5Qbcf48y8VAv727ZuX31+ZP+GQzwjbown9Wh +6DG/KR0lQYec5u7jZXYm5bruES1+bJxneSJmkXuBHeymevjW8dDrMZKo4BIK3qQF +LTx2G/lSm3ia00oOoggMw13eGQKBgQDUF7293tMeJHdQIVsEIxHgNKvXtdgEqX0P +RL4vPMzSsEtRi4rp0ZZ2O/cqzYwLPIocpV4NRb0FzZJDXbrZ9t6tJf6gmcP+r9n+ +DDP/B/P/k82grP1S5YQASyUtpNxAISjmofyGCg0EJuoZI8ZbsFAHo+k/d54Wig4E +CNoqB+WO1wKBgHWuvc2sL7Ak2vF+rdzZcn0XTvCu6MIAFzNqAupSZPOBsm1Yr4AF +fZSpHy5rfLMzTkNkN6dn/e5suAyHV7pmVbXMRPOsqDjG/u26Lc8N2jw75/aqXioT +3zL0NFOXQdvMPRcnLQ6uH5V8Bln8kDQxQ3Irqh6387W/MbJs/5Nkpoc5AoGAFiiQ +00h3aBvJN170wl7jnDgEiBnggsQuY6z77bV9dLmkdNWOYtVZ0ep77UXiTr45c7q3 +M83IbNXIZS9iuSj4pMBmdOL7vh0jOk6OFCQBkv8fKZ1JLiL6golXTgh+VljgjA/6 +cQqVx4xFQvEg5S1rfxDZ6p6VrqcnxbYjDOccTasCgYB8uEHi7RhLdTttjTCkyypR +Bo2uKzK1Krlh0TsfD4qH0CZhxHuI+izaF7YdFqdJA8Iz9xUSq5yUOZXWheEwboyu +v9ZlbKjcQTpXEJAzQdnVyWy/2sGP9HdrGYsQWLYf3Jf/oeS/+80r54uVIfeaHCQj +wrj/NYaSRbaozGz5xF8CEg== +-----END PRIVATE KEY----- diff --git a/tools/certs/prover2.pem b/tools/certs/prover2.pem new file mode 100644 index 0000000..6e1196e --- /dev/null +++ b/tools/certs/prover2.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDTzCCAjegAwIBAgIULCJR5eVMFHoHczif5d/mnBP9jL8wDQYJKoZIhvcNAQEL +BQAwFTETMBEGA1UEAwwKY2EtcHJvdmVyMTAeFw0yNDAzMjYxNjQ5NTJaFw0zNDAz +MjQxNjQ5NTJaMBIxEDAOBgNVBAMMB3Byb3ZlcjIwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQDP6XsxIqlwR4cfxWvRGqAJtQvsIa+PAOAmSNdvUCb5mslg +kYvkKKQj2L1Dqh11ppdUzqsgyU2BqspigUHfS08LZxuIe3LxNALTmjukSrS+xxJ8 +f2hF/T+y482oZ3J+34k/5eTRVDcghRu77cfycRcWJ6r6rXviprh6MyHk2PEzffay +tss6P01JXYwzNdQUyMwBkPdqEtI9OuxMN6kZ73oNUGF2ZYe7ubldlBH9jcwEz4XH +LzEYRK7ZKYSVY5UCvTGLK+QPBmiqvMFe9plS7hrEn1HryGOFIPbgR5Kq/1qbvqyP +lHkep61aH79cF/krWrgEX+NR1MVutQid5TqAZGT/AgMBAAGjgZkwgZYwCQYDVR0T +BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB +MB0GA1UdEQQWMBSCCWxvY2FsaG9zdIIHcHJvdmVyMjAdBgNVHQ4EFgQURKeKzItc +pq7/LSp2VAej0ygHt2IwHwYDVR0jBBgwFoAUUpbP/vyfaKN1lNq++YzRRULvOV0w +DQYJKoZIhvcNAQELBQADggEBAHCt4Vyuwl7qjV/kE3kgsB4uf8e6wybS/wmrgJEp +kYmMonodV5Rlo8sCaJS7/b5hNigAJuWlGHf6FPdat9PtEj3pLaNChOt2uoAQUxt2 +bpQhkFOGgR9pWsDL15ErVTe6zAdaIlDUiMn6qgzxH9tnUwce294e3m7jrZ8bbgNT +t2m+ppJpfN0j+t+9qMWcKwqWNF20A+Qq3VJg1X5CU9IyqW6uig8bQXzhqRTBBXhF +3WpoHbJ4jwNmiqkU8+pI1IG3DS0KfSMXqPllYWdZzIBZ4QTC70pAQ8mCGi2wGcxP +8l5yz1CWEqyIofR+hs+xOehwLAnMiNO/swr10bjs+9iFHSE= +-----END CERTIFICATE----- diff --git a/tools/certs/stage.key b/tools/certs/stage.key new file mode 100644 index 0000000..888c788 --- /dev/null +++ b/tools/certs/stage.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDOeBVqFPMC+00d +q0GM0QY/IQuhfm9gTdmU5O6cu1w2MzocGl6+XW/WTUTHNTbP+Rb7MhskSPzADVUe +TnHXx//Zqrz+ga7hNorv77PNLZwNQxQG5SPA89H9bKjgSFaG6JSjScdO3Mbp30yl +mt+eTU8BzAfDtsZMhkIjxXlTqbh8FKWgNHKwMH5V7ew1FhDgZcPIqzk8fn7OHmuC +b8NiaiDI27fdGVBqmto3icaRP24TNWQfU9jXCua6ISZ2fh9KN3xZ7neEDF7ciihG +/o+XmADQe1PqeYA1Wdrg/ONZKsZnIZtU6m//FXDhAaZaTIbjmHZcxn28YwOWG48R +cF4Hv0hnAgMBAAECggEACFU2YAqqaCNmUF06Dwncm62kv4bPze42atj2fGLfbNyS +atHxovM4cUi7DuMp7CjccZTrHYLImKOxHMEDvTa4L7vBVvA686H054wgEJbXpn1f +kIus7ruobPb2td6Vh2pZnWF75sXoTUYS3NgsUEJEfwkSAyccR7hfcPwmUmcWKAPG +uk1Y14ANxWNRWejjNsX91THlpowB2nqDVl5CqX7vlFl7Uj4JI2Ks5gp6XXHM/Ww7 +GfhKdQAdwx7o3acl0P3anZocB9oiHahLH/Ve9e44MSJXL360Pq3jMHPW7zDEKAwj +z8RMAq36E9bmW9MMY5n+hcLBz49J5yiY4nSyuSi4eQKBgQDyKbkp87Xxu35ngng6 +uvsJO4VAL1NGk1RcbC4eidHrg+mQ1z5p74JPeSfcHxO8tjCOZ9n15pHfT2ePsX3o +koqo9rG+usahVvdGVSTmCPUta0Jof/A4q7dTOvkjHVExMyHYqIrUSZjM21C6MWqa +QKTqM4/kN4sZ4ljwetcXgb0CTQKBgQDaRD4BIQzEaABWBlBMc7J8TLb5TIAQBCqS +oZIq0nBr7Q7VQ9xQtidSopF+07cetdjwmpiGxUAkPH4p1JUGmeWUoD09xkGU5Em7 +sJF3rtk1NlOBQeWKxF8VHgboTOnPMjptOFDrE3e6Zc1bx/W+smZrwuIMwsbuNTZG +aSZGolMHgwKBgH8EgXnOugVEKeYTGgr8HkZWcOscp5piFqKvn3UnJvNYan8tVzBr +jzcuPkkIB+s4yLk5IasIOEUgOhq1p2wAyTgcxVhcUWk421SJvmPmGOus0dVMHe0r +rGm8igbwDrE2t68ToFX/EGWLN4mh999WvumVCAlVVOHLxojEdeN/imsVAoGAHrMu +jXYal52RPohQzxAO8NDRg6sw8A/F9S3oo0FKMsP7LCAJYwjb6xGWqWIaBaXKR71W +6s3fwbkIfdW6yFzpH8iSFJhILSsW++FP9KeRQZzMjge4w5XvUccRbacz08La2PXs +28O3OW6MPfaYKCRrp4iXxve2h1bQtYKgsZqvVwUCgYAJI2Icnowy4BNovC5GLmKW +2Byj7k7V/pf0P1d0on8hKMoAMSijz59iRDC7Bh2JAqWZIqOvtyifT6YenGYrkYI4 +PZ8Efh+h7kFFzeNBLFKDwBnNxMpAaOaHr0OPZjmExA4oSY0cxi+NUjVQbFW5qwu3 +2zQGmWEqWeoAaDJwWwlGnQ== +-----END PRIVATE KEY----- diff --git a/tools/certs/stage.pem b/tools/certs/stage.pem new file mode 100644 index 0000000..7873302 --- /dev/null +++ b/tools/certs/stage.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSzCCAjOgAwIBAgIULCJR5eVMFHoHczif5d/mnBP9jMAwDQYJKoZIhvcNAQEL +BQAwFTETMBEGA1UEAwwKY2EtcHJvdmVyMTAeFw0yNDAzMjYxNjQ5NThaFw0zNDAz +MjQxNjQ5NThaMBAxDjAMBgNVBAMMBXN0YWdlMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAzngVahTzAvtNHatBjNEGPyELoX5vYE3ZlOTunLtcNjM6HBpe +vl1v1k1ExzU2z/kW+zIbJEj8wA1VHk5x18f/2aq8/oGu4TaK7++zzS2cDUMUBuUj +wPPR/Wyo4EhWhuiUo0nHTtzG6d9MpZrfnk1PAcwHw7bGTIZCI8V5U6m4fBSloDRy +sDB+Ve3sNRYQ4GXDyKs5PH5+zh5rgm/DYmogyNu33RlQapraN4nGkT9uEzVkH1PY +1wrmuiEmdn4fSjd8We53hAxe3IooRv6Pl5gA0HtT6nmANVna4PzjWSrGZyGbVOpv +/xVw4QGmWkyG45h2XMZ9vGMDlhuPEXBeB79IZwIDAQABo4GXMIGUMAkGA1UdEwQC +MAAwCwYDVR0PBAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAb +BgNVHREEFDASgglsb2NhbGhvc3SCBXN0YWdlMB0GA1UdDgQWBBTYnpIDnUPruI7m +F0TiVQxEj92PmDAfBgNVHSMEGDAWgBRSls/+/J9oo3WU2r75jNFFQu85XTANBgkq +hkiG9w0BAQsFAAOCAQEAFiyBpmK3n5aCmO5koaEzoMRukVisCGVFcL/rjafSph4O +UKmJTM/MX/q0esL/ZRUzWjeJWb3/jzdp8eLRxDW7y/kLAcVzLCc7D88qHSN3AuSy +Xv4rVJSjon36oO02tstQm9DxHDuX0IjAev9i/r64o/fgvlcOE/gn8WiJgAAkxaji +ElBFZUrW0T2HEgb++remW+i7gR6Yn+5agS3mpTqrTHtMc0ojmEDVT3z5LZT9JzuV +hk9PMlv27JMo3ZYplocKtNuRaGQJCg7PTSvP1p6gtgi5gdX0iw0kRR+nM2TEGtFf +Sx47kNh+JURnef/Ace61OhRj0m0p2GOW1/nb0PzgRg== +-----END CERTIFICATE----- From ba2e6b59610cbe3619772339004323a5a050a962 Mon Sep 17 00:00:00 2001 From: evan Date: Thu, 28 Mar 2024 14:39:58 +0000 Subject: [PATCH 02/12] add gen config bash support --- service/config/README.md | 19 ++++ service/config/gen_config.sh | 91 +++++++++++++++++++ service/config/prover1.toml | 4 - service/config/prover1_tls.toml | 7 -- service/config/prover2.toml | 4 - service/config/prover2_tls.toml | 7 -- service/config/prover_template.toml | 4 + service/config/prover_tls_template.toml | 7 ++ service/config/stage.toml | 4 - service/config/stage_template.toml | 4 + ...stage_tls.toml => stage_tls_template.toml} | 4 +- tools/certs/.csr | 16 ---- tools/certs/.key | 28 ------ tools/certs/.pem | 19 ---- tools/certs/ca.srl | 1 - tools/certs/client.key | 28 ------ tools/certs/client.pem | 20 ---- tools/certs/openssl.cnf | 12 --- tools/certs/prover1.key | 28 ------ tools/certs/prover1.pem | 20 ---- tools/certs/prover2.key | 28 ------ tools/certs/prover2.pem | 20 ---- tools/certs/stage.key | 28 ------ tools/certs/stage.pem | 20 ---- 24 files changed, 127 insertions(+), 296 deletions(-) create mode 100644 service/config/README.md create mode 100755 service/config/gen_config.sh delete mode 100644 service/config/prover1.toml delete mode 100644 service/config/prover1_tls.toml delete mode 100644 service/config/prover2.toml delete mode 100644 service/config/prover2_tls.toml create mode 100644 service/config/prover_template.toml create mode 100644 service/config/prover_tls_template.toml delete mode 100644 service/config/stage.toml create mode 100644 service/config/stage_template.toml rename service/config/{stage_tls.toml => stage_tls_template.toml} (65%) delete mode 100644 tools/certs/.csr delete mode 100644 tools/certs/.key delete mode 100644 tools/certs/.pem delete mode 100644 tools/certs/ca.srl delete mode 100644 tools/certs/client.key delete mode 100644 tools/certs/client.pem delete mode 100644 tools/certs/openssl.cnf delete mode 100644 tools/certs/prover1.key delete mode 100644 tools/certs/prover1.pem delete mode 100644 tools/certs/prover2.key delete mode 100644 tools/certs/prover2.pem delete mode 100644 tools/certs/stage.key delete mode 100644 tools/certs/stage.pem diff --git a/service/config/README.md b/service/config/README.md new file mode 100644 index 0000000..945560b --- /dev/null +++ b/service/config/README.md @@ -0,0 +1,19 @@ +# README + +## Description + +The script file `gen_config.sh` allow you generate multi prover toml in a easy way. + +First, you should set these variables according to your environment. + +- provers +- stage +- snarks +- tls +- base_dir + +Then you can run this script in below way. + +```bash +bash gen_config.sh +``` \ No newline at end of file diff --git a/service/config/gen_config.sh b/service/config/gen_config.sh new file mode 100755 index 0000000..f15b82c --- /dev/null +++ b/service/config/gen_config.sh @@ -0,0 +1,91 @@ +#!/bin/bash + +# You should provide some variable to use this config bash +provers=("localhost:50001" "localhost:50002") +stage="localhost:50000" +snarks=("localhost:50051") +tls=false +base_dir="/tmp/zkm/test/test_proof" + +# Generate tls certs +if [ "$tls" = true ]; then + IFS=':' read -r host port <<< "$stage" + cd ./../../tools/certs + bash certgen.sh --cn stage --ssl-dns $host + rm -rf stage.csr + id=1 + for prover in "${provers[@]}"; do + prover_name="prover${id}" + IFS=':' read -r host port <<< "$prover" + bash certgen.sh --cn $prover_name --ssl-dns $host + rm -rf ${prover_name}.csr + ((id++)) + done + rm -rf ca.srl + cd - +fi + +# Generate stage toml +# Read templeta content first +if [ "$tls" = true ]; then + stage_template_content=$(cat stage_tls_template.toml) +else + stage_template_content=$(cat stage_template.toml) +fi +stage_config="$stage_template_content" +stage_config="${stage_config//\{\{addr\}\}/${stage}}" +# generate prover addrs +prover_addrs="" +for prover in "${provers[@]}"; do + if [ -z "$result" ]; then + prover_addrs="$prover" + else + prover_addrs="$prover_addrs, \"$prover\"" + fi +done +stage_config="${stage_config//\{\{prover_addrs\}\}/\"${prover_addrs}\"}" +# generate snark addrs +snark_addrs="" +for snark in "${snarks[@]}"; do + if [ -z "$result" ]; then + snark_addrs="$snark" + else + snark_addrs="$prover_addrs, \"$snark\"" + fi +done +stage_config="${stage_config//\{\{snark_addrs\}\}/\"${snark_addrs}\"}" +if [ "$tls" = true ]; then + echo "$stage_config" > stage_tls.toml +else + echo "$stage_config" > stage.toml +fi + +# Generate provers toml +# Read templeta content first +if [ "$tls" = true ]; then + prover_template_content=$(cat prover_tls_template.toml) +else + prover_template_content=$(cat prover_template.toml) +fi + +id=1 +for prover in "${provers[@]}"; do + if [ "$tls" = true ]; then + prover_path="prover${id}_tls.toml" + else + prover_path="prover${id}.toml" + fi + IFS=':' read -r host port <<< "$prover" + prover_config="$prover_template_content" + addr="0.0.0.0:${port}" + prover_config="${prover_config//\{\{addr\}\}/${addr}}" + prover_config="${prover_config//\{\{prover_addrs\}\}/\"${addr}\"}" + prover_config="${prover_config//\{\{base_dir\}\}/${base_dir}}" + prover_config="${prover_config//\{\{prover_name\}\}/prover${id}}" + if [ "$tls" = true ]; then + echo "$prover_config" > "prover${id}_tls.toml" + else + echo "$prover_config" > "prover${id}.toml" + fi + ((id++)) +done diff --git a/service/config/prover1.toml b/service/config/prover1.toml deleted file mode 100644 index 964c609..0000000 --- a/service/config/prover1.toml +++ /dev/null @@ -1,4 +0,0 @@ -addr = "0.0.0.0:50001" -prover_addrs = ["127.0.0.1:50001"] -snark_addrs = [] -base_dir = "/tmp/zkm/test/test_proof" \ No newline at end of file diff --git a/service/config/prover1_tls.toml b/service/config/prover1_tls.toml deleted file mode 100644 index 771502b..0000000 --- a/service/config/prover1_tls.toml +++ /dev/null @@ -1,7 +0,0 @@ -addr = "0.0.0.0:50001" -prover_addrs = ["localhost:50001"] -snark_addrs = [] -base_dir = "/tmp/zkm/test/test_proof" -ca_cert_path = "tools/certs/ca.pem" -cert_path = "tools/certs/prover1.pem" -key_path = "tools/certs/prover1.key" \ No newline at end of file diff --git a/service/config/prover2.toml b/service/config/prover2.toml deleted file mode 100644 index 8910d91..0000000 --- a/service/config/prover2.toml +++ /dev/null @@ -1,4 +0,0 @@ -addr = "0.0.0.0:50002" -prover_addrs = ["127.0.0.1:50002"] -snark_addrs = [] -base_dir = "/tmp/zkm/test/test_proof" \ No newline at end of file diff --git a/service/config/prover2_tls.toml b/service/config/prover2_tls.toml deleted file mode 100644 index 8830409..0000000 --- a/service/config/prover2_tls.toml +++ /dev/null @@ -1,7 +0,0 @@ -addr = "0.0.0.0:50002" -prover_addrs = ["localhost:50002"] -snark_addrs = [] -base_dir = "/tmp/zkm/test/test_proof" -ca_cert_path = "tools/certs/ca.pem" -cert_path = "tools/certs/prover2.pem" -key_path = "tools/certs/prover2.key" \ No newline at end of file diff --git a/service/config/prover_template.toml b/service/config/prover_template.toml new file mode 100644 index 0000000..021ec64 --- /dev/null +++ b/service/config/prover_template.toml @@ -0,0 +1,4 @@ +addr = "{{addr}}" +prover_addrs = [{{prover_addrs}}] +snark_addrs = [] +base_dir = "{{base_dir}}" \ No newline at end of file diff --git a/service/config/prover_tls_template.toml b/service/config/prover_tls_template.toml new file mode 100644 index 0000000..f51d074 --- /dev/null +++ b/service/config/prover_tls_template.toml @@ -0,0 +1,7 @@ +addr = "{{addr}}" +prover_addrs = [{{prover_addrs}}] +snark_addrs = [] +base_dir = "{{base_dir}}" +ca_cert_path = "tools/certs/ca.pem" +cert_path = "tools/certs/{{prover_name}}.pem" +key_path = "tools/certs/{{prover_name}}.key" \ No newline at end of file diff --git a/service/config/stage.toml b/service/config/stage.toml deleted file mode 100644 index 31c09a2..0000000 --- a/service/config/stage.toml +++ /dev/null @@ -1,4 +0,0 @@ -addr = "0.0.0.0:50000" -prover_addrs = ["127.0.0.1:50001", "127.0.0.1:50002"] -snark_addrs = ["127.0.0.1:50051"] -base_dir = "/tmp/zkm/test/test_proof" \ No newline at end of file diff --git a/service/config/stage_template.toml b/service/config/stage_template.toml new file mode 100644 index 0000000..53e8a4a --- /dev/null +++ b/service/config/stage_template.toml @@ -0,0 +1,4 @@ +addr = "{{addr}}" +prover_addrs = [{{prover_addrs}}] +snark_addrs = [{{snark_addrs}}] +base_dir = "/tmp/zkm/test/test_proof" \ No newline at end of file diff --git a/service/config/stage_tls.toml b/service/config/stage_tls_template.toml similarity index 65% rename from service/config/stage_tls.toml rename to service/config/stage_tls_template.toml index 77a3d15..f2d44fd 100644 --- a/service/config/stage_tls.toml +++ b/service/config/stage_tls_template.toml @@ -1,6 +1,6 @@ addr = "0.0.0.0:50000" -prover_addrs = ["localhost:50001", "localhost:50002"] -snark_addrs = ["localhost:50051"] +prover_addrs = ["127.0.0.1:50001", "127.0.0.1:50002"] +snark_addrs = ["127.0.0.1:50051"] base_dir = "/tmp/zkm/test/test_proof" ca_cert_path = "tools/certs/ca.pem" cert_path = "tools/certs/stage.pem" diff --git a/tools/certs/.csr b/tools/certs/.csr deleted file mode 100644 index d862263..0000000 --- a/tools/certs/.csr +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICjTCCAXUCAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM7e -KTV8wk/6+jXYUKNATT6m1kKODZRUXvYX7+fNffDJ0MlQSaUlp23xEph6BepQF9s8 -Jwu38FD++zVXnO8Bp6abzH87+JbXc3Df3sT9Y1cgFQ8SDSGBsvcV+3mUkP3OMm3e -k2Ms91hf1p/lUnwNVaX8529INTVFw6ZJ7zCvXc3jz5cAesXNlk6Em4gpiqhksPN7 -B/GZfMmJDCRWjJmJb7nL2S/Zn7tJWh+RkBAK6SAOj5zK8TS/c0rNR381I/Nxj7Nd -CZZVLPdgbeso9H4fUDB354xTOQztNRQmcv3BYNd7OWJ6mmHDK6vSFaFuUsoBGnES -EHBTdfeguUo6hTpn540CAwEAAaBIMEYGCSqGSIb3DQEJDjE5MDcwCQYDVR0TBAIw -ADALBgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0G -CSqGSIb3DQEBCwUAA4IBAQAQJFCdlpBbp+3MQZWLxSUjfztdKxUNtlYK6TS4vGkF -TrgsBhup/o2dldZLTfRqEIFOkCyU5oAY/aj0dZzrw4Q1//1pBiQcBhppPa5wdnWW -DQTLqDA0N6iHKO1Fvq44PxftCmp8BJGMg0qHyNwZVOpfWZ14lByYurQQqTn71i4G -JZXNjg1IdlCJXJn61H9yQ4uApU5SKYWzwyHyPuZqBjy9MeZ515UQhziN8ktwQA1a -XRuwQTyXTsaiPFF3ISJQrtYfU36VHnBvk+NHLlrSCLcCtlrMbfLRUWJRnvFiR8Uj -cr03NqAnwTy8wL4YMHHZTv/3UbV5fAp5l+HJ+9LjVefX ------END CERTIFICATE REQUEST----- diff --git a/tools/certs/.key b/tools/certs/.key deleted file mode 100644 index c63565d..0000000 --- a/tools/certs/.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDO3ik1fMJP+vo1 -2FCjQE0+ptZCjg2UVF72F+/nzX3wydDJUEmlJadt8RKYegXqUBfbPCcLt/BQ/vs1 -V5zvAaemm8x/O/iW13Nw397E/WNXIBUPEg0hgbL3Fft5lJD9zjJt3pNjLPdYX9af -5VJ8DVWl/OdvSDU1RcOmSe8wr13N48+XAHrFzZZOhJuIKYqoZLDzewfxmXzJiQwk -VoyZiW+5y9kv2Z+7SVofkZAQCukgDo+cyvE0v3NKzUd/NSPzcY+zXQmWVSz3YG3r -KPR+H1Awd+eMUzkM7TUUJnL9wWDXezliepphwyur0hWhblLKARpxEhBwU3X3oLlK -OoU6Z+eNAgMBAAECggEAWkMGYQ+4KzS7ww3JFYpDihA60dxwoWV079T++Too9wzf -/E77a0M0PFzhO8WWWigrWJ30/YB7K6QuERbS41hqAeDeCDAvJgYJGVmdNn/HPidB -+QrrztBsObKOQPzpjMzRJS5mSfI/VICwwaDKblVVJzFj/CLaEI4Jsb91zdzexawV -s3FELLTFb7gDwokMmD+vQUajMc9oicOO5JujOLvyQ+k1UOJk7j+VU90FvTIxkDdj -ngSycWaXgXyMUVqupUYs+inufxJNa9End6VdrcaA7HFxDsX5G9+7SIN7zXdp5V6g -sNmmYV+GPRL/IIJVJGSCoHD7eBaV1tFkICJoUt7bUwKBgQDrMy9EN7WTnoJyg2N5 -yPK/32bv1DR69H/Fco01rmKZ62JsK/9Q0Ypgbh6m1McPZRJ7giCIDJuEf3od8Ao9 -1HIahDuFxDciLxV7nlpK718MzfDoPModmFhspQ1iqemINbHu6pyfPGxLPzXYOoBB -W6oQ5dpu8u0aapbm8AkGgVMOCwKBgQDhKYzrEXQkuGtyH7xYy1FFChaoyp6E49/D -H4ny3faV/pSsUk9qwQH5kXxHZV56Ln+opOgdrYE7TkNU6G2Uz49STWL13t4RY2OR -Uwa4P1GXVkbwIBnHryQAwZQ4S9Qp3Ax17HTWOu3XSG1GAV1b9U0od05aW4KDhSGb -3zVqo98XxwKBgQDo39gH6kTdcY9lRJQkzAMWWWL5SRnhN96ep+oK4av9DGN6CSIV -ajNhgQbWVkz2ADQJl/EP47PDv9gwdjAdwhBsEstAieOw8/+IU2TBVzq8WdgSicXx -AZtjjxSuwN9aHxgbH66Nt2zeICr2+g1tKQ49Buh8/AgpJKpe5AF7sGaEuwKBgGtY -0OtdVd8P4YH2aWh3/pYIukbc2viGX676QV19v0tBpYYGdAB0Zkmit/qd9I4RzyEL -BfLoPn2U0XsQmPXigvT9GhoYmAz4Mocda026Ol8JbiabV08hS+vkXpL8a/lNBM/P -3OAqFiyWRiqjCeyGpbOONdfUWwPzG9PhdekSmZEPAoGBAIyxeY5VEUgBs0cDk2Wa -eE5TflTGxXtkJOCYa0dUwXstF9gbh5fGDsKAe0V1pQ8JvzpoJrUPADOlRORdDLZZ -8G2c3E1fnM+yq6p4rUIl0Oz/NBHnpSmzHBqsdRBC9NXR4WYhqEluaS5zbmKtkQMo -t1aDuvYuBgyprBZdyDN8IRZX ------END PRIVATE KEY----- diff --git a/tools/certs/.pem b/tools/certs/.pem deleted file mode 100644 index afbc2e1..0000000 --- a/tools/certs/.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDFTCCAf2gAwIBAgIUF3SUSQ185FWJQ4h5pZ3EDT1SNwUwDQYJKoZIhvcNAQEL -BQAwDjEMMAoGA1UEAwwDY2EtMB4XDTI0MDMyNjE2NDExNVoXDTM0MDMyNDE2NDEx -NVowADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM7eKTV8wk/6+jXY -UKNATT6m1kKODZRUXvYX7+fNffDJ0MlQSaUlp23xEph6BepQF9s8Jwu38FD++zVX -nO8Bp6abzH87+JbXc3Df3sT9Y1cgFQ8SDSGBsvcV+3mUkP3OMm3ek2Ms91hf1p/l -UnwNVaX8529INTVFw6ZJ7zCvXc3jz5cAesXNlk6Em4gpiqhksPN7B/GZfMmJDCRW -jJmJb7nL2S/Zn7tJWh+RkBAK6SAOj5zK8TS/c0rNR381I/Nxj7NdCZZVLPdgbeso -9H4fUDB354xTOQztNRQmcv3BYNd7OWJ6mmHDK6vSFaFuUsoBGnESEHBTdfeguUo6 -hTpn540CAwEAAaN5MHcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0lBBYw -FAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdDgQWBBSJx3CkN5S+CS9XwzXKQx8y -4PvruDAfBgNVHSMEGDAWgBRISFrALUMNyE96vIQdz1/HZkRjATANBgkqhkiG9w0B -AQsFAAOCAQEALZsZ0Axshirwv+bEm4s3W7QoG4uD6Rle/e3HwZGjVxSQYrvvGLdW -Foj5696/G2yxjP1aXUpEIHRZ3e3OEBExVjO9DCXcRHelY3U9sm27H9tdUSWNth2b -FTaKS7kMrzB6hpXk/uI1WoYOVgLhh83nXXL1vJsOFWJ5UiLPKLRcLSNm+2tswJv3 -URGqfsArZrCtVulW8JNcgeQhXQ8wwqhJ4Cug7Mh9oqqtZSTcmgehhQxl8IbBvjId -G6HD2347JfU1wlDSKTMzGOTRyoLTtiJGqkgmElAzmbA3RlaICUlTCuwaVTDrzmsL -88DvRhfLU0uFkwE357E7zJhbQCwkQKi1fA== ------END CERTIFICATE----- diff --git a/tools/certs/ca.srl b/tools/certs/ca.srl deleted file mode 100644 index 087e656..0000000 --- a/tools/certs/ca.srl +++ /dev/null @@ -1 +0,0 @@ -2C2251E5E54C147A0773389FE5DFE69C13FD8CC1 diff --git a/tools/certs/client.key b/tools/certs/client.key deleted file mode 100644 index a50d888..0000000 --- a/tools/certs/client.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDfvqfOXHMpLhTJ -tLMtuZcU43DmDaQttUCx8/c3A1iLN0Z8PBKXvVAz0qkLdLE2+Of3ys3Og8Vdx0oT -qUGqxsrWYATnSGkOC3plNzgsoFi+deL7q7LGxtWBa/Nf4ib50pnUgK+47INjGzL7 -Tdq2b2jvOWWbcyPr2Chpg6nHHTcXupod2QiQBqf6lLnPsC4bYj3VeVmjTbYNeh3H -xVWtVtMByt0CfhauMX2QVHi7gD4AXLLMOFsbO9eVeg7ps4RKfUy0Uh97Pf75DE2t -0ZshoddrVgeJ0G6z/JMK3R/1QJf15cpocI9wskmPdnYm1OwkzFaOsUWnRDZpIPtB -uuDUj0o3AgMBAAECggEAbyBca+wS7nMKtBvhmmZBGYjVPA2ua11IopnPQS2SPqLX -iUC041SNjw+kEiKFGg6J99JsYZOk5SzkJ9u6170gZVUPWmfmdalRww+oANIrAX2/ -nMvsYTnENSGOoSLLxOzKpna70Bb4MrMBoTtL06yF67sQMiL/xlV3zOAt5M0n3cpM -Ho7nWvvr5zB48zlvhhoJHnTVXAGg/eq3ohxilwSZ0DesrvH4jAYMAX4enXKkjxur -4uxcn+r3y4N0ABqD3iUxukFAEMge3qMaUmFxtPlAZdCotv7cBk2vr4xMe8Pe3MFb -foQSHzWTwSC4IWOqW1PXz1BTpEmwuesQJrxLkLak0QKBgQD/fu2Pi1846UjgUXHV -pdNQjPyfWNpcWx2ZM+nmrc4+Oq/jFsqSfZMZ2ms+p2i6JcirlKdNWXKqQBNGlwxz -YwE/QoUjfU1JjaCCPrNbcr4Pygl0NaVfVOtnTEP3GcPIwKRNr77bceVSgduwGNXB -N80iY2hwRYfBzIJN6IObJQKOQwKBgQDgL6/7374DwE0nb5iguY+gB+7hEtKh+l++ -+ajHUyifsAy73MTGmbw6eJiMdUJ9B3P+q9KOOANY+sXvWgKQy/sWDZBQBPxV60GR -macoruHZmcWkdgmYVgJSehiFtX9mXXF9+xeoXG0FuS4KWhkvvzjYEBpEKS13DY9z -RrbeZZ5m/QKBgQCSbXRJKF9ShqC1rvfGslsBd0vxJ0M+WxoDi7Up98KT956GT7GZ -c06zKnL8XYWv6aewbmnT8se8uyxQ8JC6MKuuTblwNYft97Vd8AFrD7/N3MS+TWCR -2mFvuk3ZeHK0w3Nm8qo3qnb7amE184XOTuTKKJ7aeX7smwCzFecXK4bjcQKBgDdT -zYzNxSlL1j67TeGsqgOGsa+eY5lSHzsUhlDa9xWh7yKV84JIAqozhQJ1FfmhU0Ew -yoAK1tio2xydDDEMBmWE5264LEZQDxiN4TErJ9X6G0rhTrDn2R7dvxuQlWZ//Tho -NYh5dvaIoxIu9jRQbwjzwGe9+dh94j9C3nK4hYVJAoGBALHiJFGBuBq+P4RogLPJ -ttaFGJ/ZYsKxuTZaqAKI70qcslOUuLHGjJeIbSaENBm3VapnMuY5BDEwn8Y15fk2 -2cIoZTR+cQzqgTjnUdP3m2pD1E6Iq8laobwbMztz4k/TRUECoytpoTXEgxM40XYi -yiEA0sYmVqT/CyKUqE0SiM56 ------END PRIVATE KEY----- diff --git a/tools/certs/client.pem b/tools/certs/client.pem deleted file mode 100644 index 69c51c7..0000000 --- a/tools/certs/client.pem +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDTTCCAjWgAwIBAgIULCJR5eVMFHoHczif5d/mnBP9jMEwDQYJKoZIhvcNAQEL -BQAwFTETMBEGA1UEAwwKY2EtcHJvdmVyMTAeFw0yNDAzMjYxNjUwMTNaFw0zNDAz -MjQxNjUwMTNaMBExDzANBgNVBAMMBmNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBAN++p85ccykuFMm0sy25lxTjcOYNpC21QLHz9zcDWIs3Rnw8 -Epe9UDPSqQt0sTb45/fKzc6DxV3HShOpQarGytZgBOdIaQ4LemU3OCygWL514vur -ssbG1YFr81/iJvnSmdSAr7jsg2MbMvtN2rZvaO85ZZtzI+vYKGmDqccdNxe6mh3Z -CJAGp/qUuc+wLhtiPdV5WaNNtg16HcfFVa1W0wHK3QJ+Fq4xfZBUeLuAPgBcssw4 -Wxs715V6DumzhEp9TLRSH3s9/vkMTa3RmyGh12tWB4nQbrP8kwrdH/VAl/Xlymhw -j3CySY92dibU7CTMVo6xRadENmkg+0G64NSPSjcCAwEAAaOBmDCBlTAJBgNVHRME -AjAAMAsGA1UdDwQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEw -HAYDVR0RBBUwE4IJbG9jYWxob3N0ggZjbGllbnQwHQYDVR0OBBYEFIS8TRRLsslj -bIYPUZc+KiAl9FcTMB8GA1UdIwQYMBaAFFKWz/78n2ijdZTavvmM0UVC7zldMA0G -CSqGSIb3DQEBCwUAA4IBAQA24bUA8hANiyqfpccK3lO2op6nisvwq8mGG6ltN9IG -FVLuvYM6u7ezuPk1uCwjFQYdluhrUEmGtezwvDiGdHF6n4dDvEbJWVAgsVHsB6uK -UONRKGabyNwqfxTS7cjUvREJ6QxgO+JZTz2BaUoR/K/e4lUBf6wAHd3gq90t6RJK -IH4ipN/UMLCcCP2lEX/AfDrB6Fuue9XxxnaAE5aX61C0u2ZFw0fq2D/6kAEQRuYv -g5GyNpOhmd6r9ANpjb3/DYG9dcG8K2IKC5+tqVc6XBPeiADY0ySv8s0kyAHNf8xd -4rsxxWpEHqySfIW0czJGH/WaHUQBYQVBplU7H9xGDUxS ------END CERTIFICATE----- diff --git a/tools/certs/openssl.cnf b/tools/certs/openssl.cnf deleted file mode 100644 index c9210a4..0000000 --- a/tools/certs/openssl.cnf +++ /dev/null @@ -1,12 +0,0 @@ -[req] -req_extensions = v3_req -distinguished_name = req_distinguished_name -[req_distinguished_name] -[ v3_req ] -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = @alt_names -[alt_names] -DNS.1 = localhost -DNS.2 = client diff --git a/tools/certs/prover1.key b/tools/certs/prover1.key deleted file mode 100644 index bc780ee..0000000 --- a/tools/certs/prover1.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC29Am24CyooLzR -rJ7Td1pVJDje5X4XPNv1n9K7s1hC0WejBnUYUfB3OQhPBJrQDnEV75HgBYMh1rxj -EP1vYN4MO39WDZZd1GFZ8GS5HSuPvSRME+r2X+GkDfydeQGEF+26K8Ry020JRoUj -NQYLm5WsmD8msoNLqXrRo47XB1ojlyqVAirv1oOt30/4cBDgRulN/jlciLy/qufF -W3r1vrXl7LtEjpMFYd95H69ptDqGBhIXJYJxCkg4xj+dMZTEMpyA4eCKFuoHbXbl -UalVZ6Yhp0YvT5bRVI59uVST49aNvsU/3I9msvoGuV87cYTu/Qw71ZDSrcm5+C0q -w3AUT2AHAgMBAAECggEAKy42DL+kSriFWEeRxP9qhqXh9lncBMgMclCigEK4Fi0u -dL/Va0QLqVgAqgXANFL0ReUhXOpwJNB17jvYVS1buy9fwoO6dbLmtz+Rxk8oNOjD -ZGFfF39R1lKmyNQCk5bCOSqTVzaniYTnb4PYRW0XSoE0hoGjk3wQzOH5mK7Xi4Z/ -y8xA52Uhi9dyBDTZIBvuLeM64BZMred1xvaf1VcoGP3BijZGdYjtU96gncZjmVAy -/EVeRvW2MV1a3W04x4vD8vhrsm5l7nW1re3z4tGyZ5DtG5bKLC+j4u6RtTPiY1/s -inPxDLVXEIIirFSDTgaNR4iPdOEsFcGPbQLaukYIQQKBgQDo2AFBdD4jWbfB2VTD -U84LOEpvNrIzUSDsFN/d+QrCiTMGRBe9i9Oek4eZ4KAzGq/+bP+u8AQ3rhv0TkKb -WQvwhQdry1PLEk8R8LWO3DGS4Lx2I0XK1fip9OBLG9JPA6RE1Yu+6gwj2zoTrwRH -F5qgKCMwcuHDjH7a1piqSom+rwKBgQDJJd2MismuOz8Xj5nse1/wIKsaysq9h1y0 -8ke7PdyTCXrXGJCCQ1jZFIgOLjNRxKUduC0y1ApITGCbw1BR2cOkqAlZOXbq18wr -kKbuLA+GnxD/5uauVzdZNGaQhfHCeIWd1eJ3GsRMxZgAb4Khbp+ahAJ/Ikkg39vg -J8ZIlUMKKQKBgQDfyZuLWTnPqA8g1MzO3uENj5CayysCf1rxDC8NnKpmxo6v2wom -NxmxM4IEtwvBkkjMc95aOH0VNtXPPNhvjmoXRQQY6lciufoc+AjHwYIz9KOtt8EA -bh6M2ron9hlvr8RWFBg36aK5Y56yBGhMG7eVbn5DtmaeF45krhQUt4ckKQKBgF3s -qnkXzXjn/Vv5F/zO10t/VaZbDzRU4rszbr9F8ZtPD+ckd0X8QJ6M8cL9W8VQt3Eb -MS/Mx0hfMbVKDFVMBAj81fCt3pNmVNX645fPRyirWfrETO8Xlqa2yzWs9ejC8lFz -MB5Bh2v50DJT34GV8Dzsa2YGEnOhVEBlEjeOSxGRAoGAdg7tgheHCnPkSiDM4Rrk -Dts4RHydyxpIwHmo6oGySud/eZpDrnoKFvEwtvVdgOj+SIwHsU30hU/iwpHHfNQC -JM/kpoDag5b4ri4+Sv0ai+gNENoRVszQ39oEyHih3sn+A4h3l0EojQrSIr/tzZzX -7oXjwDy/YnRys9kl3WVqXbE= ------END PRIVATE KEY----- diff --git a/tools/certs/prover1.pem b/tools/certs/prover1.pem deleted file mode 100644 index 83492f0..0000000 --- a/tools/certs/prover1.pem +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDTzCCAjegAwIBAgIULCJR5eVMFHoHczif5d/mnBP9jL4wDQYJKoZIhvcNAQEL -BQAwFTETMBEGA1UEAwwKY2EtcHJvdmVyMTAeFw0yNDAzMjYxNjQ5NDhaFw0zNDAz -MjQxNjQ5NDhaMBIxEDAOBgNVBAMMB3Byb3ZlcjEwggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQC29Am24CyooLzRrJ7Td1pVJDje5X4XPNv1n9K7s1hC0Wej -BnUYUfB3OQhPBJrQDnEV75HgBYMh1rxjEP1vYN4MO39WDZZd1GFZ8GS5HSuPvSRM -E+r2X+GkDfydeQGEF+26K8Ry020JRoUjNQYLm5WsmD8msoNLqXrRo47XB1ojlyqV -Airv1oOt30/4cBDgRulN/jlciLy/qufFW3r1vrXl7LtEjpMFYd95H69ptDqGBhIX -JYJxCkg4xj+dMZTEMpyA4eCKFuoHbXblUalVZ6Yhp0YvT5bRVI59uVST49aNvsU/ -3I9msvoGuV87cYTu/Qw71ZDSrcm5+C0qw3AUT2AHAgMBAAGjgZkwgZYwCQYDVR0T -BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB -MB0GA1UdEQQWMBSCCWxvY2FsaG9zdIIHcHJvdmVyMTAdBgNVHQ4EFgQUimbIZfmn -8pzQnd2rxLgCuuvng7MwHwYDVR0jBBgwFoAUUpbP/vyfaKN1lNq++YzRRULvOV0w -DQYJKoZIhvcNAQELBQADggEBAJiZV+7qf5/IBWz834Gqcwl2mG3nhMLKq1pVbyyN -gQWshbcAdTtBywGs7R/OvFJb41od9RpBaiqtd/7GtxHqGVnCVfzttCQOEx8LRSzS -uNQNTvu1lRivKyg6cqlrCea4NJzMTMMyoEK2527JS/HyM7g2aJk8a+RzW6jhS1us -TwpC52hRU9mCmv1YiLvLMjp+at2AkyemnggjKyPMTWcLgpG6hjq2UmZg/Ej3VEO7 -X9KDoN2CIA1ix5W0eIwtFqlj8oKx/TdxA3qV7NepfQceBgifOycmwP3AfUsZO5xw -ftbEM4ZNL/jJwHngTZV5eHM04WnKRJbbXLQOtenLOCf01qo= ------END CERTIFICATE----- diff --git a/tools/certs/prover2.key b/tools/certs/prover2.key deleted file mode 100644 index d26673e..0000000 --- a/tools/certs/prover2.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDP6XsxIqlwR4cf -xWvRGqAJtQvsIa+PAOAmSNdvUCb5mslgkYvkKKQj2L1Dqh11ppdUzqsgyU2Bqspi -gUHfS08LZxuIe3LxNALTmjukSrS+xxJ8f2hF/T+y482oZ3J+34k/5eTRVDcghRu7 -7cfycRcWJ6r6rXviprh6MyHk2PEzffaytss6P01JXYwzNdQUyMwBkPdqEtI9OuxM -N6kZ73oNUGF2ZYe7ubldlBH9jcwEz4XHLzEYRK7ZKYSVY5UCvTGLK+QPBmiqvMFe -9plS7hrEn1HryGOFIPbgR5Kq/1qbvqyPlHkep61aH79cF/krWrgEX+NR1MVutQid -5TqAZGT/AgMBAAECggEAISvHE9fL4LYIwPDmer4cum/ALzRQpiglmvYUKRZIoZoo -dtfB0e0KAw4ZZCpH+PVTP5yZgOmdDAsLrxugPtftDIyuv9+yPvllWg1JZrTkkWuB -b4uEP2ZgO1JNBYk7ozJW23L6RsuA4BdcjWcqd2vDmy1JAiWbllWzKQvvZGuYT/aG -/P2h5uQ/6sz0LlIjfdGJSiRem99LZajjEFiYOsgJQQleEGfwe+iTjKEwu4S0iI8Z -uFnJIwaJWMtkUlTDtgVikmqf5vDutzg5icqgvo6NzHaOBSqcoh77yxldUzcc2rNX -DaR7haVJJ/qOVohzvDYi5bp4s+HvobWLJ/JbLRLNgQKBgQD69Cz8AospGHC9ERzG -iyb6ysw67H7Jidfla92M+evoXYsO5Qbcf48y8VAv727ZuX31+ZP+GQzwjbown9Wh -6DG/KR0lQYec5u7jZXYm5bruES1+bJxneSJmkXuBHeymevjW8dDrMZKo4BIK3qQF -LTx2G/lSm3ia00oOoggMw13eGQKBgQDUF7293tMeJHdQIVsEIxHgNKvXtdgEqX0P -RL4vPMzSsEtRi4rp0ZZ2O/cqzYwLPIocpV4NRb0FzZJDXbrZ9t6tJf6gmcP+r9n+ -DDP/B/P/k82grP1S5YQASyUtpNxAISjmofyGCg0EJuoZI8ZbsFAHo+k/d54Wig4E -CNoqB+WO1wKBgHWuvc2sL7Ak2vF+rdzZcn0XTvCu6MIAFzNqAupSZPOBsm1Yr4AF -fZSpHy5rfLMzTkNkN6dn/e5suAyHV7pmVbXMRPOsqDjG/u26Lc8N2jw75/aqXioT -3zL0NFOXQdvMPRcnLQ6uH5V8Bln8kDQxQ3Irqh6387W/MbJs/5Nkpoc5AoGAFiiQ -00h3aBvJN170wl7jnDgEiBnggsQuY6z77bV9dLmkdNWOYtVZ0ep77UXiTr45c7q3 -M83IbNXIZS9iuSj4pMBmdOL7vh0jOk6OFCQBkv8fKZ1JLiL6golXTgh+VljgjA/6 -cQqVx4xFQvEg5S1rfxDZ6p6VrqcnxbYjDOccTasCgYB8uEHi7RhLdTttjTCkyypR -Bo2uKzK1Krlh0TsfD4qH0CZhxHuI+izaF7YdFqdJA8Iz9xUSq5yUOZXWheEwboyu -v9ZlbKjcQTpXEJAzQdnVyWy/2sGP9HdrGYsQWLYf3Jf/oeS/+80r54uVIfeaHCQj -wrj/NYaSRbaozGz5xF8CEg== ------END PRIVATE KEY----- diff --git a/tools/certs/prover2.pem b/tools/certs/prover2.pem deleted file mode 100644 index 6e1196e..0000000 --- a/tools/certs/prover2.pem +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDTzCCAjegAwIBAgIULCJR5eVMFHoHczif5d/mnBP9jL8wDQYJKoZIhvcNAQEL -BQAwFTETMBEGA1UEAwwKY2EtcHJvdmVyMTAeFw0yNDAzMjYxNjQ5NTJaFw0zNDAz -MjQxNjQ5NTJaMBIxEDAOBgNVBAMMB3Byb3ZlcjIwggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQDP6XsxIqlwR4cfxWvRGqAJtQvsIa+PAOAmSNdvUCb5mslg -kYvkKKQj2L1Dqh11ppdUzqsgyU2BqspigUHfS08LZxuIe3LxNALTmjukSrS+xxJ8 -f2hF/T+y482oZ3J+34k/5eTRVDcghRu77cfycRcWJ6r6rXviprh6MyHk2PEzffay -tss6P01JXYwzNdQUyMwBkPdqEtI9OuxMN6kZ73oNUGF2ZYe7ubldlBH9jcwEz4XH -LzEYRK7ZKYSVY5UCvTGLK+QPBmiqvMFe9plS7hrEn1HryGOFIPbgR5Kq/1qbvqyP -lHkep61aH79cF/krWrgEX+NR1MVutQid5TqAZGT/AgMBAAGjgZkwgZYwCQYDVR0T -BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB -MB0GA1UdEQQWMBSCCWxvY2FsaG9zdIIHcHJvdmVyMjAdBgNVHQ4EFgQURKeKzItc -pq7/LSp2VAej0ygHt2IwHwYDVR0jBBgwFoAUUpbP/vyfaKN1lNq++YzRRULvOV0w -DQYJKoZIhvcNAQELBQADggEBAHCt4Vyuwl7qjV/kE3kgsB4uf8e6wybS/wmrgJEp -kYmMonodV5Rlo8sCaJS7/b5hNigAJuWlGHf6FPdat9PtEj3pLaNChOt2uoAQUxt2 -bpQhkFOGgR9pWsDL15ErVTe6zAdaIlDUiMn6qgzxH9tnUwce294e3m7jrZ8bbgNT -t2m+ppJpfN0j+t+9qMWcKwqWNF20A+Qq3VJg1X5CU9IyqW6uig8bQXzhqRTBBXhF -3WpoHbJ4jwNmiqkU8+pI1IG3DS0KfSMXqPllYWdZzIBZ4QTC70pAQ8mCGi2wGcxP -8l5yz1CWEqyIofR+hs+xOehwLAnMiNO/swr10bjs+9iFHSE= ------END CERTIFICATE----- diff --git a/tools/certs/stage.key b/tools/certs/stage.key deleted file mode 100644 index 888c788..0000000 --- a/tools/certs/stage.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDOeBVqFPMC+00d -q0GM0QY/IQuhfm9gTdmU5O6cu1w2MzocGl6+XW/WTUTHNTbP+Rb7MhskSPzADVUe -TnHXx//Zqrz+ga7hNorv77PNLZwNQxQG5SPA89H9bKjgSFaG6JSjScdO3Mbp30yl -mt+eTU8BzAfDtsZMhkIjxXlTqbh8FKWgNHKwMH5V7ew1FhDgZcPIqzk8fn7OHmuC -b8NiaiDI27fdGVBqmto3icaRP24TNWQfU9jXCua6ISZ2fh9KN3xZ7neEDF7ciihG -/o+XmADQe1PqeYA1Wdrg/ONZKsZnIZtU6m//FXDhAaZaTIbjmHZcxn28YwOWG48R -cF4Hv0hnAgMBAAECggEACFU2YAqqaCNmUF06Dwncm62kv4bPze42atj2fGLfbNyS -atHxovM4cUi7DuMp7CjccZTrHYLImKOxHMEDvTa4L7vBVvA686H054wgEJbXpn1f -kIus7ruobPb2td6Vh2pZnWF75sXoTUYS3NgsUEJEfwkSAyccR7hfcPwmUmcWKAPG -uk1Y14ANxWNRWejjNsX91THlpowB2nqDVl5CqX7vlFl7Uj4JI2Ks5gp6XXHM/Ww7 -GfhKdQAdwx7o3acl0P3anZocB9oiHahLH/Ve9e44MSJXL360Pq3jMHPW7zDEKAwj -z8RMAq36E9bmW9MMY5n+hcLBz49J5yiY4nSyuSi4eQKBgQDyKbkp87Xxu35ngng6 -uvsJO4VAL1NGk1RcbC4eidHrg+mQ1z5p74JPeSfcHxO8tjCOZ9n15pHfT2ePsX3o -koqo9rG+usahVvdGVSTmCPUta0Jof/A4q7dTOvkjHVExMyHYqIrUSZjM21C6MWqa -QKTqM4/kN4sZ4ljwetcXgb0CTQKBgQDaRD4BIQzEaABWBlBMc7J8TLb5TIAQBCqS -oZIq0nBr7Q7VQ9xQtidSopF+07cetdjwmpiGxUAkPH4p1JUGmeWUoD09xkGU5Em7 -sJF3rtk1NlOBQeWKxF8VHgboTOnPMjptOFDrE3e6Zc1bx/W+smZrwuIMwsbuNTZG -aSZGolMHgwKBgH8EgXnOugVEKeYTGgr8HkZWcOscp5piFqKvn3UnJvNYan8tVzBr -jzcuPkkIB+s4yLk5IasIOEUgOhq1p2wAyTgcxVhcUWk421SJvmPmGOus0dVMHe0r -rGm8igbwDrE2t68ToFX/EGWLN4mh999WvumVCAlVVOHLxojEdeN/imsVAoGAHrMu -jXYal52RPohQzxAO8NDRg6sw8A/F9S3oo0FKMsP7LCAJYwjb6xGWqWIaBaXKR71W -6s3fwbkIfdW6yFzpH8iSFJhILSsW++FP9KeRQZzMjge4w5XvUccRbacz08La2PXs -28O3OW6MPfaYKCRrp4iXxve2h1bQtYKgsZqvVwUCgYAJI2Icnowy4BNovC5GLmKW -2Byj7k7V/pf0P1d0on8hKMoAMSijz59iRDC7Bh2JAqWZIqOvtyifT6YenGYrkYI4 -PZ8Efh+h7kFFzeNBLFKDwBnNxMpAaOaHr0OPZjmExA4oSY0cxi+NUjVQbFW5qwu3 -2zQGmWEqWeoAaDJwWwlGnQ== ------END PRIVATE KEY----- diff --git a/tools/certs/stage.pem b/tools/certs/stage.pem deleted file mode 100644 index 7873302..0000000 --- a/tools/certs/stage.pem +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDSzCCAjOgAwIBAgIULCJR5eVMFHoHczif5d/mnBP9jMAwDQYJKoZIhvcNAQEL -BQAwFTETMBEGA1UEAwwKY2EtcHJvdmVyMTAeFw0yNDAzMjYxNjQ5NThaFw0zNDAz -MjQxNjQ5NThaMBAxDjAMBgNVBAMMBXN0YWdlMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAzngVahTzAvtNHatBjNEGPyELoX5vYE3ZlOTunLtcNjM6HBpe -vl1v1k1ExzU2z/kW+zIbJEj8wA1VHk5x18f/2aq8/oGu4TaK7++zzS2cDUMUBuUj -wPPR/Wyo4EhWhuiUo0nHTtzG6d9MpZrfnk1PAcwHw7bGTIZCI8V5U6m4fBSloDRy -sDB+Ve3sNRYQ4GXDyKs5PH5+zh5rgm/DYmogyNu33RlQapraN4nGkT9uEzVkH1PY -1wrmuiEmdn4fSjd8We53hAxe3IooRv6Pl5gA0HtT6nmANVna4PzjWSrGZyGbVOpv -/xVw4QGmWkyG45h2XMZ9vGMDlhuPEXBeB79IZwIDAQABo4GXMIGUMAkGA1UdEwQC -MAAwCwYDVR0PBAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAb -BgNVHREEFDASgglsb2NhbGhvc3SCBXN0YWdlMB0GA1UdDgQWBBTYnpIDnUPruI7m -F0TiVQxEj92PmDAfBgNVHSMEGDAWgBRSls/+/J9oo3WU2r75jNFFQu85XTANBgkq -hkiG9w0BAQsFAAOCAQEAFiyBpmK3n5aCmO5koaEzoMRukVisCGVFcL/rjafSph4O -UKmJTM/MX/q0esL/ZRUzWjeJWb3/jzdp8eLRxDW7y/kLAcVzLCc7D88qHSN3AuSy -Xv4rVJSjon36oO02tstQm9DxHDuX0IjAev9i/r64o/fgvlcOE/gn8WiJgAAkxaji -ElBFZUrW0T2HEgb++remW+i7gR6Yn+5agS3mpTqrTHtMc0ojmEDVT3z5LZT9JzuV -hk9PMlv27JMo3ZYplocKtNuRaGQJCg7PTSvP1p6gtgi5gdX0iw0kRR+nM2TEGtFf -Sx47kNh+JURnef/Ace61OhRj0m0p2GOW1/nb0PzgRg== ------END CERTIFICATE----- From 39782c1fb4050723ae6cd6e4dda3eb2f1eaf231f Mon Sep 17 00:00:00 2001 From: evan Date: Thu, 28 Mar 2024 15:15:41 +0000 Subject: [PATCH 03/12] fix the bug that gen_config generate wrong configs --- service/config/gen_config.sh | 18 +++++++++++------- service/config/stage_tls_template.toml | 6 +++--- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/service/config/gen_config.sh b/service/config/gen_config.sh index f15b82c..756a2f0 100755 --- a/service/config/gen_config.sh +++ b/service/config/gen_config.sh @@ -17,11 +17,14 @@ if [ "$tls" = true ]; then for prover in "${provers[@]}"; do prover_name="prover${id}" IFS=':' read -r host port <<< "$prover" - bash certgen.sh --cn $prover_name --ssl-dns $host + bash certgen.sh --cn $prover_name --ssl-dns ${host} rm -rf ${prover_name}.csr ((id++)) done + bash certgen.sh --cn client --ssl-dns localhost + rm -rf client.csr rm -rf ca.srl + rm -rf openssl.cnf cd - fi @@ -33,24 +36,25 @@ else stage_template_content=$(cat stage_template.toml) fi stage_config="$stage_template_content" -stage_config="${stage_config//\{\{addr\}\}/${stage}}" +IFS=':' read -r host port <<< "$stage" +stage_config="${stage_config//\{\{addr\}\}/0.0.0.0:${port}}" # generate prover addrs prover_addrs="" for prover in "${provers[@]}"; do - if [ -z "$result" ]; then - prover_addrs="$prover" + if [ -z "$prover_addrs" ]; then + prover_addrs="$prover\"" else - prover_addrs="$prover_addrs, \"$prover\"" + prover_addrs="$prover_addrs, \"$prover" fi done stage_config="${stage_config//\{\{prover_addrs\}\}/\"${prover_addrs}\"}" # generate snark addrs snark_addrs="" for snark in "${snarks[@]}"; do - if [ -z "$result" ]; then + if [ -z "$snark_addrs" ]; then snark_addrs="$snark" else - snark_addrs="$prover_addrs, \"$snark\"" + snark_addrs="$prover_addrs, \"$snark" fi done stage_config="${stage_config//\{\{snark_addrs\}\}/\"${snark_addrs}\"}" diff --git a/service/config/stage_tls_template.toml b/service/config/stage_tls_template.toml index f2d44fd..c1bca8c 100644 --- a/service/config/stage_tls_template.toml +++ b/service/config/stage_tls_template.toml @@ -1,6 +1,6 @@ -addr = "0.0.0.0:50000" -prover_addrs = ["127.0.0.1:50001", "127.0.0.1:50002"] -snark_addrs = ["127.0.0.1:50051"] +addr = "{{addr}}" +prover_addrs = [{{prover_addrs}}] +snark_addrs = [{{snark_addrs}}] base_dir = "/tmp/zkm/test/test_proof" ca_cert_path = "tools/certs/ca.pem" cert_path = "tools/certs/stage.pem" From 5ed20e1f00a0feab1230fdf28bde5105c35fe892 Mon Sep 17 00:00:00 2001 From: evan Date: Fri, 29 Mar 2024 14:24:03 +0000 Subject: [PATCH 04/12] allow user set endpoint --- service/examples/stage.rs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/service/examples/stage.rs b/service/examples/stage.rs index 0adb693..03f6a07 100644 --- a/service/examples/stage.rs +++ b/service/examples/stage.rs @@ -20,6 +20,7 @@ async fn main() -> Result<(), Box> { let block_no = block_no.parse::<_>().unwrap_or(13284491); let seg_size = env::var("SEG_SIZE").unwrap_or("262144".to_string()); let seg_size = seg_size.parse::<_>().unwrap_or(262144); + let endpoint = env::var("ENDPOINT").unwrap_or("http://127.0.0.1:50000".to_string()); let ca_cert_path = env::var("CA_CERT_PATH").unwrap_or("".to_string()); let cert_path = env::var("CERT_PATH").unwrap_or("".to_string()); let key_path = env::var("KEY_PATH").unwrap_or("".to_string()); @@ -61,9 +62,9 @@ async fn main() -> Result<(), Box> { let tls_config = ClientTlsConfig::new() .ca_certificate(config.ca_cert) .identity(config.identity); - Endpoint::new("http://localhost:50000")?.tls_config(tls_config)? + Endpoint::new(endpoint)?.tls_config(tls_config)? } - None => Endpoint::new("http://127.0.0.1:50000")?, + None => Endpoint::new(endpoint)?, }; let mut stage_client = StageServiceClient::connect(endpoint).await?; let response = stage_client.generate_proof(request).await?.into_inner(); From 8ffb39b70c2bfdbca746f98c574a24c896c27b2f Mon Sep 17 00:00:00 2001 From: evan Date: Fri, 29 Mar 2024 14:24:20 +0000 Subject: [PATCH 05/12] fix the bug that stage failed to set base_dir --- service/config/gen_config.sh | 3 ++- service/config/stage_template.toml | 2 +- service/config/stage_tls_template.toml | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/service/config/gen_config.sh b/service/config/gen_config.sh index 756a2f0..b4f571f 100755 --- a/service/config/gen_config.sh +++ b/service/config/gen_config.sh @@ -3,7 +3,7 @@ # You should provide some variable to use this config bash provers=("localhost:50001" "localhost:50002") stage="localhost:50000" -snarks=("localhost:50051") +snarks=("localhost:50001") tls=false base_dir="/tmp/zkm/test/test_proof" @@ -58,6 +58,7 @@ for snark in "${snarks[@]}"; do fi done stage_config="${stage_config//\{\{snark_addrs\}\}/\"${snark_addrs}\"}" +stage_config="${stage_config//\{\{base_dir\}\}/${base_dir}}" if [ "$tls" = true ]; then echo "$stage_config" > stage_tls.toml else diff --git a/service/config/stage_template.toml b/service/config/stage_template.toml index 53e8a4a..1cd2493 100644 --- a/service/config/stage_template.toml +++ b/service/config/stage_template.toml @@ -1,4 +1,4 @@ addr = "{{addr}}" prover_addrs = [{{prover_addrs}}] snark_addrs = [{{snark_addrs}}] -base_dir = "/tmp/zkm/test/test_proof" \ No newline at end of file +base_dir = "{{base_dir}}" \ No newline at end of file diff --git a/service/config/stage_tls_template.toml b/service/config/stage_tls_template.toml index c1bca8c..90c456c 100644 --- a/service/config/stage_tls_template.toml +++ b/service/config/stage_tls_template.toml @@ -1,7 +1,7 @@ addr = "{{addr}}" prover_addrs = [{{prover_addrs}}] snark_addrs = [{{snark_addrs}}] -base_dir = "/tmp/zkm/test/test_proof" +base_dir = "{{base_dir}}" ca_cert_path = "tools/certs/ca.pem" cert_path = "tools/certs/stage.pem" key_path = "tools/certs/stage.key" \ No newline at end of file From 2e5380ba2e2375759b864ac9c58ffa9577bdd078 Mon Sep 17 00:00:00 2001 From: evan Date: Fri, 29 Mar 2024 15:32:00 +0000 Subject: [PATCH 06/12] disable snarks tls --- service/config/gen_config.sh | 2 +- service/src/prover_client.rs | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/service/config/gen_config.sh b/service/config/gen_config.sh index b4f571f..545fba8 100755 --- a/service/config/gen_config.sh +++ b/service/config/gen_config.sh @@ -3,7 +3,7 @@ # You should provide some variable to use this config bash provers=("localhost:50001" "localhost:50002") stage="localhost:50000" -snarks=("localhost:50001") +snarks=("localhost:50051") tls=false base_dir="/tmp/zkm/test/test_proof" diff --git a/service/src/prover_client.rs b/service/src/prover_client.rs index 91aa392..1169c94 100644 --- a/service/src/prover_client.rs +++ b/service/src/prover_client.rs @@ -210,9 +210,9 @@ pub async fn aggregate_all( pub async fn final_proof( mut final_task: FinalTask, - tls_config: Option, + _tls_config: Option, ) -> Option { - let client = get_snark_client(tls_config).await; + let client = get_snark_client(None).await; if let Some(mut client) = client { let request = FinalProofRequest { chain_id: 0, From fe0a091a6b3c3b044d4ef19e73d05f105c98ac97 Mon Sep 17 00:00:00 2001 From: evan Date: Sat, 30 Mar 2024 02:29:41 +0000 Subject: [PATCH 07/12] update template files name --- service/config/gen_config.sh | 8 ++++---- .../config/{prover_template.toml => prover.toml.template} | 0 ...{prover_tls_template.toml => prover_tls.toml.template} | 0 .../config/{stage_template.toml => stage.toml.template} | 0 .../{stage_tls_template.toml => stage_tls.toml.template} | 0 5 files changed, 4 insertions(+), 4 deletions(-) rename service/config/{prover_template.toml => prover.toml.template} (100%) rename service/config/{prover_tls_template.toml => prover_tls.toml.template} (100%) rename service/config/{stage_template.toml => stage.toml.template} (100%) rename service/config/{stage_tls_template.toml => stage_tls.toml.template} (100%) diff --git a/service/config/gen_config.sh b/service/config/gen_config.sh index 545fba8..42dbde4 100755 --- a/service/config/gen_config.sh +++ b/service/config/gen_config.sh @@ -31,9 +31,9 @@ fi # Generate stage toml # Read templeta content first if [ "$tls" = true ]; then - stage_template_content=$(cat stage_tls_template.toml) + stage_template_content=$(cat stage_tls.toml.template) else - stage_template_content=$(cat stage_template.toml) + stage_template_content=$(cat stage.toml.template) fi stage_config="$stage_template_content" IFS=':' read -r host port <<< "$stage" @@ -68,9 +68,9 @@ fi # Generate provers toml # Read templeta content first if [ "$tls" = true ]; then - prover_template_content=$(cat prover_tls_template.toml) + prover_template_content=$(cat prover_tls.toml.template) else - prover_template_content=$(cat prover_template.toml) + prover_template_content=$(cat prover.toml.template) fi id=1 diff --git a/service/config/prover_template.toml b/service/config/prover.toml.template similarity index 100% rename from service/config/prover_template.toml rename to service/config/prover.toml.template diff --git a/service/config/prover_tls_template.toml b/service/config/prover_tls.toml.template similarity index 100% rename from service/config/prover_tls_template.toml rename to service/config/prover_tls.toml.template diff --git a/service/config/stage_template.toml b/service/config/stage.toml.template similarity index 100% rename from service/config/stage_template.toml rename to service/config/stage.toml.template diff --git a/service/config/stage_tls_template.toml b/service/config/stage_tls.toml.template similarity index 100% rename from service/config/stage_tls_template.toml rename to service/config/stage_tls.toml.template From d7a7d017780f4d98411056d8aec8f83b4f504c6a Mon Sep 17 00:00:00 2001 From: evan Date: Sat, 30 Mar 2024 04:07:55 +0000 Subject: [PATCH 08/12] fix clippy warning --- service/src/config.rs | 16 ++++++++-------- service/src/stage_service.rs | 1 + 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/service/src/config.rs b/service/src/config.rs index d805c71..ecad0b8 100644 --- a/service/src/config.rs +++ b/service/src/config.rs @@ -57,15 +57,15 @@ impl RuntimeConfig { } }; // both of ca_cert_path, cert_path, key_path should be some or none - if config.ca_cert_path.is_some() || config.cert_path.is_some() || config.key_path.is_some() - { - if config.ca_cert_path.is_none() + if (config.ca_cert_path.is_some() + || config.cert_path.is_some() + || config.key_path.is_some()) + && (config.ca_cert_path.is_none() || config.cert_path.is_none() - || config.key_path.is_none() - { - error!("both of ca_cert_path, cert_path, key_path should be some or none"); - return None; - } + || config.key_path.is_none()) + { + error!("both of ca_cert_path, cert_path, key_path should be some or none"); + return None; } instance().lock().unwrap().addr.clone_from(&config.addr); instance() diff --git a/service/src/stage_service.rs b/service/src/stage_service.rs index dbc1bd5..a4957b2 100644 --- a/service/src/stage_service.rs +++ b/service/src/stage_service.rs @@ -16,6 +16,7 @@ use crate::config; use crate::prover_client; use prover::provers::{self, read_file_bin}; +#[allow(clippy::module_inception)] pub mod stage_service { tonic::include_proto!("stage.v1"); } From 1c4b91434b7e1d7871eabeba7032b071ee3ef4ad Mon Sep 17 00:00:00 2001 From: evan Date: Sat, 30 Mar 2024 04:19:07 +0000 Subject: [PATCH 09/12] use bail and unwrap_or_else --- common/src/tls.rs | 34 +++++++++++----------------------- 1 file changed, 11 insertions(+), 23 deletions(-) diff --git a/common/src/tls.rs b/common/src/tls.rs index 8e96992..245abae 100644 --- a/common/src/tls.rs +++ b/common/src/tls.rs @@ -1,5 +1,4 @@ -use anyhow::anyhow; -use std::io; +use anyhow::bail; use std::path::Path; use tonic::transport::{Certificate, Identity}; @@ -29,31 +28,20 @@ async fn get_cert_and_identity( let cert_path = Path::new(&cert_path); let key_path = Path::new(&key_path); if !ca_cert_path.is_file() || !cert_path.is_file() || !key_path.is_file() { - return Err(anyhow!( - "both ca_cert_path, cert_path and key_path should be valid file" - )); + bail!("both ca_cert_path, cert_path and key_path should be valid file") } - let ca_cert = tokio::fs::read(ca_cert_path).await.map_err(|err| { - io::Error::new( - err.kind(), - format!("Failed to read {ca_cert_path:?}, err: {err}"), - ) - })?; + let ca_cert = tokio::fs::read(ca_cert_path) + .await + .unwrap_or_else(|err| panic!("Failed to read {:?}, err: {:?}", ca_cert_path, err)); let ca_cert = Certificate::from_pem(ca_cert); - let cert = tokio::fs::read(cert_path).await.map_err(|err| { - io::Error::new( - err.kind(), - format!("Failed to read {cert_path:?}, err: {err}"), - ) - })?; - let key = tokio::fs::read(key_path).await.map_err(|err| { - io::Error::new( - err.kind(), - format!("Failed to read {key_path:?}, err: {err}"), - ) - })?; + let cert = tokio::fs::read(cert_path) + .await + .unwrap_or_else(|err| panic!("Failed to read {:?}, err: {:?}", cert_path, err)); + let key = tokio::fs::read(key_path) + .await + .unwrap_or_else(|err| panic!("Failed to read {:?}, err: {:?}", key_path, err)); let identity = Identity::from_pem(cert, key); Ok((ca_cert, identity)) From 3177ace389ba45193172d5e7c0881dcf97dce9d2 Mon Sep 17 00:00:00 2001 From: evan Date: Sat, 30 Mar 2024 04:20:16 +0000 Subject: [PATCH 10/12] update default SEG_SIZE --- service/examples/stage.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/service/examples/stage.rs b/service/examples/stage.rs index 03f6a07..2167d01 100644 --- a/service/examples/stage.rs +++ b/service/examples/stage.rs @@ -18,8 +18,8 @@ async fn main() -> Result<(), Box> { let block_path = env::var("BLOCK_PATH").unwrap_or("/tmp/zkm/test/0_13284491".to_string()); let block_no = env::var("BLOCK_NO").unwrap_or("13284491".to_string()); let block_no = block_no.parse::<_>().unwrap_or(13284491); - let seg_size = env::var("SEG_SIZE").unwrap_or("262144".to_string()); - let seg_size = seg_size.parse::<_>().unwrap_or(262144); + let seg_size = env::var("SEG_SIZE").unwrap_or("16384".to_string()); + let seg_size = seg_size.parse::<_>().unwrap_or(16384); let endpoint = env::var("ENDPOINT").unwrap_or("http://127.0.0.1:50000".to_string()); let ca_cert_path = env::var("CA_CERT_PATH").unwrap_or("".to_string()); let cert_path = env::var("CERT_PATH").unwrap_or("".to_string()); From 8473b17c966c7cfb2b01a2c9e06ae9f7e706d311 Mon Sep 17 00:00:00 2001 From: evan Date: Sat, 30 Mar 2024 11:18:39 +0000 Subject: [PATCH 11/12] fix snark addrs error --- service/config/gen_config.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service/config/gen_config.sh b/service/config/gen_config.sh index 42dbde4..a66059b 100755 --- a/service/config/gen_config.sh +++ b/service/config/gen_config.sh @@ -54,7 +54,7 @@ for snark in "${snarks[@]}"; do if [ -z "$snark_addrs" ]; then snark_addrs="$snark" else - snark_addrs="$prover_addrs, \"$snark" + snark_addrs="$snark_addrs, \"$snark" fi done stage_config="${stage_config//\{\{snark_addrs\}\}/\"${snark_addrs}\"}" From 9c2ade4f06648be31cf8cc4314859c8f0d193ae6 Mon Sep 17 00:00:00 2001 From: evan Date: Sat, 30 Mar 2024 11:22:42 +0000 Subject: [PATCH 12/12] fix snark comma error --- service/config/gen_config.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service/config/gen_config.sh b/service/config/gen_config.sh index a66059b..5ebbcd9 100755 --- a/service/config/gen_config.sh +++ b/service/config/gen_config.sh @@ -52,7 +52,7 @@ stage_config="${stage_config//\{\{prover_addrs\}\}/\"${prover_addrs}\"}" snark_addrs="" for snark in "${snarks[@]}"; do if [ -z "$snark_addrs" ]; then - snark_addrs="$snark" + snark_addrs="$snark\"" else snark_addrs="$snark_addrs, \"$snark" fi