Merge pull request #158 from Ethernal-Tech/feat/tls

TLS certificate on CI
Ethernal-Tech · Mar 15, 2024 · efdee00 · efdee00
2 parents ccea3a8 + c7995d8
commit efdee00
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 6 deletions.
diff --git a/.github/workflows/e2e-polybft-test.yml b/.github/workflows/e2e-polybft-test.yml
@@ -25,6 +25,20 @@ jobs:
         with:
           go-version: 1.20.x
           check-latest: true
+      - name: Generate OpenSSL certificate
+        run: openssl req -x509 -out localhost.crt -keyout localhost.key   -newkey rsa:2048 -nodes -sha256   -subj '/CN=localhost' -extensions EXT -config <(printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
+      - name: Copy certificate key
+        run: sudo cp localhost.key /etc/ssl/private/localhost.key
+      - name: Copy certificate itself
+        run: sudo cp localhost.crt /usr/local/share/ca-certificates/localhost.crt
+      - name: Add certificate to trusted list
+        run: sudo update-ca-certificates
+      - name: Update certificate key folder permissions
+        run: sudo chmod -R 755 /etc/ssl/private
+      - name: Update certificate key file permissions
+        run: sudo chmod 644 /etc/ssl/private/localhost.key
+      - name: Check certificate key permissions
+        run: ls -l /etc/ssl/private/localhost.key
       - name: Run tests
         run: make test-e2e-polybft
       - name: Run tests failed

diff --git a/e2e-polybft/e2e/jsonrpc_test.go b/e2e-polybft/e2e/jsonrpc_test.go
@@ -26,7 +26,7 @@ func TestE2E_JsonRPC(t *testing.T) {
 
 	cluster := framework.NewTestCluster(t, 4,
 		framework.WithPremine(types.Address(acct.Address())),
-		// framework.WithHTTPS("/etc/ssl/certs/ssl-cert-snakeoil.pem", "/etc/ssl/private/ssl-cert-snakeoil.key"),
+		framework.WithHTTPS("/etc/ssl/certs/localhost.pem", "/etc/ssl/private/localhost.key"),
 	)
 	defer cluster.Stop()
 

diff --git a/e2e-polybft/framework/test-server.go b/e2e-polybft/framework/test-server.go
@@ -68,9 +68,7 @@ func (t *TestServer) GrpcAddr() string {
 
 func (t *TestServer) JSONRPCAddr() string {
 	if t.config.TLSCertFile != "" && t.config.TLSKeyFile != "" {
-		host, _ := os.Hostname()
-
-		return fmt.Sprintf("https://%s:%d", host, t.config.JSONRPCPort)
+		return fmt.Sprintf("https://localhost:%d", t.config.JSONRPCPort)
 	} else {
 		return fmt.Sprintf("http://%s:%d", hostIP, t.config.JSONRPCPort)
 	}

diff --git a/jsonrpc/jsonrpc.go b/jsonrpc/jsonrpc.go
@@ -133,8 +133,8 @@ func (j *JSONRPC) setupHTTP() error {
 	}
 
 	if j.config.TLSCertFile != "" && j.config.TLSKeyFile != "" {
-		j.logger.Info("https cert file", j.config.TLSCertFile)
-		j.logger.Info("https key file", j.config.TLSKeyFile)
+		j.logger.Info("TLS", "cert file", j.config.TLSCertFile)
+		j.logger.Info("TLS", "key file", j.config.TLSKeyFile)
 
 		go func() {
 			if err := srv.ServeTLS(lis, j.config.TLSCertFile, j.config.TLSKeyFile); err != nil {