From 6e1f9349819c8a6dbd94b5d49553ec28c09e366f Mon Sep 17 00:00:00 2001 From: Oliver Bundalo Date: Wed, 13 Mar 2024 13:18:00 +0100 Subject: [PATCH 1/9] use localhost for https e2e tests --- e2e-polybft/e2e/jsonrpc_test.go | 2 +- e2e-polybft/framework/test-server.go | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/e2e-polybft/e2e/jsonrpc_test.go b/e2e-polybft/e2e/jsonrpc_test.go index ca6babe01f..0b42fe51f3 100644 --- a/e2e-polybft/e2e/jsonrpc_test.go +++ b/e2e-polybft/e2e/jsonrpc_test.go @@ -26,7 +26,7 @@ func TestE2E_JsonRPC(t *testing.T) { cluster := framework.NewTestCluster(t, 4, framework.WithPremine(types.Address(acct.Address())), - // framework.WithHTTPS("/etc/ssl/certs/ssl-cert-snakeoil.pem", "/etc/ssl/private/ssl-cert-snakeoil.key"), + // framework.WithHTTPS("/etc/ssl/certs/localhost.pem", "/etc/ssl/private/localhost.key"), ) defer cluster.Stop() diff --git a/e2e-polybft/framework/test-server.go b/e2e-polybft/framework/test-server.go index 80c8f4ff51..8f283b35d2 100644 --- a/e2e-polybft/framework/test-server.go +++ b/e2e-polybft/framework/test-server.go @@ -68,9 +68,7 @@ func (t *TestServer) GrpcAddr() string { func (t *TestServer) JSONRPCAddr() string { if t.config.TLSCertFile != "" && t.config.TLSKeyFile != "" { - host, _ := os.Hostname() - - return fmt.Sprintf("https://%s:%d", host, t.config.JSONRPCPort) + return fmt.Sprintf("https://localhost:%d", t.config.JSONRPCPort) } else { return fmt.Sprintf("http://%s:%d", hostIP, t.config.JSONRPCPort) } From ee6a845eca7fecfe40964b505a80f63ac72d714e Mon Sep 17 00:00:00 2001 From: Oliver Bundalo Date: Wed, 13 Mar 2024 13:22:09 +0100 Subject: [PATCH 2/9] Test TLS certificate generate on CI --- .github/workflows/e2e-polybft-test.yml | 6 ++++++ e2e-polybft/e2e/jsonrpc_test.go | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/e2e-polybft-test.yml b/.github/workflows/e2e-polybft-test.yml index e79937f4e0..7d1fd9aa49 100644 --- a/.github/workflows/e2e-polybft-test.yml +++ b/.github/workflows/e2e-polybft-test.yml @@ -25,6 +25,12 @@ jobs: with: go-version: 1.20.x check-latest: true + - name: Setup TSL + run: openssl req -x509 -out localhost.crt -keyout localhost.key -newkey rsa:2048 -nodes -sha256 -subj '/CN=localhost' -extensions EXT -config <(printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth") + run: sudo cp localhost.key /etc/ssl/private/localhost.key + run: sudo cp localhost.crt /usr/local/share/ca-certificates/localhost.crt + run: sudo update-ca-certificates + run: sudo chmod 644 /etc/ssl/private/localhost.key - name: Run tests run: make test-e2e-polybft - name: Run tests failed diff --git a/e2e-polybft/e2e/jsonrpc_test.go b/e2e-polybft/e2e/jsonrpc_test.go index 0b42fe51f3..f507a780f0 100644 --- a/e2e-polybft/e2e/jsonrpc_test.go +++ b/e2e-polybft/e2e/jsonrpc_test.go @@ -26,7 +26,7 @@ func TestE2E_JsonRPC(t *testing.T) { cluster := framework.NewTestCluster(t, 4, framework.WithPremine(types.Address(acct.Address())), - // framework.WithHTTPS("/etc/ssl/certs/localhost.pem", "/etc/ssl/private/localhost.key"), + framework.WithHTTPS("/etc/ssl/certs/localhost.pem", "/etc/ssl/private/localhost.key"), ) defer cluster.Stop() From 297903e32f7494301d5bb6211d6d07efe0fbbdc3 Mon Sep 17 00:00:00 2001 From: Oliver Bundalo Date: Thu, 14 Mar 2024 08:27:09 +0100 Subject: [PATCH 3/9] Fix for e2e polybft yml --- .github/workflows/e2e-polybft-test.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/e2e-polybft-test.yml b/.github/workflows/e2e-polybft-test.yml index 7d1fd9aa49..a4a9711663 100644 --- a/.github/workflows/e2e-polybft-test.yml +++ b/.github/workflows/e2e-polybft-test.yml @@ -25,11 +25,15 @@ jobs: with: go-version: 1.20.x check-latest: true - - name: Setup TSL + - name: Generate OpenSSL certificate run: openssl req -x509 -out localhost.crt -keyout localhost.key -newkey rsa:2048 -nodes -sha256 -subj '/CN=localhost' -extensions EXT -config <(printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth") + - name: Copy certificate key run: sudo cp localhost.key /etc/ssl/private/localhost.key + - name: Copy certificate itself run: sudo cp localhost.crt /usr/local/share/ca-certificates/localhost.crt + - name: Add certificate to trusted list run: sudo update-ca-certificates + - name: Update certificate key permissions run: sudo chmod 644 /etc/ssl/private/localhost.key - name: Run tests run: make test-e2e-polybft From f4f5b78b54c0597718ccffa6ce0454c3275c1e59 Mon Sep 17 00:00:00 2001 From: Oliver Bundalo Date: Thu, 14 Mar 2024 09:27:42 +0100 Subject: [PATCH 4/9] changed log for TLS files --- jsonrpc/jsonrpc.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jsonrpc/jsonrpc.go b/jsonrpc/jsonrpc.go index e6519c1a85..ef64bbfd0d 100644 --- a/jsonrpc/jsonrpc.go +++ b/jsonrpc/jsonrpc.go @@ -133,8 +133,8 @@ func (j *JSONRPC) setupHTTP() error { } if j.config.TLSCertFile != "" && j.config.TLSKeyFile != "" { - j.logger.Info("https cert file", j.config.TLSCertFile) - j.logger.Info("https key file", j.config.TLSKeyFile) + j.logger.Info("TLS", "cert file", j.config.TLSCertFile) + j.logger.Info("TLS", "key file", j.config.TLSKeyFile) go func() { if err := srv.ServeTLS(lis, j.config.TLSCertFile, j.config.TLSKeyFile); err != nil { From a9017484ff9685d7f17d41bf2e51c8f85cc8bb05 Mon Sep 17 00:00:00 2001 From: Oliver Bundalo Date: Thu, 14 Mar 2024 10:14:23 +0100 Subject: [PATCH 5/9] Added key permissions check --- .github/workflows/e2e-polybft-test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/e2e-polybft-test.yml b/.github/workflows/e2e-polybft-test.yml index a4a9711663..d687669aae 100644 --- a/.github/workflows/e2e-polybft-test.yml +++ b/.github/workflows/e2e-polybft-test.yml @@ -35,6 +35,8 @@ jobs: run: sudo update-ca-certificates - name: Update certificate key permissions run: sudo chmod 644 /etc/ssl/private/localhost.key + - name: Check certificate key permissions + run: ls -l /etc/ssl/private/localhost.key - name: Run tests run: make test-e2e-polybft - name: Run tests failed From 88d032c85ac9a7e19e298bf7585bb86c0c734ff1 Mon Sep 17 00:00:00 2001 From: Oliver Bundalo Date: Thu, 14 Mar 2024 10:24:32 +0100 Subject: [PATCH 6/9] sudo ls -l --- .github/workflows/e2e-polybft-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e-polybft-test.yml b/.github/workflows/e2e-polybft-test.yml index d687669aae..070a595edc 100644 --- a/.github/workflows/e2e-polybft-test.yml +++ b/.github/workflows/e2e-polybft-test.yml @@ -36,7 +36,7 @@ jobs: - name: Update certificate key permissions run: sudo chmod 644 /etc/ssl/private/localhost.key - name: Check certificate key permissions - run: ls -l /etc/ssl/private/localhost.key + run: sudo ls -l /etc/ssl/private/localhost.key - name: Run tests run: make test-e2e-polybft - name: Run tests failed From fe9fe51f086a96180c778bbc0c42a0013ebf565f Mon Sep 17 00:00:00 2001 From: Oliver Bundalo Date: Thu, 14 Mar 2024 10:34:07 +0100 Subject: [PATCH 7/9] chmod over /etc/ssl/private folder --- .github/workflows/e2e-polybft-test.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/e2e-polybft-test.yml b/.github/workflows/e2e-polybft-test.yml index 070a595edc..2a5f77b31a 100644 --- a/.github/workflows/e2e-polybft-test.yml +++ b/.github/workflows/e2e-polybft-test.yml @@ -33,10 +33,10 @@ jobs: run: sudo cp localhost.crt /usr/local/share/ca-certificates/localhost.crt - name: Add certificate to trusted list run: sudo update-ca-certificates - - name: Update certificate key permissions - run: sudo chmod 644 /etc/ssl/private/localhost.key + - name: Update certificate folder key permissions + run: sudo chmod -R 644 /etc/ssl/private - name: Check certificate key permissions - run: sudo ls -l /etc/ssl/private/localhost.key + run: ls -l /etc/ssl/private/localhost.key - name: Run tests run: make test-e2e-polybft - name: Run tests failed From def586855ab3ae719a5cc9e95b849a6d8ac2a6b4 Mon Sep 17 00:00:00 2001 From: Oliver Bundalo Date: Thu, 14 Mar 2024 10:38:59 +0100 Subject: [PATCH 8/9] Must change cert key permissions --- .github/workflows/e2e-polybft-test.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/e2e-polybft-test.yml b/.github/workflows/e2e-polybft-test.yml index 2a5f77b31a..7f529b8bc0 100644 --- a/.github/workflows/e2e-polybft-test.yml +++ b/.github/workflows/e2e-polybft-test.yml @@ -33,8 +33,10 @@ jobs: run: sudo cp localhost.crt /usr/local/share/ca-certificates/localhost.crt - name: Add certificate to trusted list run: sudo update-ca-certificates - - name: Update certificate folder key permissions + - name: Update certificate key folder permissions run: sudo chmod -R 644 /etc/ssl/private + - name: Update certificate key file permissions + run: sudo chmod 644 /etc/ssl/private/localhost.key - name: Check certificate key permissions run: ls -l /etc/ssl/private/localhost.key - name: Run tests From 5abf5bcece85d67d6f9f4a71b9d83be67e6a1cc6 Mon Sep 17 00:00:00 2001 From: Oliver Bundalo Date: Thu, 14 Mar 2024 10:45:59 +0100 Subject: [PATCH 9/9] Try with 755 for folder --- .github/workflows/e2e-polybft-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e-polybft-test.yml b/.github/workflows/e2e-polybft-test.yml index 7f529b8bc0..38d44c626e 100644 --- a/.github/workflows/e2e-polybft-test.yml +++ b/.github/workflows/e2e-polybft-test.yml @@ -34,7 +34,7 @@ jobs: - name: Add certificate to trusted list run: sudo update-ca-certificates - name: Update certificate key folder permissions - run: sudo chmod -R 644 /etc/ssl/private + run: sudo chmod -R 755 /etc/ssl/private - name: Update certificate key file permissions run: sudo chmod 644 /etc/ssl/private/localhost.key - name: Check certificate key permissions