Merge pull request #593 from pls-github-dont-suspend-me/dev

Add ssl live updating
singnet · Sep 13, 2024 · c6794e7 · c6794e7
2 parents 4287445 + 95b196c
commit c6794e7
Show file tree

Hide file tree

Showing 4 changed files with 67 additions and 2 deletions.
diff --git a/.gitignore b/.gitignore
@@ -51,3 +51,6 @@ data.etcd/
 # vscode
 .vscode
 
+# asdf
+.tool-versions
+
diff --git a/resources/blockchain_network_config.json b/resources/blockchain_network_config.json
@@ -15,8 +15,8 @@
     "network_id": "5"
   },
   "sepolia": {
-    "ethereum_json_rpc_http_endpoint": "https://sepolia.infura.io/v3/98064002908248a0b0d837940d2c647b",
-    "ethereum_json_rpc_ws_endpoint": "wss://sepolia.infura.io/ws/v3/98064002908248a0b0d837940d2c647b",
+    "ethereum_json_rpc_http_endpoint": "https://sepolia.infura.io/v3/09027f4a13e841d48dbfefc67e7685d5",
+    "ethereum_json_rpc_ws_endpoint": "wss://sepolia.infura.io/ws/v3/09027f4a13e841d48dbfefc67e7685d5",
     "network_id": "11155111"
   }
 }
diff --git a/snetd/cmd/certs_listener.go b/snetd/cmd/certs_listener.go
@@ -0,0 +1,50 @@
+package cmd
+
+import (
+	"crypto/tls"
+	"fmt"
+	"sync"
+	"time"
+
+	"go.uber.org/zap"
+)
+
+type CertReloader struct {
+	CertFile   string // path to the x509 certificate for https
+	KeyFile    string // path to the x509 private key matching
+	mutex      *sync.Mutex
+	cachedCert *tls.Certificate
+}
+
+func (cr *CertReloader) reloadCertificate() error {
+	pair, err := tls.LoadX509KeyPair(cr.CertFile, cr.KeyFile)
+	if err != nil {
+		return fmt.Errorf("failed loading tls key pair: %w", err)
+	}
+	cr.mutex.Lock()
+	cr.cachedCert = &pair
+	cr.mutex.Unlock()
+	return err
+}
+
+func (cr *CertReloader) GetCertificate() *tls.Certificate {
+	cr.mutex.Lock()
+	defer cr.mutex.Unlock()
+	return cr.cachedCert
+}
+
+func (cr *CertReloader) Listen() {
+	ticker := time.NewTicker(3 * time.Second)
+
+	go func() {
+		for {
+			select {
+			case <-ticker.C:
+				err := cr.reloadCertificate()
+				if err != nil {
+					zap.L().Error("Error in reloading ssl certificates", zap.Error(err))
+				}
+			}
+		}
+	}()
+}
diff --git a/snetd/cmd/serve.go b/snetd/cmd/serve.go
@@ -8,6 +8,7 @@ import (
 	"os"
 	"os/signal"
 	"strings"
+	"sync"
 	"syscall"
 
 	"github.com/singnet/snet-daemon/blockchain"
@@ -147,6 +148,14 @@ func (d *daemon) start() {
 
 	var tlsConfig *tls.Config
 
+	certReloader := CertReloader{
+		CertFile: config.GetString(config.SSLCertPathKey),
+		KeyFile:  config.GetString(config.SSLKeyPathKey),
+		mutex:    new(sync.Mutex),
+	}
+
+	certReloader.Listen()
+
 	if d.autoSSLDomain != "" {
 		zap.L().Debug("enabling automatic SSL support")
 		certMgr := autocert.Manager{
@@ -173,6 +182,9 @@ func (d *daemon) start() {
 	} else if d.sslCert != nil {
 		zap.L().Debug("enabling SSL support via X509 keypair")
 		tlsConfig = &tls.Config{
+			GetCertificate: func(c *tls.ClientHelloInfo) (*tls.Certificate, error) {
+				return certReloader.GetCertificate(), nil
+			},
 			Certificates: []tls.Certificate{*d.sslCert},
 		}
 	}
-Original file line number
+Diff line change
@@ Expand Up / @@ -51,3 +51,6 @@ data.etcd/ @@
     # vscode
     .vscode
+    # asdf
+    .tool-versions