Add TLS to signer #357
Add TLS to signer #357
Conversation
…he source" This reverts commit 58c6117.
Co-authored-by: ltitanb <[email protected]>
Co-authored-by: ltitanb <[email protected]>
Co-authored-by: ltitanb <[email protected]>
Done in 1e4122f. |
Done in 1e4122f. |
crates/cli/src/docker_init.rs
Outdated
| if !certs_path.join(SIGNER_TLS_CERTIFICATE_NAME).try_exists()? || | ||
| !certs_path.join(SIGNER_TLS_KEY_NAME).try_exists()? | ||
| { | ||
| let (cert, key): (String, String) = | ||
| generate_simple_self_signed(vec!["cb_signer".to_string()]) | ||
| .map(|x| (x.cert.pem(), x.key_pair.serialize_pem())) | ||
| .map_err(|e| { | ||
| eyre::eyre!("Failed to generate TLS certificate: {e}") | ||
| })?; | ||
|
|
||
| std::fs::write(certs_path.join(SIGNER_TLS_CERTIFICATE_NAME), &cert)?; | ||
| std::fs::write(certs_path.join(SIGNER_TLS_KEY_NAME), &key)?; | ||
| } |
There was a problem hiding this comment.
In case there's only one of the two files required, this will override the existing one. Not saying this is wrong, but should we add a mention in the docs?
There was a problem hiding this comment.
I've removed the auto-generation of self-signed certs in 4260f17 now that there's an Insecure option; if users want to use TLS mode, they need to generate it and its key out-of-band as per the documentation (and preferably include the CA in their trusted CA list if it's not already there).
There was a problem hiding this comment.
Nice. With this change I think we can also remove rcgen from crates/cli/Cargo.toml and crates/common/Cargo.toml
There was a problem hiding this comment.
It's still used in one of the test cases for testing TLS I think, so it does still have some relevance unless we just get rid of that test case?
There was a problem hiding this comment.
I tested removing it from those files and it's working. Note that the crate would still be included in root's Cargo.toml and tests/Cargo.toml
There was a problem hiding this comment.
Sounds good, I'll remove them in another PR since you approved this already just so we can start rolling on the next step. Thank you!
This is a cherry-pick of the TLS support that @ManuelBilbao added in #297. It builds on top of #354 / #353 / #356 which obviate the nonce in the
jti, but it's important to keep TLS support in as part of the audit finding as well.Note that PR hasn't been updated in a bit, so it's a good idea to get some eyes on this one to ensure it got ported over properly and doesn't need any modernization changes.
While this is in draft review I'll look at adding an
--insecurevariant to the configuration that lets the user run without TLS if they want to (better for unit testing, anyway).