From cd038b446be26b7044f0e9a2f2068d5d3eb8386f Mon Sep 17 00:00:00 2001 From: Chris Hager Date: Wed, 20 Nov 2024 15:01:43 +0100 Subject: [PATCH] TLS from go-utils (#9) --- go.mod | 2 +- go.sum | 4 +- proxy/generate_ssl.go | 83 ----------------------------------------- proxy/receiver_proxy.go | 4 +- 4 files changed, 6 insertions(+), 87 deletions(-) delete mode 100644 proxy/generate_ssl.go diff --git a/go.mod b/go.mod index 147c054..aab2efd 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/VictoriaMetrics/metrics v1.35.1 github.com/cenkalti/backoff v2.2.1+incompatible github.com/ethereum/go-ethereum v1.14.10 - github.com/flashbots/go-utils v0.8.1-0.20241111163610-99c6bcefd7df + github.com/flashbots/go-utils v0.8.2 github.com/google/uuid v1.6.0 github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/stretchr/testify v1.9.0 diff --git a/go.sum b/go.sum index 563fa1b..44e1ba1 100644 --- a/go.sum +++ b/go.sum @@ -56,8 +56,8 @@ github.com/ethereum/go-ethereum v1.14.10 h1:kC24WjYeRjDy86LVo6MfF5Xs7nnUu+XG4Aja github.com/ethereum/go-ethereum v1.14.10/go.mod h1:+l/fr42Mma+xBnhefL/+z11/hcmJ2egl+ScIVPjhc7E= github.com/ethereum/go-verkle v0.1.1-0.20240829091221-dffa7562dbe9 h1:8NfxH2iXvJ60YRB8ChToFTUzl8awsc3cJ8CbLjGIl/A= github.com/ethereum/go-verkle v0.1.1-0.20240829091221-dffa7562dbe9/go.mod h1:M3b90YRnzqKyyzBEWJGqj8Qff4IDeXnzFw0P9bFw3uk= -github.com/flashbots/go-utils v0.8.1-0.20241111163610-99c6bcefd7df h1:hUEq6QNP8kUMQcOJc/iur3XFMUptqgAn+Qz1XYccj1k= -github.com/flashbots/go-utils v0.8.1-0.20241111163610-99c6bcefd7df/go.mod h1:Lo/nrlC+q8ANgT3e6MKALIJCU+V9qTSgNtoLk/q1uIw= +github.com/flashbots/go-utils v0.8.2 h1:8JUKd9Cv1CTcp63V03ya+47nflTwBEqZq357iwW4fxQ= +github.com/flashbots/go-utils v0.8.2/go.mod h1:Lo/nrlC+q8ANgT3e6MKALIJCU+V9qTSgNtoLk/q1uIw= github.com/getsentry/sentry-go v0.27.0 h1:Pv98CIbtB3LkMWmXi4Joa5OOcwbmnX88sF5qbK3r3Ps= github.com/getsentry/sentry-go v0.27.0/go.mod h1:lc76E2QywIyW8WuBnwl8Lc4bkmQH4+w1gwTf25trprY= github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= diff --git a/proxy/generate_ssl.go b/proxy/generate_ssl.go deleted file mode 100644 index f1c3e27..0000000 --- a/proxy/generate_ssl.go +++ /dev/null @@ -1,83 +0,0 @@ -package proxy - -import ( - "bytes" - "crypto/ecdsa" - "crypto/elliptic" - "crypto/rand" - "crypto/x509" - "crypto/x509/pkix" - "encoding/pem" - "math/big" - "net" - "time" -) - -// GenerateCert generated a TLS certificate and key. -// - `hosts`: a list of ip / dns names to include in the certificate -func GenerateCert(validFor time.Duration, hosts []string) (cert, key []byte, err error) { - // copied from https://go.dev/src/crypto/tls/generate_cert.go - priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - if err != nil { - return nil, nil, err - } - keyUsage := x509.KeyUsageDigitalSignature - - notBefore := time.Now() - notAfter := notBefore.Add(validFor) - - serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) - serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) - if err != nil { - return nil, nil, err - } - - template := x509.Certificate{ - SerialNumber: serialNumber, - Subject: pkix.Name{ - Organization: []string{"Acme"}, - }, - NotBefore: notBefore, - NotAfter: notAfter, - - KeyUsage: keyUsage, - ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, - BasicConstraintsValid: true, - } - - for _, h := range hosts { - if ip := net.ParseIP(h); ip != nil { - template.IPAddresses = append(template.IPAddresses, ip) - } else { - template.DNSNames = append(template.DNSNames, h) - } - } - - // certificate is its own CA - template.IsCA = true - template.KeyUsage |= x509.KeyUsageCertSign - - derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv) - if err != nil { - return nil, nil, err - } - - var certOut bytes.Buffer - if err = pem.Encode(&certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}); err != nil { - return nil, nil, err - } - cert = certOut.Bytes() - - privBytes, err := x509.MarshalPKCS8PrivateKey(priv) - if err != nil { - return nil, nil, err - } - - var keyOut bytes.Buffer - err = pem.Encode(&keyOut, &pem.Block{Type: "PRIVATE KEY", Bytes: privBytes}) - if err != nil { - return nil, nil, err - } - key = keyOut.Bytes() - return cert, key, nil -} diff --git a/proxy/receiver_proxy.go b/proxy/receiver_proxy.go index 5478d40..df3db43 100644 --- a/proxy/receiver_proxy.go +++ b/proxy/receiver_proxy.go @@ -11,6 +11,7 @@ import ( "github.com/ethereum/go-ethereum/common" "github.com/flashbots/go-utils/rpcclient" "github.com/flashbots/go-utils/signature" + utils_tls "github.com/flashbots/go-utils/tls" "github.com/google/uuid" "github.com/hashicorp/golang-lru/v2/expirable" "golang.org/x/time/rate" @@ -97,7 +98,8 @@ func NewReceiverProxy(config ReceiverProxyConfig) (*ReceiverProxy, error) { if err != nil { return nil, err } - cert, key, err := GenerateCert(config.CertValidDuration, config.CertHosts) + + cert, key, err := utils_tls.GenerateTLS(config.CertValidDuration, config.CertHosts) if err != nil { return nil, err }