generate certs on startup (#91)

* generate certs on startup

* add custom test version

Dockerfile

@@ -1,10 +1,12 @@
+# Use golang base image
 FROM golang:1.20-alpine3.18 as build
+
 WORKDIR /ssv-dkg
 
 # Install build dependencies required for CGO
 RUN apk add --no-cache musl-dev gcc g++ libstdc++ git openssl
 
-# Copy the go.mod and go.sum first and download the dependencies. 
+# Copy the go.mod and go.sum first and download the dependencies.
 # This layer will be cached unless these files change.
 COPY go.mod go.sum ./
 RUN --mount=type=cache,target=/root/.cache/go-build \
@@ -18,30 +20,26 @@ COPY . .
 ENV CGO_ENABLED=1
 ENV GOOS=linux
 
-# Setup a directory for your certificates
-RUN mkdir /ssl
-
-# Generate a self-signed SSL certificate
-RUN openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
-  -keyout /ssl/tls.key -out /ssl/tls.crt \
-  -subj "/C=CN/ST=GD/L=SZ/O=ssv, Inc./CN=*.ssv.com"
-
 RUN --mount=type=cache,target=/root/.cache/go-build \
     --mount=type=cache,mode=0755,target=/go/pkg \
     VERSION=$(git describe --tags $(git rev-list --tags --max-count=1)) && \
     go build -o /bin/ssv-dkg -ldflags "-X main.Version=$VERSION -linkmode external -extldflags \"-static -lm\"" \
     ./cmd/ssv-dkg
 
-#
-# Run stage.
-#
+# Final stage
 FROM alpine:3.18  
 WORKDIR /ssv-dkg
 
-# Copy the built binary from the previous stage
+# Install openssl
+RUN apk add --no-cache openssl
+
+# Copy the built binary and entry-point script from the previous stage/build context
 COPY --from=build /bin/ssv-dkg /bin/ssv-dkg
-COPY --from=build /ssl /ssl
+COPY entry-point.sh /entry-point.sh
+
+# Ensure the entry-point script is executable
+RUN chmod +x /entry-point.sh
 
-ENTRYPOINT ["/bin/ssv-dkg"]
+ENTRYPOINT ["/entry-point.sh"]
 
-EXPOSE 3030
+EXPOSE 3030

entry-point.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+# Setup directory for certificates
+CERT_DIR=/ssl
+mkdir -p "$CERT_DIR"
+
+# Paths to the certificate and key files
+CERT_FILE="$CERT_DIR/tls.crt"
+KEY_FILE="$CERT_DIR/tls.key"
+
+# Check if the first argument is "start-operator"
+if [ "$1" = "start-operator" ]; then
+    # Generate a self-signed SSL certificate only if it doesn't exist
+    if [ ! -f "$CERT_FILE" ] || [ ! -f "$KEY_FILE" ]; then
+      echo "Certificate or key file not found. Generating new SSL certificate and key."
+      openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
+        -keyout "$KEY_FILE" -out "$CERT_FILE" \
+        -subj "/C=IL/ST=Tel Aviv/L=Tel Aviv/O=Coin-Dash Ltd/CN=*.ssvlabs.io"
+    else
+      echo "Existing SSL certificate and key found. Using them."
+    fi
+fi
+
+# Execute the main binary and pass all script arguments
+exec /bin/ssv-dkg "$@"

examples/generate_certs.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 openssl genrsa -out ./initiator/rootCA.key 4096
-openssl req -x509 -new -key ./initiator/rootCA.key -subj "/C=CN/ST=GD/L=SZ/O=ssv, Inc./CN=*.ssv.com" -days 3650 -out ./initiator/rootCA.crt
+openssl req -x509 -new -key ./initiator/rootCA.key -subj "/C=IL/ST=Tel Aviv/L=Tel Aviv/O=Coin-Dash Ltd/CN=*.ssvlabs.io" -days 3650 -out ./initiator/rootCA.crt
 
 
 for i in $(seq 1 8);

integration_test/integration_test.go

@@ -41,7 +41,7 @@ func TestHappyFlows(t *testing.T) {
 	err := logging.SetGlobalLogger("info", "capital", "console", nil)
 	require.NoError(t, err)
 	logger := zap.L().Named("integration-tests")
-	version := "v1.0.2"
+	version := "test.version"
 	servers, ops := createOperators(t, version)
 	clnt, err := initiator.New(ops, logger, version, rootCert)
 	require.NoError(t, err)
@@ -107,7 +107,7 @@ func TestHappyFlows(t *testing.T) {
 func TestBulkHappyFlows4Ops(t *testing.T) {
 	err := logging.SetGlobalLogger("info", "capital", "console", nil)
 	require.NoError(t, err)
-	version := "v1.0.2"
+	version := "test.version"
 	servers, ops := createOperators(t, version)
 	operators, err := json.Marshal(ops)
 	require.NoError(t, err)
@@ -151,7 +151,7 @@ func TestBulkHappyFlows4Ops(t *testing.T) {
 func TestBulkHappyFlows7Ops(t *testing.T) {
 	err := logging.SetGlobalLogger("info", "capital", "console", nil)
 	require.NoError(t, err)
-	version := "v1.0.2"
+	version := "test.version"
 	servers, ops := createOperators(t, version)
 	operators, err := json.Marshal(ops)
 	require.NoError(t, err)
@@ -194,7 +194,7 @@ func TestBulkHappyFlows7Ops(t *testing.T) {
 func TestBulkHappyFlows10Ops(t *testing.T) {
 	err := logging.SetGlobalLogger("info", "capital", "console", nil)
 	require.NoError(t, err)
-	version := "v1.0.2"
+	version := "test.version"
 	servers, ops := createOperators(t, version)
 	operators, err := json.Marshal(ops)
 	require.NoError(t, err)
@@ -237,7 +237,7 @@ func TestBulkHappyFlows10Ops(t *testing.T) {
 func TestBulkHappyFlows13Ops(t *testing.T) {
 	err := logging.SetGlobalLogger("info", "capital", "console", nil)
 	require.NoError(t, err)
-	version := "v1.0.2"
+	version := "test.version"
 	servers, ops := createOperators(t, version)
 	operators, err := json.Marshal(ops)
 	require.NoError(t, err)
@@ -281,7 +281,7 @@ func TestThreshold(t *testing.T) {
 	err := logging.SetGlobalLogger("info", "capital", "console", nil)
 	require.NoError(t, err)
 	logger := zap.L().Named("integration-tests")
-	version := "v1.0.2"
+	version := "test.version"
 	servers, ops := createOperators(t, version)
 	clnt, err := initiator.New(ops, logger, version, rootCert)
 	require.NoError(t, err)
@@ -375,13 +375,13 @@ func TestUnhappyFlows(t *testing.T) {
 	err := logging.SetGlobalLogger("info", "capital", "console", nil)
 	require.NoError(t, err)
 	logger := zap.L().Named("integration-tests")
-	version := "v1.0.2"
+	version := "test.version"
 	servers, ops := createOperators(t, version)
 	ops = append(ops, wire.OperatorCLI{Addr: servers[12].HttpSrv.URL, ID: 133, PubKey: &servers[12].PrivKey.PublicKey})
 	ops = append(ops, wire.OperatorCLI{Addr: servers[12].HttpSrv.URL, ID: 0, PubKey: &servers[12].PrivKey.PublicKey})
 	ops = append(ops, wire.OperatorCLI{Addr: servers[12].HttpSrv.URL, ID: 144, PubKey: &servers[12].PrivKey.PublicKey})
 	ops = append(ops, wire.OperatorCLI{Addr: servers[12].HttpSrv.URL, ID: 155, PubKey: &servers[12].PrivKey.PublicKey})
-	clnt, err := initiator.New(ops, logger, "v1.0.2", rootCert)
+	clnt, err := initiator.New(ops, logger, "test.version", rootCert)
 	require.NoError(t, err)
 	withdraw := newEthAddress(t)
 	owner := newEthAddress(t)
@@ -505,33 +505,33 @@ func TestLargeOperatorIDs(t *testing.T) {
 	require.NoError(t, err)
 	logger := zap.L().Named("integration-tests")
 	ops := wire.OperatorsCLI{}
-	srv1 := test_utils.CreateTestOperator(t, 1100, "v1.0.2", operatorCert, operatorKey)
+	srv1 := test_utils.CreateTestOperator(t, 1100, "test.version", operatorCert, operatorKey)
 	ops = append(ops, wire.OperatorCLI{Addr: srv1.HttpSrv.URL, ID: 1100, PubKey: &srv1.PrivKey.PublicKey})
-	srv2 := test_utils.CreateTestOperator(t, 2222, "v1.0.2", operatorCert, operatorKey)
+	srv2 := test_utils.CreateTestOperator(t, 2222, "test.version", operatorCert, operatorKey)
 	ops = append(ops, wire.OperatorCLI{Addr: srv2.HttpSrv.URL, ID: 2222, PubKey: &srv2.PrivKey.PublicKey})
-	srv3 := test_utils.CreateTestOperator(t, 3300, "v1.0.2", operatorCert, operatorKey)
+	srv3 := test_utils.CreateTestOperator(t, 3300, "test.version", operatorCert, operatorKey)
 	ops = append(ops, wire.OperatorCLI{Addr: srv3.HttpSrv.URL, ID: 3300, PubKey: &srv3.PrivKey.PublicKey})
-	srv4 := test_utils.CreateTestOperator(t, 4444, "v1.0.2", operatorCert, operatorKey)
+	srv4 := test_utils.CreateTestOperator(t, 4444, "test.version", operatorCert, operatorKey)
 	ops = append(ops, wire.OperatorCLI{Addr: srv4.HttpSrv.URL, ID: 4444, PubKey: &srv4.PrivKey.PublicKey})
-	srv5 := test_utils.CreateTestOperator(t, 5555, "v1.0.2", operatorCert, operatorKey)
+	srv5 := test_utils.CreateTestOperator(t, 5555, "test.version", operatorCert, operatorKey)
 	ops = append(ops, wire.OperatorCLI{Addr: srv5.HttpSrv.URL, ID: 5555, PubKey: &srv5.PrivKey.PublicKey})
-	srv6 := test_utils.CreateTestOperator(t, 6666, "v1.0.2", operatorCert, operatorKey)
+	srv6 := test_utils.CreateTestOperator(t, 6666, "test.version", operatorCert, operatorKey)
 	ops = append(ops, wire.OperatorCLI{Addr: srv6.HttpSrv.URL, ID: 6666, PubKey: &srv6.PrivKey.PublicKey})
-	srv7 := test_utils.CreateTestOperator(t, 7777, "v1.0.2", operatorCert, operatorKey)
+	srv7 := test_utils.CreateTestOperator(t, 7777, "test.version", operatorCert, operatorKey)
 	ops = append(ops, wire.OperatorCLI{Addr: srv7.HttpSrv.URL, ID: 7777, PubKey: &srv7.PrivKey.PublicKey})
-	srv8 := test_utils.CreateTestOperator(t, 8888, "v1.0.2", operatorCert, operatorKey)
+	srv8 := test_utils.CreateTestOperator(t, 8888, "test.version", operatorCert, operatorKey)
 	ops = append(ops, wire.OperatorCLI{Addr: srv8.HttpSrv.URL, ID: 8888, PubKey: &srv8.PrivKey.PublicKey})
-	srv9 := test_utils.CreateTestOperator(t, 9999, "v1.0.2", operatorCert, operatorKey)
+	srv9 := test_utils.CreateTestOperator(t, 9999, "test.version", operatorCert, operatorKey)
 	ops = append(ops, wire.OperatorCLI{Addr: srv9.HttpSrv.URL, ID: 9999, PubKey: &srv9.PrivKey.PublicKey})
-	srv10 := test_utils.CreateTestOperator(t, 10000, "v1.0.2", operatorCert, operatorKey)
+	srv10 := test_utils.CreateTestOperator(t, 10000, "test.version", operatorCert, operatorKey)
 	ops = append(ops, wire.OperatorCLI{Addr: srv10.HttpSrv.URL, ID: 10000, PubKey: &srv10.PrivKey.PublicKey})
-	srv11 := test_utils.CreateTestOperator(t, 11111, "v1.0.2", operatorCert, operatorKey)
+	srv11 := test_utils.CreateTestOperator(t, 11111, "test.version", operatorCert, operatorKey)
 	ops = append(ops, wire.OperatorCLI{Addr: srv11.HttpSrv.URL, ID: 11111, PubKey: &srv11.PrivKey.PublicKey})
-	srv12 := test_utils.CreateTestOperator(t, 12222, "v1.0.2", operatorCert, operatorKey)
+	srv12 := test_utils.CreateTestOperator(t, 12222, "test.version", operatorCert, operatorKey)
 	ops = append(ops, wire.OperatorCLI{Addr: srv12.HttpSrv.URL, ID: 12222, PubKey: &srv12.PrivKey.PublicKey})
-	srv13 := test_utils.CreateTestOperator(t, 13333, "v1.0.2", operatorCert, operatorKey)
+	srv13 := test_utils.CreateTestOperator(t, 13333, "test.version", operatorCert, operatorKey)
 	ops = append(ops, wire.OperatorCLI{Addr: srv13.HttpSrv.URL, ID: 13333, PubKey: &srv13.PrivKey.PublicKey})
-	clnt, err := initiator.New(ops, logger, "v1.0.2", rootCert)
+	clnt, err := initiator.New(ops, logger, "test.version", rootCert)
 	require.NoError(t, err)
 	withdraw := newEthAddress(t)
 	owner := newEthAddress(t)
@@ -566,13 +566,13 @@ func TestWrongInitiatorVersion(t *testing.T) {
 	require.NoError(t, err)
 	logger := zap.L().Named("integration-tests")
 	ops := wire.OperatorsCLI{}
-	srv1 := test_utils.CreateTestOperator(t, 1, "v1.0.2", operatorCert, operatorKey)
+	srv1 := test_utils.CreateTestOperator(t, 1, "test.version", operatorCert, operatorKey)
 	ops = append(ops, wire.OperatorCLI{Addr: srv1.HttpSrv.URL, ID: 1, PubKey: &srv1.PrivKey.PublicKey})
-	srv2 := test_utils.CreateTestOperator(t, 2, "v1.0.2", operatorCert, operatorKey)
+	srv2 := test_utils.CreateTestOperator(t, 2, "test.version", operatorCert, operatorKey)
 	ops = append(ops, wire.OperatorCLI{Addr: srv2.HttpSrv.URL, ID: 2, PubKey: &srv2.PrivKey.PublicKey})
-	srv3 := test_utils.CreateTestOperator(t, 3, "v1.0.2", operatorCert, operatorKey)
+	srv3 := test_utils.CreateTestOperator(t, 3, "test.version", operatorCert, operatorKey)
 	ops = append(ops, wire.OperatorCLI{Addr: srv3.HttpSrv.URL, ID: 3, PubKey: &srv3.PrivKey.PublicKey})
-	srv4 := test_utils.CreateTestOperator(t, 4, "v1.0.2", operatorCert, operatorKey)
+	srv4 := test_utils.CreateTestOperator(t, 4, "test.version", operatorCert, operatorKey)
 	ops = append(ops, wire.OperatorCLI{Addr: srv4.HttpSrv.URL, ID: 4, PubKey: &srv4.PrivKey.PublicKey})
 	clnt, err := initiator.New(ops, logger, "v1.0.0", rootCert)
 	require.NoError(t, err)
@@ -594,13 +594,13 @@ func TestWrongOperatorVersion(t *testing.T) {
 	ops := wire.OperatorsCLI{}
 	srv1 := test_utils.CreateTestOperator(t, 1, "v1.0.0", operatorCert, operatorKey)
 	ops = append(ops, wire.OperatorCLI{Addr: srv1.HttpSrv.URL, ID: 1, PubKey: &srv1.PrivKey.PublicKey})
-	srv2 := test_utils.CreateTestOperator(t, 2, "v1.0.2", operatorCert, operatorKey)
+	srv2 := test_utils.CreateTestOperator(t, 2, "test.version", operatorCert, operatorKey)
 	ops = append(ops, wire.OperatorCLI{Addr: srv2.HttpSrv.URL, ID: 2, PubKey: &srv2.PrivKey.PublicKey})
-	srv3 := test_utils.CreateTestOperator(t, 3, "v1.0.2", operatorCert, operatorKey)
+	srv3 := test_utils.CreateTestOperator(t, 3, "test.version", operatorCert, operatorKey)
 	ops = append(ops, wire.OperatorCLI{Addr: srv3.HttpSrv.URL, ID: 3, PubKey: &srv3.PrivKey.PublicKey})
-	srv4 := test_utils.CreateTestOperator(t, 4, "v1.0.2", operatorCert, operatorKey)
+	srv4 := test_utils.CreateTestOperator(t, 4, "test.version", operatorCert, operatorKey)
 	ops = append(ops, wire.OperatorCLI{Addr: srv4.HttpSrv.URL, ID: 4, PubKey: &srv4.PrivKey.PublicKey})
-	clnt, err := initiator.New(ops, logger, "v1.0.2", rootCert)
+	clnt, err := initiator.New(ops, logger, "test.version", rootCert)
 	require.NoError(t, err)
 	withdraw := newEthAddress(t)
 	owner := newEthAddress(t)

pkgs/initiator/initiator_test.go

@@ -58,7 +58,7 @@ func TestStartDKG(t *testing.T) {
 	require.NoError(t, err)
 	logger := zap.L().Named("operator-tests")
 	ops := wire.OperatorsCLI{}
-	version := "v1.0.2"
+	version := "test.version"
 	srv1 := test_utils.CreateTestOperatorFromFile(t, 1, examplePath, version, operatorCert, operatorKey)
 	srv2 := test_utils.CreateTestOperatorFromFile(t, 2, examplePath, version, operatorCert, operatorKey)
 	srv3 := test_utils.CreateTestOperatorFromFile(t, 3, examplePath, version, operatorCert, operatorKey)
@@ -73,7 +73,7 @@ func TestStartDKG(t *testing.T) {
 	withdraw := common.HexToAddress("0x0000000000000000000000000000000000000009")
 	owner := common.HexToAddress("0x0000000000000000000000000000000000000007")
 	t.Run("happy flow", func(t *testing.T) {
-		intr, err := initiator.New(ops, logger, "v1.0.2", rootCert)
+		intr, err := initiator.New(ops, logger, "test.version", rootCert)
 		require.NoError(t, err)
 		id := crypto.NewID()
 		depositData, keyshares, _, err := intr.StartDKG(id, withdraw.Bytes(), []uint64{1, 2, 3, 4}, "mainnet", owner, 0)
@@ -84,21 +84,21 @@ func TestStartDKG(t *testing.T) {
 		require.NoError(t, err)
 	})
 	t.Run("test wrong amount of opeators < 4", func(t *testing.T) {
-		intr, err := initiator.New(ops, logger, "v1.0.2", rootCert)
+		intr, err := initiator.New(ops, logger, "test.version", rootCert)
 		require.NoError(t, err)
 		id := crypto.NewID()
 		_, _, _, err = intr.StartDKG(id, withdraw.Bytes(), []uint64{1, 2, 3}, "mainnet", owner, 0)
 		require.ErrorContains(t, err, "wrong operators len: < 4")
 	})
 	t.Run("test wrong amount of opeators > 13", func(t *testing.T) {
-		intr, err := initiator.New(ops, logger, "v1.0.2", rootCert)
+		intr, err := initiator.New(ops, logger, "test.version", rootCert)
 		require.NoError(t, err)
 		id := crypto.NewID()
 		_, _, _, err = intr.StartDKG(id, withdraw.Bytes(), []uint64{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14}, "prater", owner, 0)
 		require.ErrorContains(t, err, "wrong operators len: > 13")
 	})
 	t.Run("test opeators not unique", func(t *testing.T) {
-		intr, err := initiator.New(ops, logger, "v1.0.2", rootCert)
+		intr, err := initiator.New(ops, logger, "test.version", rootCert)
 		require.NoError(t, err)
 		id := crypto.NewID()
 		_, _, _, err = intr.StartDKG(id, withdraw.Bytes(), []uint64{1, 2, 3, 4, 5, 6, 7, 7, 9, 10, 11, 12, 12}, "holesky", owner, 0)

pkgs/operator/operator_test.go

@@ -42,7 +42,7 @@ var (
 )
 
 func TestRateLimit(t *testing.T) {
-	version := "v1.0.2"
+	version := "test.version"
 	srv := test_utils.CreateTestOperatorFromFile(t, 1, examplePath, version, operatorCert, operatorKey)
 	// Initiator priv key
 	_, pv, err := rsaencryption.GenerateKeys()
@@ -172,7 +172,7 @@ func TestWrongInitiatorSignature(t *testing.T) {
 	require.NoError(t, err)
 	logger := zap.L().Named("operator-tests")
 	ops := wire.OperatorsCLI{}
-	version := "v1.0.2"
+	version := "test.version"
 	srv1 := test_utils.CreateTestOperatorFromFile(t, 1, examplePath, version, operatorCert, operatorKey)
 	srv2 := test_utils.CreateTestOperatorFromFile(t, 2, examplePath, version, operatorCert, operatorKey)
 	srv3 := test_utils.CreateTestOperatorFromFile(t, 3, examplePath, version, operatorCert, operatorKey)

pkgs/operator/state_test.go

@@ -57,7 +57,7 @@ func TestCreateInstance(t *testing.T) {
 		privateKey, ops := generateOperatorsData(t, numOps)
 		tempDir, err := os.MkdirTemp("", "dkg")
 		require.NoError(t, err)
-		s, err := New(privateKey, logger, []byte("v1.0.2"), 1, tempDir)
+		s, err := New(privateKey, logger, []byte("test.version"), 1, tempDir)
 		require.NoError(t, err)
 		var reqID [24]byte
 		copy(reqID[:], "testRequestID1234567890") // Just a sample value
@@ -105,7 +105,7 @@ func TestInitInstance(t *testing.T) {
 	require.NoError(t, err)
 	tempDir, err := os.MkdirTemp("", "dkg")
 	require.NoError(t, err)
-	swtch, err := New(privateKey, logger, []byte("v1.0.2"), 1, tempDir)
+	swtch, err := New(privateKey, logger, []byte("test.version"), 1, tempDir)
 	require.NoError(t, err)
 	var reqID [24]byte
 	copy(reqID[:], "testRequestID1234567890") // Just a sample value
@@ -129,7 +129,7 @@ func TestInitInstance(t *testing.T) {
 
 	initmsg, err := init.MarshalSSZ()
 	require.NoError(t, err)
-	version := "v1.0.2"
+	version := "test.version"
 	initMessage := &wire.Transport{
 		Type:       wire.InitMessageType,
 		Identifier: reqID,
@@ -185,7 +185,7 @@ func TestSwitch_cleanInstances(t *testing.T) {
 	operatorPubKey := privateKey.Public().(*rsa.PublicKey)
 	pkBytes, err := crypto.EncodeRSAPublicKey(operatorPubKey)
 	require.NoError(t, err)
-	swtch := NewSwitch(privateKey, logger, []byte("v1.0.2"), pkBytes, 1)
+	swtch := NewSwitch(privateKey, logger, []byte("test.version"), pkBytes, 1)
 	var reqID [24]byte
 	copy(reqID[:], "testRequestID1234567890") // Just a sample value
 	_, pv, err := rsaencryption.GenerateKeys()
@@ -207,7 +207,7 @@ func TestSwitch_cleanInstances(t *testing.T) {
 
 	initmsg, err := init.MarshalSSZ()
 	require.NoError(t, err)
-	version := "v1.0.2"
+	version := "test.version"
 	initMessage := &wire.Transport{
 		Type:       wire.InitMessageType,
 		Identifier: reqID,