Check tls certs exist for grpc management serve (#637)

* feat: Add TLS directory existence check before starting RPC server * feat: Add file existence checks with detailed error logging for TLS files * chore: fmt
2026-02-03 20:26:13 +01:00 · 2025-03-08 22:44:46 +00:00
parent 22beade553
commit 39a7b15221
3 changed files with 49 additions and 4 deletions
--- a/crates/cdk-mint-rpc/src/proto/server.rs
+++ b/crates/cdk-mint-rpc/src/proto/server.rs
@@ -63,9 +63,49 @@ impl MintRPCServer {
        let server = match tls_dir {
            Some(tls_dir) => {
                tracing::info!("TLS configuration found, starting secure server");
-                let cert = std::fs::read_to_string(tls_dir.join("server.pem"))?;
-                let key = std::fs::read_to_string(tls_dir.join("server.key"))?;
-                let client_ca_cert = std::fs::read_to_string(tls_dir.join("ca.pem"))?;
+                let server_pem_path = tls_dir.join("server.pem");
+                let server_key_path = tls_dir.join("server.key");
+                let ca_pem_path = tls_dir.join("ca.pem");
+
+                if !server_pem_path.exists() {
+                    tracing::error!(
+                        "Server certificate file does not exist: {}",
+                        server_pem_path.display()
+                    );
+                    return Err(Error::Io(std::io::Error::new(
+                        std::io::ErrorKind::NotFound,
+                        format!(
+                            "Server certificate file not found: {}",
+                            server_pem_path.display()
+                        ),
+                    )));
+                }
+
+                if !server_key_path.exists() {
+                    tracing::error!(
+                        "Server key file does not exist: {}",
+                        server_key_path.display()
+                    );
+                    return Err(Error::Io(std::io::Error::new(
+                        std::io::ErrorKind::NotFound,
+                        format!("Server key file not found: {}", server_key_path.display()),
+                    )));
+                }
+
+                if !ca_pem_path.exists() {
+                    tracing::error!(
+                        "CA certificate file does not exist: {}",
+                        ca_pem_path.display()
+                    );
+                    return Err(Error::Io(std::io::Error::new(
+                        std::io::ErrorKind::NotFound,
+                        format!("CA certificate file not found: {}", ca_pem_path.display()),
+                    )));
+                }
+
+                let cert = std::fs::read_to_string(&server_pem_path)?;
+                let key = std::fs::read_to_string(&server_key_path)?;
+                let client_ca_cert = std::fs::read_to_string(&ca_pem_path)?;
                let client_ca_cert = Certificate::from_pem(client_ca_cert);
                let server_identity = Identity::from_pem(cert, key);
                let tls_config = ServerTlsConfig::new()
--- a/crates/cdk-mintd/example.config.toml
+++ b/crates/cdk-mintd/example.config.toml
@@ -7,7 +7,7 @@ mnemonic = ""
 # enable_swagger_ui = false

 [mint_management_rpc]
-enabled = true
+# enabled = false
 # address = "127.0.0.1"
 # port = 8086

--- a/crates/cdk-mintd/src/main.rs
+++ b/crates/cdk-mintd/src/main.rs
@@ -354,6 +354,11 @@ async fn main() -> anyhow::Result<()> {

                let tls_dir = rpc_settings.tls_dir_path.unwrap_or(work_dir.join("tls"));

+                if !tls_dir.exists() {
+                    tracing::error!("TLS directory does not exist: {}", tls_dir.display());
+                    bail!("Cannot start RPC server: TLS directory does not exist");
+                }
+
                mint_rpc.start(Some(tls_dir)).await?;

                rpc_server = Some(mint_rpc);