From 39a7b15221d6b10f101da60919cd1bfc8d0082f4 Mon Sep 17 00:00:00 2001 From: thesimplekid Date: Sat, 8 Mar 2025 22:44:46 +0000 Subject: [PATCH] Check tls certs exist for grpc management serve (#637) * feat: Add TLS directory existence check before starting RPC server * feat: Add file existence checks with detailed error logging for TLS files * chore: fmt --- crates/cdk-mint-rpc/src/proto/server.rs | 46 +++++++++++++++++++++++-- crates/cdk-mintd/example.config.toml | 2 +- crates/cdk-mintd/src/main.rs | 5 +++ 3 files changed, 49 insertions(+), 4 deletions(-) diff --git a/crates/cdk-mint-rpc/src/proto/server.rs b/crates/cdk-mint-rpc/src/proto/server.rs index 67b2f512..32c474da 100644 --- a/crates/cdk-mint-rpc/src/proto/server.rs +++ b/crates/cdk-mint-rpc/src/proto/server.rs @@ -63,9 +63,49 @@ impl MintRPCServer { let server = match tls_dir { Some(tls_dir) => { tracing::info!("TLS configuration found, starting secure server"); - let cert = std::fs::read_to_string(tls_dir.join("server.pem"))?; - let key = std::fs::read_to_string(tls_dir.join("server.key"))?; - let client_ca_cert = std::fs::read_to_string(tls_dir.join("ca.pem"))?; + let server_pem_path = tls_dir.join("server.pem"); + let server_key_path = tls_dir.join("server.key"); + let ca_pem_path = tls_dir.join("ca.pem"); + + if !server_pem_path.exists() { + tracing::error!( + "Server certificate file does not exist: {}", + server_pem_path.display() + ); + return Err(Error::Io(std::io::Error::new( + std::io::ErrorKind::NotFound, + format!( + "Server certificate file not found: {}", + server_pem_path.display() + ), + ))); + } + + if !server_key_path.exists() { + tracing::error!( + "Server key file does not exist: {}", + server_key_path.display() + ); + return Err(Error::Io(std::io::Error::new( + std::io::ErrorKind::NotFound, + format!("Server key file not found: {}", server_key_path.display()), + ))); + } + + if !ca_pem_path.exists() { + tracing::error!( + "CA certificate file does not exist: {}", + ca_pem_path.display() + ); + return Err(Error::Io(std::io::Error::new( + std::io::ErrorKind::NotFound, + format!("CA certificate file not found: {}", ca_pem_path.display()), + ))); + } + + let cert = std::fs::read_to_string(&server_pem_path)?; + let key = std::fs::read_to_string(&server_key_path)?; + let client_ca_cert = std::fs::read_to_string(&ca_pem_path)?; let client_ca_cert = Certificate::from_pem(client_ca_cert); let server_identity = Identity::from_pem(cert, key); let tls_config = ServerTlsConfig::new() diff --git a/crates/cdk-mintd/example.config.toml b/crates/cdk-mintd/example.config.toml index 11cf5c71..40342f3e 100644 --- a/crates/cdk-mintd/example.config.toml +++ b/crates/cdk-mintd/example.config.toml @@ -7,7 +7,7 @@ mnemonic = "" # enable_swagger_ui = false [mint_management_rpc] -enabled = true +# enabled = false # address = "127.0.0.1" # port = 8086 diff --git a/crates/cdk-mintd/src/main.rs b/crates/cdk-mintd/src/main.rs index 0b0c0ff1..65ce37fd 100644 --- a/crates/cdk-mintd/src/main.rs +++ b/crates/cdk-mintd/src/main.rs @@ -354,6 +354,11 @@ async fn main() -> anyhow::Result<()> { let tls_dir = rpc_settings.tls_dir_path.unwrap_or(work_dir.join("tls")); + if !tls_dir.exists() { + tracing::error!("TLS directory does not exist: {}", tls_dir.display()); + bail!("Cannot start RPC server: TLS directory does not exist"); + } + mint_rpc.start(Some(tls_dir)).await?; rpc_server = Some(mint_rpc);