chore: code cleanup

common/net/tls.go

@@ -3,8 +3,10 @@ package net
 import (
 	"crypto/rand"
 	"crypto/rsa"
+	"crypto/sha256"
 	"crypto/tls"
 	"crypto/x509"
+	"encoding/hex"
 	"encoding/pem"
 	"fmt"
 	"math/big"
@@ -16,7 +18,11 @@ type Path interface {
 
 func ParseCert(certificate, privateKey string, path Path) (tls.Certificate, error) {
 	if certificate == "" && privateKey == "" {
-		return newRandomTLSKeyPair()
+		var err error
+		certificate, privateKey, _, err = NewRandomTLSKeyPair()
+		if err != nil {
+			return tls.Certificate{}, err
+		}
 	}
 	cert, painTextErr := tls.X509KeyPair([]byte(certificate), []byte(privateKey))
 	if painTextErr == nil {
@@ -32,10 +38,10 @@ func ParseCert(certificate, privateKey string, path Path) (tls.Certificate, erro
 	return cert, nil
 }
 
-func newRandomTLSKeyPair() (tls.Certificate, error) {
+func NewRandomTLSKeyPair() (certificate string, privateKey string, fingerprint string, err error) {
 	key, err := rsa.GenerateKey(rand.Reader, 2048)
 	if err != nil {
-		return tls.Certificate{}, err
+		return
 	}
 	template := x509.Certificate{SerialNumber: big.NewInt(1)}
 	certDER, err := x509.CreateCertificate(
@@ -45,14 +51,15 @@ func newRandomTLSKeyPair() (tls.Certificate, error) {
 		&key.PublicKey,
 		key)
 	if err != nil {
-		return tls.Certificate{}, err
+		return
 	}
-	keyPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)})
-	certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certDER})
-
-	tlsCert, err := tls.X509KeyPair(certPEM, keyPEM)
+	cert, err := x509.ParseCertificate(certDER)
 	if err != nil {
-		return tls.Certificate{}, err
+		return
 	}
-	return tlsCert, nil
+	hash := sha256.Sum256(cert.Raw)
+	fingerprint = hex.EncodeToString(hash[:])
+	privateKey = string(pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)}))
+	certificate = string(pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certDER}))
+	return
 }