Enhancement: Launcher re-generate certificate if expired or less than…

… 1 day to and starting the server
luskaner · Dec 21, 2024 · cb63c1a · cb63c1a
1 parent 145f27d
commit cb63c1a
Show file tree

Hide file tree

Showing 5 changed files with 45 additions and 16 deletions.
diff --git a/common/cert.go b/common/cert.go
@@ -22,16 +22,18 @@ func CertificatePairFolder(executablePath string) string {
 	return folder
 }
 
-func HasCertificatePair(executablePath string) bool {
-	parentDir := CertificatePairFolder(executablePath)
+func CertificatePair(executablePath string) (ok bool, parentDir string, cert string) {
+	parentDir = CertificatePairFolder(executablePath)
 	if parentDir == "" {
-		return false
+		return
 	}
-	if _, err := os.Stat(filepath.Join(parentDir, Cert)); os.IsNotExist(err) {
-		return false
+	cert = filepath.Join(parentDir, Cert)
+	if _, err := os.Stat(cert); os.IsNotExist(err) {
+		return
 	}
 	if _, err := os.Stat(filepath.Join(parentDir, Key)); os.IsNotExist(err) {
-		return false
+		return
 	}
-	return true
+	ok = true
+	return
 }
diff --git a/launcher/internal/cmdUtils/server.go b/launcher/internal/cmdUtils/server.go
@@ -170,13 +170,13 @@ func (c *Config) StartServer(executable string, args []string, stop bool, canTru
 	if executable != serverExecutablePath {
 		fmt.Println("Found server executable path:", serverExecutablePath)
 	}
-	if !common.HasCertificatePair(serverExecutablePath) {
+
+	if exists, certificateFolder, cert := common.CertificatePair(serverExecutablePath); !exists || server.CertificateSoonExpired(cert) {
 		if !canTrustCertificate {
-			fmt.Println("serverStart is true and canTrustCertificate is false. Certificate pair is missing. Generate your own certificates manually.")
-			errorCode = internal.ErrServerCertMissing
+			fmt.Println("serverStart is true and canTrustCertificate is false. Certificate pair is missing or soon expired. Generate your own certificates manually.")
+			errorCode = internal.ErrServerCertMissingExpired
 			return
 		}
-		certificateFolder := common.CertificatePairFolder(serverExecutablePath)
 		if certificateFolder == "" {
 			fmt.Println("Cannot find certificate folder of the server. Make sure the folder structure of the server is correct.")
 			errorCode = internal.ErrServerCertDirectory

diff --git a/launcher/internal/errors.go b/launcher/internal/errors.go
@@ -18,7 +18,7 @@ const (
 	ErrServerExecutable
 	ErrServerConnectSecure
 	ErrServerUnreachable
-	ErrServerCertMissing
+	ErrServerCertMissingExpired
 	ErrServerCertDirectory
 	ErrServerCertCreate
 	ErrServerStart

diff --git a/launcher/internal/server/ssl.go b/launcher/internal/server/ssl.go
@@ -3,11 +3,13 @@ package server
 import (
 	"crypto/tls"
 	"crypto/x509"
+	"encoding/pem"
 	"github.com/luskaner/ageLANServer/common"
 	"github.com/luskaner/ageLANServer/launcher-common/executor/exec"
 	"net"
 	"os"
 	"path/filepath"
+	"time"
 )
 
 func TlsConfig(insecureSkipVerify bool) *tls.Config {
@@ -56,6 +58,29 @@ func GenerateCertificatePair(certificateFolder string) (result *exec.Result) {
 	if _, err := os.Stat(exePath); err != nil {
 		return nil
 	}
-	result = exec.Options{File: exePath, Wait: true, ExitCode: true}.Exec()
+	result = exec.Options{File: exePath, Wait: true, Args: []string{"-r"}, ExitCode: true}.Exec()
 	return
 }
+
+func CertificateSoonExpired(cert string) bool {
+	if cert == "" {
+		return true
+	}
+
+	certPEM, err := os.ReadFile(cert)
+	if err != nil {
+		return true
+	}
+
+	block, _ := pem.Decode(certPEM)
+	if block == nil {
+		return true
+	}
+
+	crt, err := x509.ParseCertificate(block.Bytes)
+	if err != nil {
+		return true
+	}
+
+	return time.Now().Add(24 * time.Hour).After(crt.NotAfter)
+}
diff --git a/server-genCert/internal/cmd/root.go b/server-genCert/internal/cmd/root.go
@@ -25,9 +25,11 @@ var (
 				fmt.Println("Failed to determine certificate pair folder")
 				os.Exit(internal.ErrCertDirectory)
 			}
-			if !replace && common.HasCertificatePair(serverExe) {
-				fmt.Println("Already have certificate pair and force is false, set force to true or delete it manually.")
-				os.Exit(internal.ErrCertCreateExisting)
+			if !replace {
+				if exists, _, _ := common.CertificatePair(serverExe); exists {
+					fmt.Println("Already have certificate pair and force is false, set force to true or delete it manually.")
+					os.Exit(internal.ErrCertCreateExisting)
+				}
 			}
 			if !internal.GenerateCertificatePair(serverFolder) {
 				fmt.Println("Could not generate certificate pair.")