💄

Signed-off-by: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>

service/common/protocols.go

@@ -0,0 +1,27 @@
+/*
+Copyright 2023 The Dapr Authors
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package common
+
+type ServiceProtocol string
+
+const (
+	// Name of the env var containing the app protocol
+	AppProtocolEnvVar = "APP_PROTOCOL"
+
+	ServiceProtocolHTTP  ServiceProtocol = "http"
+	ServiceProtocolHTTPS ServiceProtocol = "https"
+	ServiceProtocolH2C   ServiceProtocol = "h2c"
+	ServiceProtocolGRPC  ServiceProtocol = "grpc"
+	ServiceProtocolGRPCS ServiceProtocol = "grpcs"
+)

service/common/service.go

@@ -25,22 +25,12 @@ type (
 	TopicEventHandler        func(ctx context.Context, e *TopicEvent) (retry bool, err error)
 	BindingInvocationHandler func(ctx context.Context, in *BindingEvent) (out []byte, err error)
 	HealthCheckHandler       func(context.Context) error
-
-	ServiceProtocol string
 )
 
 const (
 	// AppAPITokenEnvVar is the environment variable for app api token.
 	AppAPITokenEnvVar = "APP_API_TOKEN"  /* #nosec */
 	APITokenKey       = "dapr-api-token" /* #nosec */
-
-	AppProtocolEnvVar = "APP_PROTOCOL"
-
-	ServiceProtocolHTTP  ServiceProtocol = "http"
-	ServiceProtocolHTTPS ServiceProtocol = "https"
-	ServiceProtocolH2C   ServiceProtocol = "h2c"
-	ServiceProtocolGRPC  ServiceProtocol = "grpc"
-	ServiceProtocolGRPCS ServiceProtocol = "grpcs"
 )
 
 // Service represents Dapr callback service.

service/common/tls.go

@@ -0,0 +1,74 @@
+/*
+Copyright 2023 The Dapr Authors
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package common
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/tls"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"fmt"
+	"math/big"
+	"time"
+)
+
+// GenerateSelfSignedCert generates a self-signed certificate valid for 1 year
+func GenerateSelfSignedCert() (tls.Certificate, error) {
+	priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		return tls.Certificate{}, fmt.Errorf("failed to generate private key: %w", err)
+	}
+
+	notBefore := time.Now()
+	notAfter := notBefore.Add(365 * 24 * time.Hour)
+
+	template := x509.Certificate{
+		SerialNumber:          big.NewInt(1),
+		Subject:               pkix.Name{CommonName: "localhost"},
+		NotBefore:             notBefore,
+		NotAfter:              notAfter,
+		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		BasicConstraintsValid: true,
+	}
+
+	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
+	if err != nil {
+		return tls.Certificate{}, fmt.Errorf("failed to create certificate: %w", err)
+	}
+
+	certPEM := pem.EncodeToMemory(&pem.Block{
+		Type:  "CERTIFICATE",
+		Bytes: derBytes,
+	})
+
+	keyPEMBytes, err := x509.MarshalPKCS8PrivateKey(priv)
+	if err != nil {
+		return tls.Certificate{}, fmt.Errorf("failed to encode private key: %w", err)
+	}
+	keyPEM := pem.EncodeToMemory(&pem.Block{
+		Type:  "PRIVATE KEY",
+		Bytes: keyPEMBytes,
+	})
+
+	cert, err := tls.X509KeyPair(certPEM, keyPEM)
+	if err != nil {
+		return tls.Certificate{}, fmt.Errorf("failed to create TLS certificate: %w", err)
+	}
+
+	return cert, nil
+}

service/http/service.go

@@ -15,15 +15,8 @@ package http
 
 import (
 	"context"
-	"crypto/ecdsa"
-	"crypto/elliptic"
-	"crypto/rand"
 	"crypto/tls"
-	"crypto/x509"
-	"crypto/x509/pkix"
-	"encoding/pem"
 	"fmt"
-	"math/big"
 	"net/http"
 	"os"
 	"strings"
@@ -76,7 +69,7 @@ func (o ServiceOptions) GetTLSConfig() (*tls.Config, error) {
 		conf.Certificates = []tls.Certificate{cert}
 	} else {
 		// Generate a self-signed TLS certificate
-		cert, err := generateSelfSignedCert()
+		cert, err := common.GenerateSelfSignedCert()
 		if err != nil {
 			return nil, fmt.Errorf("failed to generate self-signed TLS certificate: %w", err)
 		}
@@ -210,50 +203,3 @@ func optionsHandler(h http.Handler) http.HandlerFunc {
 		}
 	}
 }
-
-// Generates a self-signed certificate valid for 1 year
-func generateSelfSignedCert() (tls.Certificate, error) {
-	priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
-	if err != nil {
-		return tls.Certificate{}, fmt.Errorf("failed to generate private key: %w", err)
-	}
-
-	notBefore := time.Now()
-	notAfter := notBefore.Add(365 * 24 * time.Hour)
-
-	template := x509.Certificate{
-		SerialNumber:          big.NewInt(1),
-		Subject:               pkix.Name{CommonName: "localhost"},
-		NotBefore:             notBefore,
-		NotAfter:              notAfter,
-		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
-		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
-		BasicConstraintsValid: true,
-	}
-
-	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
-	if err != nil {
-		return tls.Certificate{}, fmt.Errorf("failed to create certificate: %w", err)
-	}
-
-	certPEM := pem.EncodeToMemory(&pem.Block{
-		Type:  "CERTIFICATE",
-		Bytes: derBytes,
-	})
-
-	keyPEMBytes, err := x509.MarshalPKCS8PrivateKey(priv)
-	if err != nil {
-		return tls.Certificate{}, fmt.Errorf("failed to encode private key: %w", err)
-	}
-	keyPEM := pem.EncodeToMemory(&pem.Block{
-		Type:  "PRIVATE KEY",
-		Bytes: keyPEMBytes,
-	})
-
-	cert, err := tls.X509KeyPair(certPEM, keyPEM)
-	if err != nil {
-		return tls.Certificate{}, fmt.Errorf("failed to create TLS certificate: %w", err)
-	}
-
-	return cert, nil
-}