From 3786a6d10bf10e821df9d51881e4bac43fbca79f Mon Sep 17 00:00:00 2001
From: Vincentius Raynaldi <vincentius.raynaldi@stud.h-da.de>
Date: Tue, 5 Nov 2024 16:27:57 +0100
Subject: [PATCH] changed getMotd function and added ca certificate openssl in
 makefile

---
 Makefile                                      | 15 +++++-
 .../osclient/additions/system_linux.go        | 10 +++-
 target.go                                     | 54 ++++++++++---------
 3 files changed, 50 insertions(+), 29 deletions(-)

diff --git a/Makefile b/Makefile
index 976de05..56ced43 100644
--- a/Makefile
+++ b/Makefile
@@ -51,10 +51,23 @@ lint: install-tools
 lint-fix: install-tools
 	./$(TOOLS_DIR)/golangci-lint run --config .golangci.yml --fix
 
+generate-root-ca: pre
+	mkdir -p ./artifacts/ssl
+	openssl req -x509 -nodes -days 365 -newkey rsa:4096 -subj '/C=DE/O=H_DA/CN=ROOT_CA' \
+	-keyout ./artifacts/ssl/ca.key -out ./artifacts/ssl/ca.crt; \
+
 self-certs:
 	mkdir -p ./artifacts/ssl/private
 	mkdir -p ./artifacts/ssl/certs
-	openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout ./artifacts/ssl/private/gnmi-target-selfsigned.key -out ./artifacts/ssl/certs/gnmi-target-selfsigned.crt
+	openssl req -x509 -nodes -days 365 -newkey rsa:4096 \
+		-subj '/C=DE/O=H_DA/CN=TARGET' \
+  		-keyout ./artifacts/ssl/private/gnmi-target-selfsigned.key \
+  		-out ./artifacts/ssl/certs/gnmi-target-selfsigned.crt \
+  		-CA ./artifacts/ssl/ca.crt \
+  		-CAkey ./artifacts/ssl/ca.key
+		
+
+# openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout ./artifacts/ssl/private/gnmi-target-selfsigned.key -out ./artifacts/ssl/certs/gnmi-target-selfsigned.crt -CA ./artifacts/ssl/ca.key -CAkey ./artifacts/ssl/ca.key 
 
 # Warning: Depending on you go configuration might also clean caches, modules and docker containers from your other projects.
 clean:
diff --git a/examples/example01/osclient/additions/system_linux.go b/examples/example01/osclient/additions/system_linux.go
index eab5694..a2f811a 100644
--- a/examples/example01/osclient/additions/system_linux.go
+++ b/examples/example01/osclient/additions/system_linux.go
@@ -2,6 +2,7 @@ package additions
 
 import (
 	"bufio"
+	// "fmt"
 	"os"
 	"os/exec"
 	"strings"
@@ -113,9 +114,14 @@ func (sys *system) GetSoftwareVersion() (string, error) {
 }
 
 func (sys *system) GetMotd() (string, error) {
+
+	motdMessage, err := os.ReadFile("/etc/motd")
+	if err == nil {
+		return string(motdMessage), nil
+	}
+
 	cmd := exec.Command("run-parts", "/etc/update-motd.d/")
-	motdMessage, err := cmd.Output()
-	// motdMessage, err := os.ReadFile("/etc/motd")
+	motdMessage, err = cmd.Output()
 	if err != nil {
 		return "", err
 	}
diff --git a/target.go b/target.go
index 643bcd0..b73df89 100644
--- a/target.go
+++ b/target.go
@@ -1,17 +1,17 @@
 package gnmitarget
 
 import (
-	// "crypto/tls"
-	// "crypto/x509"
+	"crypto/tls"
+	"crypto/x509"
 	"net"
-	// "os"
+	"os"
 	"reflect"
 
 	"code.fbi.h-da.de/danet/gnmi-target/handler"
 	server "code.fbi.h-da.de/danet/gnmi-target/internal/gnmiserver"
 
 	"google.golang.org/grpc"
-	// "google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/reflection"
 
 	not "code.fbi.h-da.de/danet/gnmi-target/internal/notifications"
@@ -93,35 +93,37 @@ func (gt *GnmiTarget) Start(bindAddress string, certFile string, keyFile string,
 
 	var grpcServer *grpc.Server
 
-	// if insecure == false {
-	// 	cert, err := tls.LoadX509KeyPair(certFile, keyFile)
-	// 	if err != nil {
-	// 		log.Fatalf("error in loading server certificate: %v", err)
-	// 	}
-
-	// 	ca, err := os.ReadFile(caFile)
+	if insecure == false {
+		cert, err := tls.LoadX509KeyPair(certFile, keyFile)
+		if err != nil {
+			log.Fatalf("error in loading server certificate: %v", err)
+		}
 
-	// 	pool := x509.NewCertPool()
-	// 	if !pool.AppendCertsFromPEM(ca) {
-	// 		log.Fatalf("error in appending ca certificate: %v", err)
-	// 	}
+		ca, err := os.ReadFile(caFile)
+		if err != nil {
+			log.Fatalf("error in loading ca certificate: %v %s", err, caFile)
+		}
+		pool := x509.NewCertPool()
+		if !pool.AppendCertsFromPEM(ca) {
+			log.Fatalf("error in appending ca certificate: %v", err)
+		}
 
-	// 	tlsConfig := &tls.Config{
-	// 		// activate mTLS
-	// 		ClientAuth:   tls.RequireAndVerifyClientCert,
-	// 		Certificates: []tls.Certificate{cert},
-	// 		ClientCAs:    pool,
-	// 	}
+		tlsConfig := &tls.Config{
+			// activate mTLS
+			ClientAuth:   tls.RequireAndVerifyClientCert,
+			Certificates: []tls.Certificate{cert},
+			ClientCAs:    pool,
+		}
 
-	// 	transportCredentials := credentials.NewTLS(tlsConfig)
+		transportCredentials := credentials.NewTLS(tlsConfig)
 
-	// 	// Create new GRPC Server without service registered
-	// 	grpcServer = grpc.NewServer(grpc.Creds(transportCredentials))
-	// } else {
+		// Create new GRPC Server without service registered
+		grpcServer = grpc.NewServer(grpc.Creds(transportCredentials))
+	} else {
 		log.Infof("\n\n*****WARNING*********WARNING*****\nStarting without secured gnmi server!\nAll gnmi transmissions are unencrypted\n*****WARNING*********WARNING*****\n\n")
 		// Create new GRPC Server without service registered
 		grpcServer = grpc.NewServer()
-	// }
+	}
 
 	// Register GNMI Server
 	pbGNMI.RegisterGNMIServer(grpcServer, gnmiServer)
-- 
GitLab