move generate cert to separate func without dependency on k8s or dapr…

… config Signed-off-by: Anton Troshin <[email protected]>
dapr · Feb 15, 2025 · 980a544 · 980a544
1 parent 696a80b
commit 980a544
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 3 deletions.
diff --git a/cmd/generate_certificate.go b/cmd/generate_certificate.go
@@ -35,9 +35,7 @@ dapr mtls generate-certificate --valid-until <no of days>
 dapr mtls generate-certificate --valid-until <no of days> --out ./certs
 `,
 		Run: func(cmd *cobra.Command, args []string) {
-			rootCertBytes, issuerCertBytes, issuerKeyBytes, err := kubernetes.GenerateNewCertificates(
-				time.Hour*time.Duration(certificateValidUntil*24), //nolint:gosec
-				"")
+			rootCertBytes, issuerCertBytes, issuerKeyBytes, err := kubernetes.GenerateNewCertificatesStandalone(time.Hour * time.Duration(certificateValidUntil*24)) //nolint:gosec
 			if err != nil {
 				print.FailureStatusEvent(os.Stderr, fmt.Sprintf("error generating cert: %s", err))
 				os.Exit(1)

diff --git a/pkg/kubernetes/renew_certificate.go b/pkg/kubernetes/renew_certificate.go
@@ -203,3 +203,20 @@ func GenerateNewCertificates(validUntil time.Duration, privateKeyFile string) ([
 
 	return bundle.TrustAnchors, bundle.IssChainPEM, bundle.IssKeyPEM, nil
 }
+
+// GenerateNewCertificatesStandalone Generate certificates for local mtls generate-certificate command
+// without dependency on kubernetes and dapr control plane configuration
+func GenerateNewCertificatesStandalone(validUntil time.Duration) ([]byte, []byte, []byte, error) {
+	rootKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	var allowedClockSkew time.Duration
+	bundle, err := ca.GenerateBundle(rootKey, "cluster.local", allowedClockSkew, &validUntil)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	return bundle.TrustAnchors, bundle.IssChainPEM, bundle.IssKeyPEM, nil
+}