fix(chisel): convert seed to private key file EE-5099 (#9149)

2025-07-24 15:59:41 +02:00 · 2023-07-13 15:19:40 +12:00 · 2023-07-13 15:19:40 +12:00 · b93624fa1f
commit b93624fa1f
parent 91cfd2d0f2
14 changed files with 247 additions and 43 deletions
--- a/api/filesystem/filesystem.go
+++ b/api/filesystem/filesystem.go
@ -67,6 +67,11 @@ const (
 	MTLSCertFilename   = "mtls-cert.pem"
 	MTLSCACertFilename = "mtls-ca-cert.pem"
 	MTLSKeyFilename    = "mtls-key.pem"
+
+	// ChiselPath represents the default chisel path
+	ChiselPath = "chisel"
+	// ChiselPrivateKeyFilename represents the chisel private key file name
+	ChiselPrivateKeyFilename = "private-key.pem"
 )

 // ErrUndefinedTLSFileType represents an error returned on undefined TLS file type
@ -812,6 +817,28 @@ func defaultMTLSCertPathUnderFileStore() (string, string, string) {
 	return certPath, caCertPath, keyPath
 }

+// GetDefaultChiselPrivateKeyPath returns the chisle private key path
+func (service *Service) GetDefaultChiselPrivateKeyPath() string {
+	privateKeyPath := defaultChiselPrivateKeyPathUnderFileStore()
+	return service.wrapFileStore(privateKeyPath)
+}
+
+func defaultChiselPrivateKeyPathUnderFileStore() string {
+	return JoinPaths(ChiselPath, ChiselPrivateKeyFilename)
+}
+
+// StoreChiselPrivateKey store the specified chisel private key content on disk.
+func (service *Service) StoreChiselPrivateKey(privateKey []byte) error {
+	err := service.createDirectoryInStore(ChiselPath)
+	if err != nil && !os.IsExist(err) {
+		return err
+	}
+
+	r := bytes.NewReader(privateKey)
+	privateKeyPath := defaultChiselPrivateKeyPathUnderFileStore()
+	return service.createFileInStore(privateKeyPath, r)
+}
+
 // StoreSSLCertPair stores a ssl certificate pair
 func (service *Service) StoreSSLCertPair(cert, key []byte) (string, string, error) {
 	certPath, keyPath := defaultCertPathUnderFileStore()