Check tls certs exist for grpc management serve (#637)

thesimplekid · web-flow · commit 39a7b15221d6 · 2025-03-08T22:44:46.000Z
* feat: Add TLS directory existence check before starting RPC server

* feat: Add file existence checks with detailed error logging for TLS files

* chore: fmt
diff --git a/crates/cdk-mint-rpc/src/proto/server.rs b/crates/cdk-mint-rpc/src/proto/server.rs
@@ -63,9 +63,49 @@ impl MintRPCServer {
         let server = match tls_dir {
             Some(tls_dir) => {
                 tracing::info!("TLS configuration found, starting secure server");
-                let cert = std::fs::read_to_string(tls_dir.join("server.pem"))?;
-                let key = std::fs::read_to_string(tls_dir.join("server.key"))?;
-                let client_ca_cert = std::fs::read_to_string(tls_dir.join("ca.pem"))?;
+                let server_pem_path = tls_dir.join("server.pem");
+                let server_key_path = tls_dir.join("server.key");
+                let ca_pem_path = tls_dir.join("ca.pem");
+
+                if !server_pem_path.exists() {
+                    tracing::error!(
+                        "Server certificate file does not exist: {}",
+                        server_pem_path.display()
+                    );
+                    return Err(Error::Io(std::io::Error::new(
+                        std::io::ErrorKind::NotFound,
+                        format!(
+                            "Server certificate file not found: {}",
+                            server_pem_path.display()
+                        ),
+                    )));
+                }
+
+                if !server_key_path.exists() {
+                    tracing::error!(
+                        "Server key file does not exist: {}",
+                        server_key_path.display()
+                    );
+                    return Err(Error::Io(std::io::Error::new(
+                        std::io::ErrorKind::NotFound,
+                        format!("Server key file not found: {}", server_key_path.display()),
+                    )));
+                }
+
+                if !ca_pem_path.exists() {
+                    tracing::error!(
+                        "CA certificate file does not exist: {}",
+                        ca_pem_path.display()
+                    );
+                    return Err(Error::Io(std::io::Error::new(
+                        std::io::ErrorKind::NotFound,
+                        format!("CA certificate file not found: {}", ca_pem_path.display()),
+                    )));
+                }
+
+                let cert = std::fs::read_to_string(&server_pem_path)?;
+                let key = std::fs::read_to_string(&server_key_path)?;
+                let client_ca_cert = std::fs::read_to_string(&ca_pem_path)?;
                 let client_ca_cert = Certificate::from_pem(client_ca_cert);
                 let server_identity = Identity::from_pem(cert, key);
                 let tls_config = ServerTlsConfig::new()
diff --git a/crates/cdk-mintd/example.config.toml b/crates/cdk-mintd/example.config.toml
@@ -7,7 +7,7 @@ mnemonic = ""
 # enable_swagger_ui = false
 
 [mint_management_rpc]
-enabled = true
+# enabled = false
 # address = "127.0.0.1"
 # port = 8086
 
diff --git a/crates/cdk-mintd/src/main.rs b/crates/cdk-mintd/src/main.rs
@@ -354,6 +354,11 @@ async fn main() -> anyhow::Result<()> {
 
                 let tls_dir = rpc_settings.tls_dir_path.unwrap_or(work_dir.join("tls"));
 
+                if !tls_dir.exists() {
+                    tracing::error!("TLS directory does not exist: {}", tls_dir.display());
+                    bail!("Cannot start RPC server: TLS directory does not exist");
+                }
+
                 mint_rpc.start(Some(tls_dir)).await?;
 
                 rpc_server = Some(mint_rpc);
