From 3af92bea3653397aacb0afec83a88984daede8d9 Mon Sep 17 00:00:00 2001
From: jbhusson <jonah@elixxir.io>
Date: Fri, 11 Nov 2022 07:32:49 -0500
Subject: [PATCH 1/4] Add endpoint for retrieving https cert, store in memory
 when https is initialized

---
 cmd/https.go    | 19 ++++++++++++++++++-
 cmd/instance.go | 14 +++++++++++++-
 go.mod          |  4 ++--
 go.sum          | 12 ++++++++----
 4 files changed, 41 insertions(+), 8 deletions(-)

diff --git a/cmd/https.go b/cmd/https.go
index 0771552d..22b1a29e 100644
--- a/cmd/https.go
+++ b/cmd/https.go
@@ -37,7 +37,8 @@ func (gw *Instance) StartHttpsServer() error {
 	if err != nil {
 		return err
 	}
-	return nil
+
+	return gw.SetGatewayTlsCertificate(cert)
 }
 
 // getHttpsCreds is a helper for getting the tls certificate and key to pass
@@ -192,3 +193,19 @@ func signAcmeToken(rng io.Reader, gwRsa *rsa.PrivateKey, ipAddress,
 	h.Write(tsBytes)
 	return gwRsa.Sign(rng, h.Sum(nil), crypto.SignerOpts(hashType))
 }
+
+func (gw *Instance) SetGatewayTlsCertificate(cert []byte) error {
+	rng := csprng.NewSystemRNG()
+	hashType := hash.CMixHash
+	h := hashType.New()
+	h.Write(cert)
+	sig, err := rsa.Sign(rng, gw.Comms.GetPrivateKey(), hashType, h.Sum(nil), rsa.NewDefaultOptions())
+	if err != nil {
+		return err
+	}
+	gw.gatewayCert = &mixmessages.GatewayCertificate{
+		Certificate: cert,
+		Signature:   sig,
+	}
+	return nil
+}
diff --git a/cmd/instance.go b/cmd/instance.go
index 96a80eba..64f7fd7e 100644
--- a/cmd/instance.go
+++ b/cmd/instance.go
@@ -125,7 +125,8 @@ type Instance struct {
 	earliestRoundUpdateChan chan EarliestRound
 	earliestRoundQuitChan   chan struct{}
 
-	autoCert autocert.Client
+	autoCert    autocert.Client
+	gatewayCert *pb.GatewayCertificate
 }
 
 // NewGatewayInstance initializes a gateway Handler interface
@@ -221,9 +222,20 @@ func NewImplementation(instance *Instance) *gateway.Implementation {
 		return instance.PutManyMessagesProxy(msgs, auth)
 	}
 
+	impl.Functions.RequestTlsCert = func(message *pb.RequestGatewayCert) (*pb.GatewayCertificate, error) {
+		return instance.RequestTlsCert(message)
+	}
+
 	return impl
 }
 
+func (gw *Instance) RequestTlsCert(_ *pb.RequestGatewayCert) (*pb.GatewayCertificate, error) {
+	if gw.gatewayCert == nil {
+		return nil, errors.New("Gateway HTTPS initialization has not finished yet")
+	}
+	return gw.gatewayCert, nil
+}
+
 // CreateNetworkInstance will generate a new network instance object given
 // properly formed ndf, partialNdf, connection, and Storage object
 func CreateNetworkInstance(conn *gateway.Comms, ndf, partialNdf *pb.NDF, ers *storage.Storage) (
diff --git a/go.mod b/go.mod
index f10e577f..fa32a44a 100644
--- a/go.mod
+++ b/go.mod
@@ -10,10 +10,10 @@ require (
 	github.com/spf13/jwalterweatherman v1.1.0
 	github.com/spf13/viper v1.7.1
 	gitlab.com/elixxir/bloomfilter v0.0.0-20211222005329-7d931ceead6f
-	gitlab.com/elixxir/comms v0.0.4-0.20221110140409-7ca2e91d3e53
+	gitlab.com/elixxir/comms v0.0.4-0.20221111122257-75d48fa55a4e
 	gitlab.com/elixxir/crypto v0.0.7-0.20221108183134-3f4a29c68e97
 	gitlab.com/elixxir/primitives v0.0.3-0.20221108183049-7bdff545bf8e
-	gitlab.com/xx_network/comms v0.0.4-0.20221110140150-370b1ae16a75
+	gitlab.com/xx_network/comms v0.0.4-0.20221110230330-3a63a3732f37
 	gitlab.com/xx_network/crypto v0.0.5-0.20221108182939-05998dc093e9
 	gitlab.com/xx_network/primitives v0.0.4-0.20221104175439-f0d440beacd9
 	golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa
diff --git a/go.sum b/go.sum
index b2c9ba3d..d01bf140 100644
--- a/go.sum
+++ b/go.sum
@@ -507,14 +507,18 @@ github.com/zeebo/pcg v1.0.0/go.mod h1:09F0S9iiKrwn9rlI5yjLkmrug154/YRW6KnnXVDM/l
 github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
 gitlab.com/elixxir/bloomfilter v0.0.0-20211222005329-7d931ceead6f h1:yXGvNBqzZwAhDYlSnxPRbgor6JWoOt1Z7s3z1O9JR40=
 gitlab.com/elixxir/bloomfilter v0.0.0-20211222005329-7d931ceead6f/go.mod h1:H6jztdm0k+wEV2QGK/KYA+MY9nj9Zzatux/qIvDDv3k=
-gitlab.com/elixxir/comms v0.0.4-0.20221110140409-7ca2e91d3e53 h1:f9UqninjmUd6D5P5j47ItIoNfSbDGTQlByOXLs/nicw=
-gitlab.com/elixxir/comms v0.0.4-0.20221110140409-7ca2e91d3e53/go.mod h1:m3xZgnjMDXSU5EAXzMFmadoK60BFOubk87v5CAOa7qI=
+gitlab.com/elixxir/comms v0.0.4-0.20221110231102-817db722182d h1:skE289UBC9h4ZHGcoYBjY5jw6ebBVCHJLYO+3mtafDw=
+gitlab.com/elixxir/comms v0.0.4-0.20221110231102-817db722182d/go.mod h1:h5F+vL264LE4LcgDvLWjLMF21pcclv0aiNVRPLvu1cM=
+gitlab.com/elixxir/comms v0.0.4-0.20221111121748-27217ffaa8db h1:6MucofjMhIsMhVhZraICQ4AduE5y76kwHPenrToOLwo=
+gitlab.com/elixxir/comms v0.0.4-0.20221111121748-27217ffaa8db/go.mod h1:h5F+vL264LE4LcgDvLWjLMF21pcclv0aiNVRPLvu1cM=
+gitlab.com/elixxir/comms v0.0.4-0.20221111122257-75d48fa55a4e h1:Of89Ujlk1nSVKUAl7C9uEP8hnqe5veQUxgznt+T8j9I=
+gitlab.com/elixxir/comms v0.0.4-0.20221111122257-75d48fa55a4e/go.mod h1:h5F+vL264LE4LcgDvLWjLMF21pcclv0aiNVRPLvu1cM=
 gitlab.com/elixxir/crypto v0.0.7-0.20221108183134-3f4a29c68e97 h1:xZFh1e1vq/j1DF61Bta3Wb4ePcCS+NHyk3ri3VcMOuk=
 gitlab.com/elixxir/crypto v0.0.7-0.20221108183134-3f4a29c68e97/go.mod h1:fhS9lyG4zNKC39Hd3YXPo9HYI0WnVz/JDTJw9nwnYHQ=
 gitlab.com/elixxir/primitives v0.0.3-0.20221108183049-7bdff545bf8e h1:U9aMSBhc2ShJEeCXHNoUPVwrxKAGRhbGZWsbqES8iGA=
 gitlab.com/elixxir/primitives v0.0.3-0.20221108183049-7bdff545bf8e/go.mod h1:KeMEPwtmA0zJpetvv5SeyOePIAzsBmQSwJ2nAHYnczw=
-gitlab.com/xx_network/comms v0.0.4-0.20221110140150-370b1ae16a75 h1:11i8we7/UPY4/+VJko5Vkkkqhz6j6a12EnE9VRd+CS4=
-gitlab.com/xx_network/comms v0.0.4-0.20221110140150-370b1ae16a75/go.mod h1:/zveWGwSqQbPhPSiGIbS3v78nga8nD5XD1oXr0vD/Zc=
+gitlab.com/xx_network/comms v0.0.4-0.20221110230330-3a63a3732f37 h1:/NVxgd2Rqw2eN5MmdUp5Ix0qRzHCdKfUqd50TsprhmQ=
+gitlab.com/xx_network/comms v0.0.4-0.20221110230330-3a63a3732f37/go.mod h1:/zveWGwSqQbPhPSiGIbS3v78nga8nD5XD1oXr0vD/Zc=
 gitlab.com/xx_network/crypto v0.0.5-0.20221108182939-05998dc093e9 h1:A/gYzA36bQxj6tRczs11JEUsWzaLmTRXN89tlqWEOUc=
 gitlab.com/xx_network/crypto v0.0.5-0.20221108182939-05998dc093e9/go.mod h1:0Bk5bSyAqH/GAU4CJ8Wbm24YkMoDVz4JF7585dAMkss=
 gitlab.com/xx_network/primitives v0.0.4-0.20221104175439-f0d440beacd9 h1:XE7OBn2gYmfLudiaWOl6LzYblZZqYIsScrSzJqPwymY=
-- 
GitLab


From 3e75e570a0280d247ed3129120341c863cbdb387 Mon Sep 17 00:00:00 2001
From: jbhusson <jonah@elixxir.io>
Date: Fri, 11 Nov 2022 09:15:16 -0500
Subject: [PATCH 2/4] Better logging, move signing code to elixxir/crypto, pass
 der instead of pem to issue

---
 cmd/https.go | 50 +++++++++++++++++++-------------------------------
 go.mod       |  8 ++++----
 go.sum       | 20 ++++++++------------
 3 files changed, 31 insertions(+), 47 deletions(-)

diff --git a/cmd/https.go b/cmd/https.go
index 22b1a29e..c0859f6d 100644
--- a/cmd/https.go
+++ b/cmd/https.go
@@ -1,13 +1,12 @@
 package cmd
 
 import (
-	"crypto"
-	"encoding/binary"
 	"encoding/json"
 	"fmt"
 	"github.com/pkg/errors"
+	jww "github.com/spf13/jwalterweatherman"
 	"gitlab.com/elixxir/comms/mixmessages"
-	"gitlab.com/elixxir/crypto/hash"
+	"gitlab.com/elixxir/crypto/gatewayHttps"
 	rsa2 "gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/elixxir/gateway/storage"
 	"gitlab.com/xx_network/comms/connect"
@@ -15,7 +14,6 @@ import (
 	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"gorm.io/gorm"
-	"io"
 	"strings"
 	"time"
 )
@@ -38,7 +36,7 @@ func (gw *Instance) StartHttpsServer() error {
 		return err
 	}
 
-	return gw.SetGatewayTlsCertificate(cert)
+	return gw.setGatewayTlsCertificate(cert)
 }
 
 // getHttpsCreds is a helper for getting the tls certificate and key to pass
@@ -93,17 +91,19 @@ func (gw *Instance) getHttpsCreds() ([]byte, []byte, error) {
 	dnsName := fmt.Sprintf(DnsTemplate, gw.Comms.GetId().String())
 
 	// Get ACME token
-	_, acmeToken, err := gw.autoCert.Request(dnsName) // TODO : do we need the key for anything?
+	chalDomain, challenge, err := gw.autoCert.Request(dnsName)
 	if err != nil {
 		return nil, nil, err
 	}
 
+	jww.INFO.Printf("ADD TXT RECORD: %s\t%s\n", chalDomain, challenge)
+
 	ts := uint64(time.Now().UnixNano())
 
 	// Sign ACME token
 	rng := csprng.NewSystemRNG()
-	sig, err := signAcmeToken(rng, gw.Comms.GetPrivateKey(),
-		gw.Params.PublicAddress, acmeToken, ts)
+	sig, err := gatewayHttps.SignAcmeToken(rng, gw.Comms.GetPrivateKey(),
+		gw.Params.PublicAddress, challenge, ts)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -113,22 +113,23 @@ func (gw *Instance) getHttpsCreds() ([]byte, []byte, error) {
 		&mixmessages.AuthorizerCertRequest{
 			GwID:      gw.Comms.GetId().Bytes(),
 			Timestamp: ts,
-			ACMEToken: acmeToken,
+			ACMEToken: challenge,
 			Signature: sig,
 		})
 	if err != nil {
 		return nil, nil, err
 	}
 
-	// TODO : do we need the der for something?
-	csrPem, _, err := gw.autoCert.CreateCSR(dnsName, gw.Params.HttpsEmail,
+	csrPem, csrDer, err := gw.autoCert.CreateCSR(dnsName, gw.Params.HttpsEmail,
 		gw.Params.HttpsCountry, gw.Comms.GetId().String(), rng)
 	if err != nil {
 		return nil, nil, err
 	}
 
+	jww.INFO.Printf("Received CSR from autocert:\n\t%s", string(csrPem))
+
 	// Get issued certificate and key from autoCert
-	issuedCert, issuedKey, err := gw.autoCert.Issue(csrPem)
+	issuedCert, issuedKey, err := gw.autoCert.Issue(csrDer)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -161,6 +162,7 @@ func storeHttpsCreds(cert, key []byte, db *storage.Storage) error {
 	if err != nil {
 		return err
 	}
+
 	return db.UpsertState(&storage.State{
 		Key:   CertificateStateKey,
 		Value: string(marshalled),
@@ -181,25 +183,11 @@ func loadHttpsCreds(db *storage.Storage) ([]byte, []byte, error) {
 	return loaded.Cert, loaded.Key, nil
 }
 
-// signAcmeToken creates the signature sent with an AuthorizerCertRequest
-func signAcmeToken(rng io.Reader, gwRsa *rsa.PrivateKey, ipAddress,
-	acmeToken string, timestamp uint64) ([]byte, error) {
-	hashType := hash.CMixHash
-	h := hashType.New()
-	h.Write([]byte(ipAddress))
-	h.Write([]byte(acmeToken))
-	tsBytes := make([]byte, 8)
-	binary.BigEndian.PutUint64(tsBytes, timestamp)
-	h.Write(tsBytes)
-	return gwRsa.Sign(rng, h.Sum(nil), crypto.SignerOpts(hashType))
-}
-
-func (gw *Instance) SetGatewayTlsCertificate(cert []byte) error {
-	rng := csprng.NewSystemRNG()
-	hashType := hash.CMixHash
-	h := hashType.New()
-	h.Write(cert)
-	sig, err := rsa.Sign(rng, gw.Comms.GetPrivateKey(), hashType, h.Sum(nil), rsa.NewDefaultOptions())
+// Helper function which accepts the certificate used for https, signs it,
+// and sets the GatewayCertificate on the Instance object to be sent when
+// clients request it
+func (gw *Instance) setGatewayTlsCertificate(cert []byte) error {
+	sig, err := gatewayHttps.SignGatewayCert(csprng.NewSystemRNG(), gw.Comms.GetPrivateKey(), cert)
 	if err != nil {
 		return err
 	}
diff --git a/go.mod b/go.mod
index fa32a44a..42fdd47c 100644
--- a/go.mod
+++ b/go.mod
@@ -11,11 +11,11 @@ require (
 	github.com/spf13/viper v1.7.1
 	gitlab.com/elixxir/bloomfilter v0.0.0-20211222005329-7d931ceead6f
 	gitlab.com/elixxir/comms v0.0.4-0.20221111122257-75d48fa55a4e
-	gitlab.com/elixxir/crypto v0.0.7-0.20221108183134-3f4a29c68e97
-	gitlab.com/elixxir/primitives v0.0.3-0.20221108183049-7bdff545bf8e
+	gitlab.com/elixxir/crypto v0.0.7-0.20221111135704-4d60ed8f06d5
+	gitlab.com/elixxir/primitives v0.0.3-0.20221110181119-e83320a48b13
 	gitlab.com/xx_network/comms v0.0.4-0.20221110230330-3a63a3732f37
-	gitlab.com/xx_network/crypto v0.0.5-0.20221108182939-05998dc093e9
-	gitlab.com/xx_network/primitives v0.0.4-0.20221104175439-f0d440beacd9
+	gitlab.com/xx_network/crypto v0.0.5-0.20221110181048-76f0c556fe95
+	gitlab.com/xx_network/primitives v0.0.4-0.20221110180011-fd6ea3058225
 	golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa
 	golang.org/x/net v0.0.0-20220822230855-b0a4917ee28c
 	google.golang.org/grpc v1.49.0
diff --git a/go.sum b/go.sum
index d01bf140..dfa41a92 100644
--- a/go.sum
+++ b/go.sum
@@ -507,22 +507,18 @@ github.com/zeebo/pcg v1.0.0/go.mod h1:09F0S9iiKrwn9rlI5yjLkmrug154/YRW6KnnXVDM/l
 github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
 gitlab.com/elixxir/bloomfilter v0.0.0-20211222005329-7d931ceead6f h1:yXGvNBqzZwAhDYlSnxPRbgor6JWoOt1Z7s3z1O9JR40=
 gitlab.com/elixxir/bloomfilter v0.0.0-20211222005329-7d931ceead6f/go.mod h1:H6jztdm0k+wEV2QGK/KYA+MY9nj9Zzatux/qIvDDv3k=
-gitlab.com/elixxir/comms v0.0.4-0.20221110231102-817db722182d h1:skE289UBC9h4ZHGcoYBjY5jw6ebBVCHJLYO+3mtafDw=
-gitlab.com/elixxir/comms v0.0.4-0.20221110231102-817db722182d/go.mod h1:h5F+vL264LE4LcgDvLWjLMF21pcclv0aiNVRPLvu1cM=
-gitlab.com/elixxir/comms v0.0.4-0.20221111121748-27217ffaa8db h1:6MucofjMhIsMhVhZraICQ4AduE5y76kwHPenrToOLwo=
-gitlab.com/elixxir/comms v0.0.4-0.20221111121748-27217ffaa8db/go.mod h1:h5F+vL264LE4LcgDvLWjLMF21pcclv0aiNVRPLvu1cM=
 gitlab.com/elixxir/comms v0.0.4-0.20221111122257-75d48fa55a4e h1:Of89Ujlk1nSVKUAl7C9uEP8hnqe5veQUxgznt+T8j9I=
 gitlab.com/elixxir/comms v0.0.4-0.20221111122257-75d48fa55a4e/go.mod h1:h5F+vL264LE4LcgDvLWjLMF21pcclv0aiNVRPLvu1cM=
-gitlab.com/elixxir/crypto v0.0.7-0.20221108183134-3f4a29c68e97 h1:xZFh1e1vq/j1DF61Bta3Wb4ePcCS+NHyk3ri3VcMOuk=
-gitlab.com/elixxir/crypto v0.0.7-0.20221108183134-3f4a29c68e97/go.mod h1:fhS9lyG4zNKC39Hd3YXPo9HYI0WnVz/JDTJw9nwnYHQ=
-gitlab.com/elixxir/primitives v0.0.3-0.20221108183049-7bdff545bf8e h1:U9aMSBhc2ShJEeCXHNoUPVwrxKAGRhbGZWsbqES8iGA=
-gitlab.com/elixxir/primitives v0.0.3-0.20221108183049-7bdff545bf8e/go.mod h1:KeMEPwtmA0zJpetvv5SeyOePIAzsBmQSwJ2nAHYnczw=
+gitlab.com/elixxir/crypto v0.0.7-0.20221111135704-4d60ed8f06d5 h1:GszYPY43ZYTyeMHxQfnZa/I9JnLjTuI5Ye5G2mzYvlE=
+gitlab.com/elixxir/crypto v0.0.7-0.20221111135704-4d60ed8f06d5/go.mod h1:IqswRNqsGooEOt2tP1LzeAcBOccVW0aUiJFH5B7UGfg=
+gitlab.com/elixxir/primitives v0.0.3-0.20221110181119-e83320a48b13 h1:U3tbClFN5BLYlAoMj+o6VWAs9akbFiJstMGCuk1aB94=
+gitlab.com/elixxir/primitives v0.0.3-0.20221110181119-e83320a48b13/go.mod h1:DUnCTXYKgjpro5+6ITySKIf+qzW2vhW40IVHMimdsqw=
 gitlab.com/xx_network/comms v0.0.4-0.20221110230330-3a63a3732f37 h1:/NVxgd2Rqw2eN5MmdUp5Ix0qRzHCdKfUqd50TsprhmQ=
 gitlab.com/xx_network/comms v0.0.4-0.20221110230330-3a63a3732f37/go.mod h1:/zveWGwSqQbPhPSiGIbS3v78nga8nD5XD1oXr0vD/Zc=
-gitlab.com/xx_network/crypto v0.0.5-0.20221108182939-05998dc093e9 h1:A/gYzA36bQxj6tRczs11JEUsWzaLmTRXN89tlqWEOUc=
-gitlab.com/xx_network/crypto v0.0.5-0.20221108182939-05998dc093e9/go.mod h1:0Bk5bSyAqH/GAU4CJ8Wbm24YkMoDVz4JF7585dAMkss=
-gitlab.com/xx_network/primitives v0.0.4-0.20221104175439-f0d440beacd9 h1:XE7OBn2gYmfLudiaWOl6LzYblZZqYIsScrSzJqPwymY=
-gitlab.com/xx_network/primitives v0.0.4-0.20221104175439-f0d440beacd9/go.mod h1:rP/2IsqIFHapuIB4mstXKItvwoJRQ9Wlms/NGeutHsk=
+gitlab.com/xx_network/crypto v0.0.5-0.20221110181048-76f0c556fe95 h1:rC6lx6sD6u617Qu0ZndKZQRjXuRkyrI9Q6Y0Ki+dnK4=
+gitlab.com/xx_network/crypto v0.0.5-0.20221110181048-76f0c556fe95/go.mod h1:acWUBKCpae/XVaQF7J9RnLAlBT13i5r7gnON+mrIxBk=
+gitlab.com/xx_network/primitives v0.0.4-0.20221110180011-fd6ea3058225 h1:TAn87e6Zt9KwcSnWKyIul5eu8T0RHY9FDubCGs3G0dw=
+gitlab.com/xx_network/primitives v0.0.4-0.20221110180011-fd6ea3058225/go.mod h1:rP/2IsqIFHapuIB4mstXKItvwoJRQ9Wlms/NGeutHsk=
 gitlab.com/xx_network/ring v0.0.3-0.20220902183151-a7d3b15bc981 h1:1s0vX9BbkiD0IVXwr3LOaTBcq1wBrWcUWMBK0s8r0Z0=
 gitlab.com/xx_network/ring v0.0.3-0.20220902183151-a7d3b15bc981/go.mod h1:aLzpP2TiZTQut/PVHR40EJAomzugDdHXetbieRClXIM=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-- 
GitLab


From 0f5201935fdb81c780dccd285166bd0e75501388 Mon Sep 17 00:00:00 2001
From: jbhusson <jonah@elixxir.io>
Date: Fri, 11 Nov 2022 09:29:31 -0500
Subject: [PATCH 3/4] Add convert method for private keys

---
 cmd/https.go | 14 ++++----------
 go.mod       |  2 +-
 go.sum       |  4 ++++
 3 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/cmd/https.go b/cmd/https.go
index c0859f6d..e5b32188 100644
--- a/cmd/https.go
+++ b/cmd/https.go
@@ -6,12 +6,11 @@ import (
 	"github.com/pkg/errors"
 	jww "github.com/spf13/jwalterweatherman"
 	"gitlab.com/elixxir/comms/mixmessages"
-	"gitlab.com/elixxir/crypto/gatewayHttps"
+	crypto "gitlab.com/elixxir/crypto/gatewayHttps"
 	rsa2 "gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/elixxir/gateway/storage"
 	"gitlab.com/xx_network/comms/connect"
 	"gitlab.com/xx_network/crypto/csprng"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"gorm.io/gorm"
 	"strings"
@@ -75,12 +74,7 @@ func (gw *Instance) getHttpsCreds() ([]byte, []byte, error) {
 		return nil, nil, err
 	}
 
-	// TODO there has to be a better way to do this
-	pk, err := rsa2.GetScheme().UnmarshalPrivateKeyPEM(
-		rsa.CreatePrivateKeyPem(gw.Comms.GetPrivateKey()))
-	if err != nil {
-		return nil, nil, err
-	}
+	pk := rsa2.GetScheme().Convert(&gw.Comms.GetPrivateKey().PrivateKey)
 	err = gw.autoCert.Register(pk, eabCredResp.KeyId, eabCredResp.Key,
 		gw.Params.HttpsEmail)
 	if err != nil {
@@ -102,7 +96,7 @@ func (gw *Instance) getHttpsCreds() ([]byte, []byte, error) {
 
 	// Sign ACME token
 	rng := csprng.NewSystemRNG()
-	sig, err := gatewayHttps.SignAcmeToken(rng, gw.Comms.GetPrivateKey(),
+	sig, err := crypto.SignAcmeToken(rng, gw.Comms.GetPrivateKey(),
 		gw.Params.PublicAddress, challenge, ts)
 	if err != nil {
 		return nil, nil, err
@@ -187,7 +181,7 @@ func loadHttpsCreds(db *storage.Storage) ([]byte, []byte, error) {
 // and sets the GatewayCertificate on the Instance object to be sent when
 // clients request it
 func (gw *Instance) setGatewayTlsCertificate(cert []byte) error {
-	sig, err := gatewayHttps.SignGatewayCert(csprng.NewSystemRNG(), gw.Comms.GetPrivateKey(), cert)
+	sig, err := crypto.SignGatewayCert(csprng.NewSystemRNG(), gw.Comms.GetPrivateKey(), cert)
 	if err != nil {
 		return err
 	}
diff --git a/go.mod b/go.mod
index 42fdd47c..32820c53 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/spf13/viper v1.7.1
 	gitlab.com/elixxir/bloomfilter v0.0.0-20211222005329-7d931ceead6f
 	gitlab.com/elixxir/comms v0.0.4-0.20221111122257-75d48fa55a4e
-	gitlab.com/elixxir/crypto v0.0.7-0.20221111135704-4d60ed8f06d5
+	gitlab.com/elixxir/crypto v0.0.7-0.20221111142642-965dc5284c74
 	gitlab.com/elixxir/primitives v0.0.3-0.20221110181119-e83320a48b13
 	gitlab.com/xx_network/comms v0.0.4-0.20221110230330-3a63a3732f37
 	gitlab.com/xx_network/crypto v0.0.5-0.20221110181048-76f0c556fe95
diff --git a/go.sum b/go.sum
index dfa41a92..dc9f2220 100644
--- a/go.sum
+++ b/go.sum
@@ -511,6 +511,10 @@ gitlab.com/elixxir/comms v0.0.4-0.20221111122257-75d48fa55a4e h1:Of89Ujlk1nSVKUA
 gitlab.com/elixxir/comms v0.0.4-0.20221111122257-75d48fa55a4e/go.mod h1:h5F+vL264LE4LcgDvLWjLMF21pcclv0aiNVRPLvu1cM=
 gitlab.com/elixxir/crypto v0.0.7-0.20221111135704-4d60ed8f06d5 h1:GszYPY43ZYTyeMHxQfnZa/I9JnLjTuI5Ye5G2mzYvlE=
 gitlab.com/elixxir/crypto v0.0.7-0.20221111135704-4d60ed8f06d5/go.mod h1:IqswRNqsGooEOt2tP1LzeAcBOccVW0aUiJFH5B7UGfg=
+gitlab.com/elixxir/crypto v0.0.7-0.20221111142522-23f3548e86e5 h1:4UXg0TkPCx7gRwRzBG+ALFA/qclUO/9vh9hnDF37l+M=
+gitlab.com/elixxir/crypto v0.0.7-0.20221111142522-23f3548e86e5/go.mod h1:IqswRNqsGooEOt2tP1LzeAcBOccVW0aUiJFH5B7UGfg=
+gitlab.com/elixxir/crypto v0.0.7-0.20221111142642-965dc5284c74 h1:/WXijzZMhe3+GLLveQvLM5S1hyncLiJJuAjvTkJvM8Y=
+gitlab.com/elixxir/crypto v0.0.7-0.20221111142642-965dc5284c74/go.mod h1:IqswRNqsGooEOt2tP1LzeAcBOccVW0aUiJFH5B7UGfg=
 gitlab.com/elixxir/primitives v0.0.3-0.20221110181119-e83320a48b13 h1:U3tbClFN5BLYlAoMj+o6VWAs9akbFiJstMGCuk1aB94=
 gitlab.com/elixxir/primitives v0.0.3-0.20221110181119-e83320a48b13/go.mod h1:DUnCTXYKgjpro5+6ITySKIf+qzW2vhW40IVHMimdsqw=
 gitlab.com/xx_network/comms v0.0.4-0.20221110230330-3a63a3732f37 h1:/NVxgd2Rqw2eN5MmdUp5Ix0qRzHCdKfUqd50TsprhmQ=
-- 
GitLab


From 911b8cc635d307464252d0742f069ef4c7ab24df Mon Sep 17 00:00:00 2001
From: jbhusson <jonah@elixxir.io>
Date: Mon, 14 Nov 2022 13:15:23 -0500
Subject: [PATCH 4/4] rsa2 -> rsa

---
 cmd/https.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cmd/https.go b/cmd/https.go
index e5b32188..75cf717e 100644
--- a/cmd/https.go
+++ b/cmd/https.go
@@ -7,7 +7,7 @@ import (
 	jww "github.com/spf13/jwalterweatherman"
 	"gitlab.com/elixxir/comms/mixmessages"
 	crypto "gitlab.com/elixxir/crypto/gatewayHttps"
-	rsa2 "gitlab.com/elixxir/crypto/rsa"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/elixxir/gateway/storage"
 	"gitlab.com/xx_network/comms/connect"
 	"gitlab.com/xx_network/crypto/csprng"
@@ -74,7 +74,7 @@ func (gw *Instance) getHttpsCreds() ([]byte, []byte, error) {
 		return nil, nil, err
 	}
 
-	pk := rsa2.GetScheme().Convert(&gw.Comms.GetPrivateKey().PrivateKey)
+	pk := rsa.GetScheme().Convert(&gw.Comms.GetPrivateKey().PrivateKey)
 	err = gw.autoCert.Register(pk, eabCredResp.KeyId, eabCredResp.Key,
 		gw.Params.HttpsEmail)
 	if err != nil {
-- 
GitLab