go: Remove TLS certificate rotation

.changelog/5318.internal.md

@@ -0,0 +1,4 @@
+go: Remove TLS certificate rotation
+
+We use libp2p for all communication now, so TLS certificate rotation is
+no longer needed.

docs/oasis-node/cli.md

@@ -23,7 +23,6 @@ node):
     "consensus": "QaMdKVwX1da0Uf82cp0DDukQQwrSjr8BwlIxc//ANE8=",
     "tls": [
       "Kj8ANHwfMzcWoA1vx0OMhn4oGv8Y0vc46xMOdQUIh5c=",
-      "1C8rWqyuARkSxNXuPbDPh9XID/SiYAU3GxGk6nMwR0Q="
     ]
   },
   "consensus": {
@@ -173,10 +172,8 @@ node):
       "expiration": 10491,
       "tls": {
         "pub_key": "Kj8ANHwfMzcWoA1vx0OMhn4oGv8Y0vc46xMOdQUIh5c=",
-        "next_pub_key": "1C8rWqyuARkSxNXuPbDPh9XID/SiYAU3GxGk6nMwR0Q=",
         "addresses": [
           "[email protected]:30001",
-          "1C8rWqyuARkSxNXuPbDPh9XID/[email protected]:30001"
         ]
       },
       "p2p": {

go/common/accessctl/accessctl_test.go

@@ -61,11 +61,11 @@ func TestSubjectFromCertificate(t *testing.T) {
 	require.NoError(err, "Failed to create a temporary directory")
 	defer os.RemoveAll(dataDir)
 
-	ident, err := identity.LoadOrGenerate(dataDir, memorySigner.NewFactory(), false)
+	ident, err := identity.LoadOrGenerate(dataDir, memorySigner.NewFactory())
 	require.NoError(err, "Failed to generate a new identity")
-	require.Len(ident.GetTLSCertificate().Certificate, 1, "The generated identity contains more than 1 certificate in the chain")
+	require.Len(ident.TLSCertificate.Certificate, 1, "The generated identity contains more than 1 certificate in the chain")
 
-	x509Cert, err := x509.ParseCertificate(ident.GetTLSCertificate().Certificate[0])
+	x509Cert, err := x509.ParseCertificate(ident.TLSCertificate.Certificate[0])
 	require.NoError(err, "Failed to parse X.509 certificate from TLS certificate")
 
 	sub := SubjectFromX509Certificate(x509Cert)

go/common/grpc/grpc.go

@@ -640,7 +640,7 @@ func NewServer(config *ServerConfig) (*Server, error) {
 		grpc.KeepaliveParams(serverKeepAliveParams),
 		grpc.ForceServerCodec(&CBORCodec{}),
 	}
-	if config.Identity != nil && config.Identity.GetTLSCertificate() != nil {
+	if config.Identity != nil && config.Identity.TLSCertificate != nil {
 		tlsConfig := &tls.Config{
 			ClientAuth: clientAuthType,
 			VerifyPeerCertificate: func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
@@ -651,7 +651,7 @@ func NewServer(config *ServerConfig) (*Server, error) {
 				})
 			},
 			GetCertificate: func(ch *tls.ClientHelloInfo) (*tls.Certificate, error) {
-				return config.Identity.GetTLSCertificate(), nil
+				return config.Identity.TLSCertificate, nil
 			},
 		}
 

go/common/grpc/testing/ping.go

@@ -63,14 +63,14 @@ func CreateCertificate(t *testing.T) (*tls.Certificate, *x509.Certificate) {
 	require.NoError(err, "Failed to create a temporary directory")
 	defer os.RemoveAll(dataDir)
 
-	ident, err := identity.LoadOrGenerate(dataDir, memorySigner.NewFactory(), false)
+	ident, err := identity.LoadOrGenerate(dataDir, memorySigner.NewFactory())
 	require.NoError(err, "Failed to generate a new identity")
-	require.Len(ident.GetTLSCertificate().Certificate, 1, "The generated identity contains more than 1 TLS certificate in the chain")
+	require.Len(ident.TLSCertificate.Certificate, 1, "The generated identity contains more than 1 TLS certificate in the chain")
 
-	x509Cert, err := x509.ParseCertificate(ident.GetTLSCertificate().Certificate[0])
+	x509Cert, err := x509.ParseCertificate(ident.TLSCertificate.Certificate[0])
 	require.NoError(err, "Failed to parse X.509 certificate from TLS certificate")
 
-	return ident.GetTLSCertificate(), x509Cert
+	return ident.TLSCertificate, x509Cert
 }
 
 // PingQuery is the PingServer query.