feat: support auto tls

[jiuker]

feat: support auto tls

Generated TLS certificate for host 'localhost'

Certificate: E8 96 7B 11 F0 46 91 16 1F AB B1 1E 8E B3 A8 72
             3B 7E 5F 4D F0 F6 37 30 45 C2 EE 95 AD 90 A1 1D
Public Key:  G5UKIKear644oohL5G2Un47tnnVXf3IK625YieKrC/8=

   LOG: 03:06:25.805 [200 OK]  http://127.0.0.1:9000 GET /minio/health/cluster                   1.406ms      ↑ 0 B ↓ 0 B

[harshavardhana]

To print to screen you need to do this, don't copy paste it adapt it for the sidekick.

func fingerprintCert(cert *tls.Certificate) ([]byte, bool) {
	if cert == nil && len(cert.Certificate) != 1 {
		return nil, false
	}
	h := sha256.Sum256(cert.Certificate[0])
	return h[:], true
}

func fingerprintKey(cert *tls.Certificate) ([]byte, bool) {
	if cert == nil || len(cert.Certificate) != 1 {
		return nil, false
	}

	var (
		publicKeyDER []byte
		err          error
	)
	switch privateKey := cert.PrivateKey.(type) {
	default:
		return nil, false
	case *ecdsa.PrivateKey:
		publicKeyDER, err = x509.MarshalPKIXPublicKey(privateKey.Public())
	case *rsa.PrivateKey:
		publicKeyDER, err = x509.MarshalPKIXPublicKey(privateKey.Public())
	}
	if err != nil {
		return nil, false
	}
	h := sha256.Sum256(publicKeyDER)
	return h[:], true
}

func printTLSFingerprints() {
	if globalTLSCerts != nil {
		cert, _ := globalTLSCerts.GetCertificate(nil)
		if cert != nil && len(cert.Certificate) == 1 {
			if fingerprint, ok := fingerprintCert(cert); ok {
				logger.StartupMessage(colorBlue("\nCertificate: ") + fmt.Sprintf("% X", fingerprint[:len(fingerprint)/2]))
				logger.StartupMessage("             % X", fingerprint[len(fingerprint)/2:])
			}
			if fingerprint, ok := fingerprintKey(cert); ok {
				logger.StartupMessage(colorBlue("\nPublic Key:  ") + base64.StdEncoding.EncodeToString(fingerprint))
			}
		}
	}
}

Open an endpoint like /v1/health provide this at /v1/certificates and let the users get the public certificate of the server as a downloadable file as public.crt via Content-Disposition settings.