From 19c9d3d69d1fce868e81cdecf88f3f292cb0cb25 Mon Sep 17 00:00:00 2001 From: Alain Brenzikofer Date: Sat, 7 Jun 2025 10:48:19 +0200 Subject: [PATCH 1/2] update coingecko root CA --- app-libs/oracle/src/certificates/README.md | 3 +++ .../certificates/google-trust-services-r4.pem | 13 +++++++++++++ .../certificates/google-trust-services-we1x.pem | 17 +++++++++++++++++ .../oracle/src/oracle_sources/coin_gecko.rs | 11 +++-------- 4 files changed, 36 insertions(+), 8 deletions(-) create mode 100644 app-libs/oracle/src/certificates/README.md create mode 100644 app-libs/oracle/src/certificates/google-trust-services-r4.pem create mode 100644 app-libs/oracle/src/certificates/google-trust-services-we1x.pem diff --git a/app-libs/oracle/src/certificates/README.md b/app-libs/oracle/src/certificates/README.md new file mode 100644 index 0000000000..1ff9d6ab64 --- /dev/null +++ b/app-libs/oracle/src/certificates/README.md @@ -0,0 +1,3 @@ +Manually check certificate hierarchy for the exact domain the teeracle will query. +Find the root CA and add its PEM to this directory and then provide it in +`root_certificates_content()` in `oracle_sources`. \ No newline at end of file diff --git a/app-libs/oracle/src/certificates/google-trust-services-r4.pem b/app-libs/oracle/src/certificates/google-trust-services-r4.pem new file mode 100644 index 0000000000..fdb2d1bdf6 --- /dev/null +++ b/app-libs/oracle/src/certificates/google-trust-services-r4.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICCTCCAY6gAwIBAgINAgPlwGjvYxqccpBQUjAKBggqhkjOPQQDAzBHMQswCQYD +VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIG +A1UEAxMLR1RTIFJvb3QgUjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAw +WjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2Vz +IExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzuhXyi +QHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/lxKvR +HYqjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBSATNbrdP9JNqPV2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNpADBmAjEA6ED/g94D +9J+uHXqnLrmvT/aDHQ4thQEd0dlq7A/Cr8deVl5c1RxYIigL9zC2L7F8AjEA8GE8 +p/SgguMh1YQdc4acLa/KNJvxn7kjNuK8YAOdgLOaVsjh4rsUecrNIdSUtUlD +-----END CERTIFICATE----- diff --git a/app-libs/oracle/src/certificates/google-trust-services-we1x.pem b/app-libs/oracle/src/certificates/google-trust-services-we1x.pem new file mode 100644 index 0000000000..7d99e6ec12 --- /dev/null +++ b/app-libs/oracle/src/certificates/google-trust-services-we1x.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICnzCCAiWgAwIBAgIQf/MZd5csIkp2FV0TttaF4zAKBggqhkjOPQQDAzBHMQsw +CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU +MBIGA1UEAxMLR1RTIFJvb3QgUjQwHhcNMjMxMjEzMDkwMDAwWhcNMjkwMjIwMTQw +MDAwWjA7MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZp +Y2VzMQwwCgYDVQQDEwNXRTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARvzTr+ +Z1dHTCEDhUDCR127WEcPQMFcF4XGGTfn1XzthkubgdnXGhOlCgP4mMTG6J7/EFmP +LCaY9eYmJbsPAvpWo4H+MIH7MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggr +BgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU +kHeSNWfE/6jMqeZ72YB5e8yT+TgwHwYDVR0jBBgwFoAUgEzW63T/STaj1dj8tT7F +avCUHYwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzAChhhodHRwOi8vaS5wa2ku +Z29vZy9yNC5jcnQwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2MucGtpLmdvb2cv +ci9yNC5jcmwwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwMDaAAwZQIx +AOcCq1HW90OVznX+0RGU1cxAQXomvtgM8zItPZCuFQ8jSBJSjz5keROv9aYsAm5V +sQIwJonMaAFi54mrfhfoFNZEfuNMSQ6/bIBiNLiyoX46FohQvKeIoJ99cx7sUkFN +7uJW +-----END CERTIFICATE----- diff --git a/app-libs/oracle/src/oracle_sources/coin_gecko.rs b/app-libs/oracle/src/oracle_sources/coin_gecko.rs index d9b8ad91ee..8a0bc07ab6 100644 --- a/app-libs/oracle/src/oracle_sources/coin_gecko.rs +++ b/app-libs/oracle/src/oracle_sources/coin_gecko.rs @@ -44,10 +44,8 @@ const COINGECKO_PARAM_CURRENCY: &str = "vs_currency"; const COINGECKO_PARAM_COIN: &str = "ids"; const COINGECKO_PATH: &str = "api/v3/coins/markets"; const COINGECKO_TIMEOUT: Duration = Duration::from_secs(20u64); -const COINGECKO_ROOT_CERTIFICATE_BALTIMORE: &str = - include_str!("../certificates/baltimore_cyber_trust_root_v3.pem"); -const COINGECKO_ROOT_CERTIFICATE_LETSENCRYPT: &str = - include_str!("../certificates/lets_encrypt_root_cert.pem"); +const COINGECKO_ROOT_CERTIFICATE_GTS: &str = + include_str!("../certificates/google-trust-services-r4.pem"); lazy_static! { static ref SYMBOL_ID_MAP: HashMap<&'static str, &'static str> = HashMap::from([ @@ -88,10 +86,7 @@ impl> OracleSource for Coi } fn root_certificates_content(&self) -> Vec { - vec![ - COINGECKO_ROOT_CERTIFICATE_LETSENCRYPT.to_string(), - COINGECKO_ROOT_CERTIFICATE_BALTIMORE.to_string(), - ] + vec![COINGECKO_ROOT_CERTIFICATE_GTS.to_string()] } fn execute_request( From edcebc9634eaaec94620144d3521fbbc170c9ed6 Mon Sep 17 00:00:00 2001 From: Alain Brenzikofer Date: Sat, 7 Jun 2025 10:55:03 +0200 Subject: [PATCH 2/2] cleanup --- .../certificates/google-trust-services-we1x.pem | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 app-libs/oracle/src/certificates/google-trust-services-we1x.pem diff --git a/app-libs/oracle/src/certificates/google-trust-services-we1x.pem b/app-libs/oracle/src/certificates/google-trust-services-we1x.pem deleted file mode 100644 index 7d99e6ec12..0000000000 --- a/app-libs/oracle/src/certificates/google-trust-services-we1x.pem +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICnzCCAiWgAwIBAgIQf/MZd5csIkp2FV0TttaF4zAKBggqhkjOPQQDAzBHMQsw -CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU -MBIGA1UEAxMLR1RTIFJvb3QgUjQwHhcNMjMxMjEzMDkwMDAwWhcNMjkwMjIwMTQw -MDAwWjA7MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZp -Y2VzMQwwCgYDVQQDEwNXRTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARvzTr+ -Z1dHTCEDhUDCR127WEcPQMFcF4XGGTfn1XzthkubgdnXGhOlCgP4mMTG6J7/EFmP -LCaY9eYmJbsPAvpWo4H+MIH7MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggr -BgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU -kHeSNWfE/6jMqeZ72YB5e8yT+TgwHwYDVR0jBBgwFoAUgEzW63T/STaj1dj8tT7F -avCUHYwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzAChhhodHRwOi8vaS5wa2ku -Z29vZy9yNC5jcnQwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2MucGtpLmdvb2cv -ci9yNC5jcmwwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwMDaAAwZQIx -AOcCq1HW90OVznX+0RGU1cxAQXomvtgM8zItPZCuFQ8jSBJSjz5keROv9aYsAm5V -sQIwJonMaAFi54mrfhfoFNZEfuNMSQ6/bIBiNLiyoX46FohQvKeIoJ99cx7sUkFN -7uJW ------END CERTIFICATE-----