Merge pull request #42 from arduino/certificates

mastrolinux · mastrolinux · commit 75e74c76d040 · 2015-12-21T17:27:24.000+01:00
Certificates
diff --git a/certificates.go b/certificates.go
@@ -16,22 +16,21 @@ import (
 	"crypto/x509/pkix"
 	"encoding/pem"
 	"fmt"
-	log "github.com/Sirupsen/logrus"
 	"io/ioutil"
 	"math/big"
 	"net"
 	"os"
 	"strings"
 	"time"
+
+	log "github.com/Sirupsen/logrus"
 )
 
 var (
-	host       = "localhost"
-	validFrom  = ""
-	validFor   = 365 * 24 * time.Hour * 2 // 2 years
-	isCA       = true
-	rsaBits    = 2048
-	ecdsaCurve = ""
+	host      = "localhost"
+	validFrom = ""
+	validFor  = 365 * 24 * time.Hour * 2 // 2 years
+	rsaBits   = 2048
 )
 
 func publicKey(priv interface{}) interface{} {
@@ -61,37 +60,32 @@ func pemBlockForKey(priv interface{}) *pem.Block {
 	}
 }
 
-func generateCertificates() {
-
-	var priv interface{}
-	var err error
+func generateKey(ecdsaCurve string) (interface{}, error) {
 	switch ecdsaCurve {
 	case "":
-		priv, err = rsa.GenerateKey(rand.Reader, rsaBits)
+		return rsa.GenerateKey(rand.Reader, rsaBits)
 	case "P224":
-		priv, err = ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
+		return ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
 	case "P256":
-		priv, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+		return ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 	case "P384":
-		priv, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
+		return ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
 	case "P521":
-		priv, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
+		return ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
 	default:
-		fmt.Fprintf(os.Stderr, "Unrecognized elliptic curve: %q", ecdsaCurve)
-		os.Exit(1)
-	}
-	if err != nil {
-		log.Fatalf("failed to generate private key: %s", err)
+		return nil, fmt.Errorf("Unrecognized elliptic curve: %q", ecdsaCurve)
 	}
+}
 
+func generateSingleCertificate(isCa bool) (*x509.Certificate, error) {
 	var notBefore time.Time
+	var err error
 	if len(validFrom) == 0 {
 		notBefore = time.Now()
 	} else {
 		notBefore, err = time.Parse("Jan 2 15:04:05 2006", validFrom)
 		if err != nil {
-			fmt.Fprintf(os.Stderr, "Failed to parse creation date: %s\n", err)
-			os.Exit(1)
+			return nil, fmt.Errorf("Failed to parse creation date: %s\n", err.Error())
 		}
 	}
 
@@ -100,7 +94,7 @@ func generateCertificates() {
 	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
 	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
 	if err != nil {
-		log.Fatalf("failed to generate serial number: %s", err)
+		return nil, fmt.Errorf("failed to generate serial number: %s\n", err.Error())
 	}
 
 	template := x509.Certificate{
@@ -128,37 +122,91 @@ func generateCertificates() {
 		}
 	}
 
-	if isCA {
+	if isCa {
 		template.IsCA = true
 		template.KeyUsage |= x509.KeyUsageCertSign
 	}
 
-	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv)
-	if err != nil {
-		log.Fatalf("Failed to create certificate: %s", err)
-	}
+	return &template, nil
+}
+
+func generateCertificates() {
 
-	// remove old certificates
+	os.Remove("ca.cert.pem")
+	os.Remove("ca.key.pem")
 	os.Remove("cert.pem")
 	os.Remove("key.pem")
-	os.Remove("cert.cer")
 
-	certOut, err := os.Create("cert.pem")
+	// Create the key for the certification authority
+	caKey, err := generateKey("")
+	if err != nil {
+		log.Error(err.Error())
+		os.Exit(1)
+	}
+
+	keyOut, err := os.OpenFile("ca.key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
-		log.Fatalf("failed to open cert.pem for writing: %s", err)
+		log.Error(err.Error())
+		os.Exit(1)
+	}
+	pem.Encode(keyOut, pemBlockForKey(caKey))
+	keyOut.Close()
+	log.Println("written ca.key.pem")
+
+	// Create the certification authority
+	caTemplate, err := generateSingleCertificate(true)
+
+	if err != nil {
+		log.Error(err.Error())
+		os.Exit(1)
+	}
+
+	derBytes, err := x509.CreateCertificate(rand.Reader, caTemplate, caTemplate, publicKey(caKey), caKey)
+
+	certOut, err := os.Create("ca.cert.pem")
+	if err != nil {
+		log.Error(err.Error())
+		os.Exit(1)
 	}
 	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
 	certOut.Close()
-	log.Print("written cert.pem\n")
+	log.Print("written ca.cert.pem")
+
+	ioutil.WriteFile("ca.cert.cer", derBytes, 0644)
+	log.Print("written ca.cert.cer")
 
-	ioutil.WriteFile("cert.cer", derBytes, 0644)
+	// Create the key for the final certificate
+	key, err := generateKey("")
+	if err != nil {
+		log.Error(err.Error())
+		os.Exit(1)
+	}
 
-	keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+	keyOut, err = os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
-		log.Print("failed to open key.pem for writing:", err)
-		return
+		log.Error(err.Error())
+		os.Exit(1)
 	}
-	pem.Encode(keyOut, pemBlockForKey(priv))
+	pem.Encode(keyOut, pemBlockForKey(key))
 	keyOut.Close()
-	log.Print("written key.pem\n")
+	log.Println("written key.pem")
+
+	// Create the final certificate
+	template, err := generateSingleCertificate(false)
+
+	if err != nil {
+		log.Error(err.Error())
+		os.Exit(1)
+	}
+
+	derBytes, err = x509.CreateCertificate(rand.Reader, template, caTemplate, publicKey(key), caKey)
+
+	certOut, err = os.Create("cert.pem")
+	if err != nil {
+		log.Error(err.Error())
+		os.Exit(1)
+	}
+	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
+	certOut.Close()
+	log.Print("written cert.pem")
 }
diff --git a/main.go b/main.go
@@ -5,19 +5,20 @@ package main
 
 import (
 	"flag"
-	log "github.com/Sirupsen/logrus"
-	"github.com/carlescere/scheduler"
-	"github.com/gin-gonic/gin"
-	"github.com/itsjamie/gin-cors"
-	"github.com/kardianos/osext"
-	"github.com/vharitonsky/iniflags"
 	"os"
 	"os/user"
 	"path/filepath"
 	"runtime/debug"
 	"strconv"
 	"text/template"
 	"time"
+
+	log "github.com/Sirupsen/logrus"
+	"github.com/carlescere/scheduler"
+	"github.com/gin-gonic/gin"
+	"github.com/itsjamie/gin-cors"
+	"github.com/kardianos/osext"
+	"github.com/vharitonsky/iniflags"
 	//"github.com/sanbornm/go-selfupdate/selfupdate" #included in update.go to change heavily
 )
 
@@ -399,7 +400,7 @@ body {
     <input type="submit" value="Send" />
     <input type="text" id="msg" size="64"/>
     <input name="pause" type="checkbox" value="pause" id="myCheck"/> Pause
-    <input type="button" value="Install Certificate" onclick="window.open('http://localhost:8991/certificate.crt')" />
+    <!--<input type="button" value="Install Certificate" onclick="window.open('http://localhost:8991/certificate.crt')" />-->
 </form>
 </form>
 </body>
