From e3ac16a984e419fca86a152ddbb390e02e376679 Mon Sep 17 00:00:00 2001
From: Matteo Suppo <matteo.suppo@gmail.com>
Date: Thu, 17 Dec 2015 15:40:39 +0100
Subject: [PATCH 1/5] Create a certification authority

---
 certificates.go | 80 ++++++++++++++++++++++++++-----------------------
 1 file changed, 43 insertions(+), 37 deletions(-)

diff --git a/certificates.go b/certificates.go
index aacf4cf78..30e454238 100644
--- a/certificates.go
+++ b/certificates.go
@@ -16,13 +16,13 @@ import (
 	"crypto/x509/pkix"
 	"encoding/pem"
 	"fmt"
-	log "github.com/Sirupsen/logrus"
-	"io/ioutil"
 	"math/big"
 	"net"
 	"os"
 	"strings"
 	"time"
+
+	log "github.com/Sirupsen/logrus"
 )
 
 var (
@@ -61,37 +61,32 @@ func pemBlockForKey(priv interface{}) *pem.Block {
 	}
 }
 
-func generateCertificates() {
-
-	var priv interface{}
-	var err error
+func generateKey(ecdsaCurve string) (interface{}, error) {
 	switch ecdsaCurve {
 	case "":
-		priv, err = rsa.GenerateKey(rand.Reader, rsaBits)
+		return rsa.GenerateKey(rand.Reader, rsaBits)
 	case "P224":
-		priv, err = ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
+		return ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
 	case "P256":
-		priv, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+		return ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 	case "P384":
-		priv, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
+		return ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
 	case "P521":
-		priv, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
+		return ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
 	default:
-		fmt.Fprintf(os.Stderr, "Unrecognized elliptic curve: %q", ecdsaCurve)
-		os.Exit(1)
-	}
-	if err != nil {
-		log.Fatalf("failed to generate private key: %s", err)
+		return nil, fmt.Errorf("Unrecognized elliptic curve: %q", ecdsaCurve)
 	}
+}
 
+func generateSingleCertificate(isCa bool) (*x509.Certificate, error) {
 	var notBefore time.Time
+	var err error
 	if len(validFrom) == 0 {
 		notBefore = time.Now()
 	} else {
 		notBefore, err = time.Parse("Jan 2 15:04:05 2006", validFrom)
 		if err != nil {
-			fmt.Fprintf(os.Stderr, "Failed to parse creation date: %s\n", err)
-			os.Exit(1)
+			return nil, fmt.Errorf("Failed to parse creation date: %s\n", err.Error())
 		}
 	}
 
@@ -100,7 +95,7 @@ func generateCertificates() {
 	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
 	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
 	if err != nil {
-		log.Fatalf("failed to generate serial number: %s", err)
+		return nil, fmt.Errorf("failed to generate serial number: %s\n", err.Error())
 	}
 
 	template := x509.Certificate{
@@ -133,32 +128,43 @@ func generateCertificates() {
 		template.KeyUsage |= x509.KeyUsageCertSign
 	}
 
-	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv)
+	return &template, nil
+}
+
+func generateCertificates() {
+
+	// Create the key for the certification authority
+	caKey, err := generateKey("")
+	if err != nil {
+		log.Error(err.Error())
+		os.Exit(1)
+	}
+
+	keyOut, err := os.OpenFile("ca.key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
-		log.Fatalf("Failed to create certificate: %s", err)
+		log.Error(err.Error())
+		os.Exit(1)
 	}
+	pem.Encode(keyOut, pemBlockForKey(caKey))
+	keyOut.Close()
+	log.Println("written ca.key.pem")
 
-	// remove old certificates
-	os.Remove("cert.pem")
-	os.Remove("key.pem")
-	os.Remove("cert.cer")
+	// Create the certification authority
+	caTemplate, err := generateSingleCertificate(true)
 
-	certOut, err := os.Create("cert.pem")
 	if err != nil {
-		log.Fatalf("failed to open cert.pem for writing: %s", err)
+		log.Error(err.Error())
+		os.Exit(1)
 	}
-	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
-	certOut.Close()
-	log.Print("written cert.pem\n")
 
-	ioutil.WriteFile("cert.cer", derBytes, 0644)
+	derBytes, err := x509.CreateCertificate(rand.Reader, caTemplate, caTemplate, publicKey(caKey), caKey)
 
-	keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+	certOut, err := os.Create("ca.crt.pem")
 	if err != nil {
-		log.Print("failed to open key.pem for writing:", err)
-		return
+		log.Error(err.Error())
+		os.Exit(1)
 	}
-	pem.Encode(keyOut, pemBlockForKey(priv))
-	keyOut.Close()
-	log.Print("written key.pem\n")
+	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
+	certOut.Close()
+	log.Print("written ca.crt.pem")
 }

From 5cb9f10947700e4ba726d14076bed1d7c93e08e8 Mon Sep 17 00:00:00 2001
From: Matteo Suppo <matteo.suppo@gmail.com>
Date: Thu, 17 Dec 2015 16:35:31 +0100
Subject: [PATCH 2/5] Create a signed certificate

---
 certificates.go | 44 ++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 42 insertions(+), 2 deletions(-)

diff --git a/certificates.go b/certificates.go
index 30e454238..cbf138a0e 100644
--- a/certificates.go
+++ b/certificates.go
@@ -133,6 +133,11 @@ func generateSingleCertificate(isCa bool) (*x509.Certificate, error) {
 
 func generateCertificates() {
 
+	os.Remove("ca.cert.pem")
+	os.Remove("ca.key.pem")
+	os.Remove("cert.pem")
+	os.Remove("key.pem")
+
 	// Create the key for the certification authority
 	caKey, err := generateKey("")
 	if err != nil {
@@ -159,12 +164,47 @@ func generateCertificates() {
 
 	derBytes, err := x509.CreateCertificate(rand.Reader, caTemplate, caTemplate, publicKey(caKey), caKey)
 
-	certOut, err := os.Create("ca.crt.pem")
+	certOut, err := os.Create("ca.cert.pem")
+	if err != nil {
+		log.Error(err.Error())
+		os.Exit(1)
+	}
+	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
+	certOut.Close()
+	log.Print("written ca.cert.pem")
+
+	// Create the key for the final certificate
+	key, err := generateKey("")
+	if err != nil {
+		log.Error(err.Error())
+		os.Exit(1)
+	}
+
+	keyOut, err = os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+	if err != nil {
+		log.Error(err.Error())
+		os.Exit(1)
+	}
+	pem.Encode(keyOut, pemBlockForKey(key))
+	keyOut.Close()
+	log.Println("written key.pem")
+
+	// Create the final certificate
+	template, err := generateSingleCertificate(false)
+
+	if err != nil {
+		log.Error(err.Error())
+		os.Exit(1)
+	}
+
+	derBytes, err = x509.CreateCertificate(rand.Reader, template, caTemplate, publicKey(key), key)
+
+	certOut, err = os.Create("cert.pem")
 	if err != nil {
 		log.Error(err.Error())
 		os.Exit(1)
 	}
 	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
 	certOut.Close()
-	log.Print("written ca.crt.pem")
+	log.Print("written cert.pem")
 }

From c140d7a7f851de051a6c83101d7951ee036ab028 Mon Sep 17 00:00:00 2001
From: Matteo Suppo <matteo.suppo@gmail.com>
Date: Fri, 18 Dec 2015 16:08:58 +0100
Subject: [PATCH 3/5] Ensure the second certificate is not a CA

---
 certificates.go | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/certificates.go b/certificates.go
index cbf138a0e..360b95f19 100644
--- a/certificates.go
+++ b/certificates.go
@@ -26,12 +26,10 @@ import (
 )
 
 var (
-	host       = "localhost"
-	validFrom  = ""
-	validFor   = 365 * 24 * time.Hour * 2 // 2 years
-	isCA       = true
-	rsaBits    = 2048
-	ecdsaCurve = ""
+	host      = "localhost"
+	validFrom = ""
+	validFor  = 365 * 24 * time.Hour * 2 // 2 years
+	rsaBits   = 2048
 )
 
 func publicKey(priv interface{}) interface{} {
@@ -123,7 +121,7 @@ func generateSingleCertificate(isCa bool) (*x509.Certificate, error) {
 		}
 	}
 
-	if isCA {
+	if isCa {
 		template.IsCA = true
 		template.KeyUsage |= x509.KeyUsageCertSign
 	}
@@ -197,7 +195,7 @@ func generateCertificates() {
 		os.Exit(1)
 	}
 
-	derBytes, err = x509.CreateCertificate(rand.Reader, template, caTemplate, publicKey(key), key)
+	derBytes, err = x509.CreateCertificate(rand.Reader, template, caTemplate, publicKey(key), caKey)
 
 	certOut, err = os.Create("cert.pem")
 	if err != nil {

From 8636c6d857d62a0b13e18518ee1225e3c0cad90b Mon Sep 17 00:00:00 2001
From: Matteo Suppo <matteo.suppo@gmail.com>
Date: Mon, 21 Dec 2015 16:39:46 +0100
Subject: [PATCH 4/5] Output certificate in cer form

---
 certificates.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/certificates.go b/certificates.go
index 360b95f19..233f25d30 100644
--- a/certificates.go
+++ b/certificates.go
@@ -16,6 +16,7 @@ import (
 	"crypto/x509/pkix"
 	"encoding/pem"
 	"fmt"
+	"io/ioutil"
 	"math/big"
 	"net"
 	"os"
@@ -171,6 +172,9 @@ func generateCertificates() {
 	certOut.Close()
 	log.Print("written ca.cert.pem")
 
+	ioutil.WriteFile("ca.cert.cer", derBytes, 0644)
+	log.Print("written ca.cert.cer")
+
 	// Create the key for the final certificate
 	key, err := generateKey("")
 	if err != nil {

From 647db9512178eabc0abdbc6883f5da8b80c25d9c Mon Sep 17 00:00:00 2001
From: Matteo Suppo <matteo.suppo@gmail.com>
Date: Mon, 21 Dec 2015 16:45:17 +0100
Subject: [PATCH 5/5] Hide certificate button

---
 main.go | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/main.go b/main.go
index 236f0459b..e042ab288 100755
--- a/main.go
+++ b/main.go
@@ -5,12 +5,6 @@ package main
 
 import (
 	"flag"
-	log "github.com/Sirupsen/logrus"
-	"github.com/carlescere/scheduler"
-	"github.com/gin-gonic/gin"
-	"github.com/itsjamie/gin-cors"
-	"github.com/kardianos/osext"
-	"github.com/vharitonsky/iniflags"
 	"os"
 	"os/user"
 	"path/filepath"
@@ -18,6 +12,13 @@ import (
 	"strconv"
 	"text/template"
 	"time"
+
+	log "github.com/Sirupsen/logrus"
+	"github.com/carlescere/scheduler"
+	"github.com/gin-gonic/gin"
+	"github.com/itsjamie/gin-cors"
+	"github.com/kardianos/osext"
+	"github.com/vharitonsky/iniflags"
 	//"github.com/sanbornm/go-selfupdate/selfupdate" #included in update.go to change heavily
 )
 
@@ -399,7 +400,7 @@ body {
     <input type="submit" value="Send" />
     <input type="text" id="msg" size="64"/>
     <input name="pause" type="checkbox" value="pause" id="myCheck"/> Pause
-    <input type="button" value="Install Certificate" onclick="window.open('http://localhost:8991/certificate.crt')" />
+    <!--<input type="button" value="Install Certificate" onclick="window.open('http://localhost:8991/certificate.crt')" />-->
 </form>
 </form>
 </body>