@@ -16,7 +16,6 @@ import (
1616 "crypto/x509/pkix"
1717 "encoding/pem"
1818 "fmt"
19- "io/ioutil"
2019 "math/big"
2120 "net"
2221 "os"
@@ -134,20 +133,20 @@ func generateSingleCertificate(isCa bool) (*x509.Certificate, error) {
134133 return & template , nil
135134}
136135
137- func generateCertificates (path * paths.Path ) {
138- path .Join ("ca.cert.pem" ).Remove ()
139- path .Join ("ca.key.pem" ).Remove ()
140- path .Join ("cert.pem" ).Remove ()
141- path .Join ("key.pem" ).Remove ()
136+ func generateCertificates (certsDir * paths.Path ) {
137+ certsDir .Join ("ca.cert.pem" ).Remove ()
138+ certsDir .Join ("ca.key.pem" ).Remove ()
139+ certsDir .Join ("cert.pem" ).Remove ()
140+ certsDir .Join ("key.pem" ).Remove ()
142141
143142 // Create the key for the certification authority
144143 caKey , err := generateKey ("P256" )
145144 if err != nil {
146145 log .Error (err .Error ())
147146 os .Exit (1 )
148147 }
149- keyOutPath := path .Join ("ca.key.pem" ).String ()
150- keyOut , err := os .OpenFile (keyOutPath , os .O_WRONLY | os .O_CREATE | os .O_TRUNC , 0600 )
148+ keyOutPath := certsDir .Join ("ca.key.pem" ).String ()
149+ keyOut , err := os .OpenFile (keyOutPath , os .O_WRONLY | os .O_CREATE | os .O_TRUNC , 0600 ) // Save key with user-only permission 0600
151150 if err != nil {
152151 log .Error (err .Error ())
153152 os .Exit (1 )
@@ -158,27 +157,26 @@ func generateCertificates(path *paths.Path) {
158157
159158 // Create the certification authority
160159 caTemplate , err := generateSingleCertificate (true )
161-
162160 if err != nil {
163161 log .Error (err .Error ())
164162 os .Exit (1 )
165163 }
166164
167165 derBytes , _ := x509 .CreateCertificate (rand .Reader , caTemplate , caTemplate , publicKey (caKey ), caKey )
168166
169- certOutPath := path .Join ("ca.cert.pem" ). String ( )
170- certOut , err := os .Create (certOutPath )
167+ caCertOutPath := certsDir .Join ("ca.cert.pem" )
168+ caCertOut , err := caCertOutPath .Create ()
171169 if err != nil {
172170 log .Error (err .Error ())
173171 os .Exit (1 )
174172 }
175- pem .Encode (certOut , & pem.Block {Type : "CERTIFICATE" , Bytes : derBytes })
176- certOut .Close ()
177- log .Printf ("written %s" , certOutPath )
173+ pem .Encode (caCertOut , & pem.Block {Type : "CERTIFICATE" , Bytes : derBytes })
174+ caCertOut .Close ()
175+ log .Printf ("written %s" , caCertOutPath )
178176
179- filePath := path .Join ("ca.cert.cer" ). String ( )
180- ioutil .WriteFile (filePath , derBytes , 0644 )
181- log .Printf ("written %s" , filePath )
177+ caCertPath := certsDir .Join ("ca.cert.cer" )
178+ caCertPath .WriteFile (derBytes )
179+ log .Printf ("written %s" , caCertPath )
182180
183181 // Create the key for the final certificate
184182 key , err := generateKey ("P256" )
@@ -187,8 +185,8 @@ func generateCertificates(path *paths.Path) {
187185 os .Exit (1 )
188186 }
189187
190- keyOutPath = path .Join ("key.pem" ).String ()
191- keyOut , err = os .OpenFile (keyOutPath , os .O_WRONLY | os .O_CREATE | os .O_TRUNC , 0600 )
188+ keyOutPath = certsDir .Join ("key.pem" ).String ()
189+ keyOut , err = os .OpenFile (keyOutPath , os .O_WRONLY | os .O_CREATE | os .O_TRUNC , 0600 ) // Save key with user-only permission 0600
192190 if err != nil {
193191 log .Error (err .Error ())
194192 os .Exit (1 )
@@ -199,28 +197,26 @@ func generateCertificates(path *paths.Path) {
199197
200198 // Create the final certificate
201199 template , err := generateSingleCertificate (false )
202-
203200 if err != nil {
204201 log .Error (err .Error ())
205202 os .Exit (1 )
206203 }
207204
208205 derBytes , _ = x509 .CreateCertificate (rand .Reader , template , caTemplate , publicKey (key ), caKey )
209206
210- certOutPath = path .Join ("cert.pem" ).String ()
211- certOut , err = os .Create (certOutPath )
207+ certOutPath := certsDir .Join ("cert.pem" ).String ()
208+ certOut , err : =os .Create (certOutPath )
212209 if err != nil {
213210 log .Error (err .Error ())
214211 os .Exit (1 )
215212 }
216213 pem .Encode (certOut , & pem.Block {Type : "CERTIFICATE" , Bytes : derBytes })
217- certOut .Close ()
218- log .Printf ("written %s" , certOutPath )
214+ caCertOut .Close ()
215+ log .Printf ("written %s" , caCertOutPath )
219216
220- certPath := path .Join ("cert.cer" ). String ( )
221- ioutil .WriteFile (certPath , derBytes , 0644 )
217+ certPath := certsDir .Join ("cert.cer" )
218+ certPath .WriteFile (derBytes )
222219 log .Printf ("written %s" , certPath )
223-
224220}
225221
226222func certHandler (c * gin.Context ) {
@@ -239,10 +235,10 @@ func deleteCertHandler(c *gin.Context) {
239235}
240236
241237// DeleteCertificates will delete the certificates
242- func DeleteCertificates (path * paths.Path ) {
243- path .Join ("ca.cert.pem" ).Remove ()
244- path .Join ("ca.cert.cer" ).Remove ()
245- path .Join ("ca.key.pem" ).Remove ()
238+ func DeleteCertificates (certDir * paths.Path ) {
239+ certDir .Join ("ca.cert.pem" ).Remove ()
240+ certDir .Join ("ca.cert.cer" ).Remove ()
241+ certDir .Join ("ca.key.pem" ).Remove ()
246242}
247243
248244const noFirefoxTemplateHTML = `<!DOCTYPE html>
0 commit comments