Skip to content

Certificates #42

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Dec 21, 2015
Merged

Certificates #42

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
e3ac16a
Create a certification authority
matteosuppo Dec 17, 2015
5cb9f10
Create a signed certificate
matteosuppo Dec 17, 2015
c140d7a
Ensure the second certificate is not a CA
matteosuppo Dec 18, 2015
8636c6d
Output certificate in cer form
matteosuppo Dec 21, 2015
647db95
Hide certificate button
matteosuppo Dec 21, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
128 changes: 88 additions & 40 deletions certificates.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,22 +16,21 @@ import (
"crypto/x509/pkix"
"encoding/pem"
"fmt"
log "github.com/Sirupsen/logrus"
"io/ioutil"
"math/big"
"net"
"os"
"strings"
"time"

log "github.com/Sirupsen/logrus"
)

var (
host = "localhost"
validFrom = ""
validFor = 365 * 24 * time.Hour * 2 // 2 years
isCA = true
rsaBits = 2048
ecdsaCurve = ""
host = "localhost"
validFrom = ""
validFor = 365 * 24 * time.Hour * 2 // 2 years
rsaBits = 2048
)

func publicKey(priv interface{}) interface{} {
Expand Down Expand Up @@ -61,37 +60,32 @@ func pemBlockForKey(priv interface{}) *pem.Block {
}
}

func generateCertificates() {

var priv interface{}
var err error
func generateKey(ecdsaCurve string) (interface{}, error) {
switch ecdsaCurve {
case "":
priv, err = rsa.GenerateKey(rand.Reader, rsaBits)
return rsa.GenerateKey(rand.Reader, rsaBits)
case "P224":
priv, err = ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
return ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
case "P256":
priv, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
return ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
case "P384":
priv, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
return ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
case "P521":
priv, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
return ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
default:
fmt.Fprintf(os.Stderr, "Unrecognized elliptic curve: %q", ecdsaCurve)
os.Exit(1)
}
if err != nil {
log.Fatalf("failed to generate private key: %s", err)
return nil, fmt.Errorf("Unrecognized elliptic curve: %q", ecdsaCurve)
}
}

func generateSingleCertificate(isCa bool) (*x509.Certificate, error) {
var notBefore time.Time
var err error
if len(validFrom) == 0 {
notBefore = time.Now()
} else {
notBefore, err = time.Parse("Jan 2 15:04:05 2006", validFrom)
if err != nil {
fmt.Fprintf(os.Stderr, "Failed to parse creation date: %s\n", err)
os.Exit(1)
return nil, fmt.Errorf("Failed to parse creation date: %s\n", err.Error())
}
}

Expand All @@ -100,7 +94,7 @@ func generateCertificates() {
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil {
log.Fatalf("failed to generate serial number: %s", err)
return nil, fmt.Errorf("failed to generate serial number: %s\n", err.Error())
}

template := x509.Certificate{
Expand Down Expand Up @@ -128,37 +122,91 @@ func generateCertificates() {
}
}

if isCA {
if isCa {
template.IsCA = true
template.KeyUsage |= x509.KeyUsageCertSign
}

derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv)
if err != nil {
log.Fatalf("Failed to create certificate: %s", err)
}
return &template, nil
}

func generateCertificates() {

// remove old certificates
os.Remove("ca.cert.pem")
os.Remove("ca.key.pem")
os.Remove("cert.pem")
os.Remove("key.pem")
os.Remove("cert.cer")

certOut, err := os.Create("cert.pem")
// Create the key for the certification authority
caKey, err := generateKey("")
if err != nil {
log.Error(err.Error())
os.Exit(1)
}

keyOut, err := os.OpenFile("ca.key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil {
log.Fatalf("failed to open cert.pem for writing: %s", err)
log.Error(err.Error())
os.Exit(1)
}
pem.Encode(keyOut, pemBlockForKey(caKey))
keyOut.Close()
log.Println("written ca.key.pem")

// Create the certification authority
caTemplate, err := generateSingleCertificate(true)

if err != nil {
log.Error(err.Error())
os.Exit(1)
}

derBytes, err := x509.CreateCertificate(rand.Reader, caTemplate, caTemplate, publicKey(caKey), caKey)

certOut, err := os.Create("ca.cert.pem")
if err != nil {
log.Error(err.Error())
os.Exit(1)
}
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
certOut.Close()
log.Print("written cert.pem\n")
log.Print("written ca.cert.pem")

ioutil.WriteFile("ca.cert.cer", derBytes, 0644)
log.Print("written ca.cert.cer")

ioutil.WriteFile("cert.cer", derBytes, 0644)
// Create the key for the final certificate
key, err := generateKey("")
if err != nil {
log.Error(err.Error())
os.Exit(1)
}

keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
keyOut, err = os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil {
log.Print("failed to open key.pem for writing:", err)
return
log.Error(err.Error())
os.Exit(1)
}
pem.Encode(keyOut, pemBlockForKey(priv))
pem.Encode(keyOut, pemBlockForKey(key))
keyOut.Close()
log.Print("written key.pem\n")
log.Println("written key.pem")

// Create the final certificate
template, err := generateSingleCertificate(false)

if err != nil {
log.Error(err.Error())
os.Exit(1)
}

derBytes, err = x509.CreateCertificate(rand.Reader, template, caTemplate, publicKey(key), caKey)

certOut, err = os.Create("cert.pem")
if err != nil {
log.Error(err.Error())
os.Exit(1)
}
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
certOut.Close()
log.Print("written cert.pem")
}
15 changes: 8 additions & 7 deletions main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,19 +5,20 @@ package main

import (
"flag"
log "github.com/Sirupsen/logrus"
"github.com/carlescere/scheduler"
"github.com/gin-gonic/gin"
"github.com/itsjamie/gin-cors"
"github.com/kardianos/osext"
"github.com/vharitonsky/iniflags"
"os"
"os/user"
"path/filepath"
"runtime/debug"
"strconv"
"text/template"
"time"

log "github.com/Sirupsen/logrus"
"github.com/carlescere/scheduler"
"github.com/gin-gonic/gin"
"github.com/itsjamie/gin-cors"
"github.com/kardianos/osext"
"github.com/vharitonsky/iniflags"
//"github.com/sanbornm/go-selfupdate/selfupdate" #included in update.go to change heavily
)

Expand Down Expand Up @@ -399,7 +400,7 @@ body {
<input type="submit" value="Send" />
<input type="text" id="msg" size="64"/>
<input name="pause" type="checkbox" value="pause" id="myCheck"/> Pause
<input type="button" value="Install Certificate" onclick="window.open('http://localhost:8991/certificate.crt')" />
<!--<input type="button" value="Install Certificate" onclick="window.open('http://localhost:8991/certificate.crt')" />-->
</form>
</form>
</body>
Expand Down