adding new way to generate cert

2016-01-05 11:08:03 +01:00 · 2016-01-05 11:08:03 +01:00 · b4d0cb51ef
commit b4d0cb51ef
parent 8d09f7a0e0
2 changed files with 10 additions and 150 deletions
--- a/BIN
+++ b/BIN
--- a/main.go
+++ b/main.go
@ -4,23 +4,12 @@
 package main // import "github.com/PierreZ/goStatic"

 import (
-	"crypto/ecdsa"
-	"crypto/elliptic"
-	"crypto/rand"
-	"crypto/rsa"
-	"crypto/x509"
-	"crypto/x509/pkix"
-	"encoding/pem"
 	"flag"
-	"fmt"
 	"log"
-	"math/big"
-	"net"
 	"os"
 	"strconv"
-	"strings"
-	"time"

+	"github.com/PierreZ/tlscert"
 	"github.com/labstack/echo"
 	mw "github.com/labstack/echo/middleware"
 )
@ -31,14 +20,6 @@ var (
 	pathPtr = flag.String("static", "/srv/http", "The path for the static files")
 	crtPtr  = flag.String("crt", "/etc/ssl/server", "Folder for server.pem and key.pem")
 	HTTPPtr = flag.Bool("forceHTTP", false, "Forcing HTTP and not HTTPS")
-
-	// var for cert
-	host       = flag.String("host", "", "Comma-separated hostnames and IPs to generate a certificate for")
-	validFrom  = flag.String("start-date", "", "Creation date formatted as Jan 1 15:04:05 2011")
-	validFor   = flag.Duration("duration", 365*24*time.Hour, "Duration that certificate is valid for")
-	isCA       = flag.Bool("ca", false, "whether this cert should be its own Certificate Authority")
-	rsaBits    = flag.Int("rsa-bits", 2048, "Size of RSA key to generate. Ignored if --ecdsa-curve is set")
-	ecdsaCurve = flag.String("ecdsa-curve", "", "ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521")
 )

 func main() {
@ -58,145 +39,24 @@ func main() {
 	log.Println("Starting goStatic")

 	port := ":" + strconv.FormatInt(int64(*portPtr), 10)
+	path := *crtPtr

 	// Start server with unsecure HTTP
-	// or with awesome TLS
 	if *HTTPPtr {
 		log.Println("Starting serving", *pathPtr, "on", *portPtr)
 		e.Run(port)
-
+		// or with awesome TLS
 	} else {
-
-		// Check for cert
-		_, err := os.Stat(*crtPtr + "cert.pem")
+		if _, err := os.Stat(path + "/cert.pem"); os.IsNotExist(err) {
+			// Generating certificates
+			err := tlscert.GenerateCert(path)
 			if err != nil {
-			log.Println("Cert not found, generating .pem and .crt file")
-			generateCert(*crtPtr)
+				log.Fatalf("Failed generating certs:  %v", err)
+			}
 		}

 		log.Println("Starting serving", *pathPtr, "on", *portPtr)
-		e.RunTLS(port, *crtPtr+"cert.pem", *crtPtr+"key.pem")
+		e.RunTLS(port, path+"/cert.pem", path+"/key.pem")
 	}

 }
-
-// Based on https://golang.org/src/crypto/tls/generate_cert.go
-func generateCert(path string) {
-	var priv interface{}
-	var err error
-	switch *ecdsaCurve {
-	case "":
-		priv, err = rsa.GenerateKey(rand.Reader, *rsaBits)
-	case "P224":
-		priv, err = ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
-	case "P256":
-		priv, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
-	case "P384":
-		priv, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
-	case "P521":
-		priv, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
-	default:
-		fmt.Fprintf(os.Stderr, "Unrecognized elliptic curve: %q", *ecdsaCurve)
-		os.Exit(1)
-	}
-	if err != nil {
-		log.Fatalf("failed to generate private key: %s", err)
-	}
-
-	var notBefore time.Time
-	if len(*validFrom) == 0 {
-		notBefore = time.Now()
-	} else {
-		notBefore, err = time.Parse("Jan 2 15:04:05 2006", *validFrom)
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "Failed to parse creation date: %s\n", err)
-			os.Exit(1)
-		}
-	}
-
-	notAfter := notBefore.Add(*validFor)
-
-	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
-	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
-	if err != nil {
-		log.Fatalf("failed to generate serial number: %s", err)
-	}
-
-	template := x509.Certificate{
-		SerialNumber: serialNumber,
-		Subject: pkix.Name{
-			Organization: []string{"Hooli"},
-		},
-		NotBefore: notBefore,
-		NotAfter:  notAfter,
-
-		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
-		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
-		BasicConstraintsValid: true,
-	}
-
-	hosts := strings.Split(*host, ",")
-	for _, h := range hosts {
-		if ip := net.ParseIP(h); ip != nil {
-			template.IPAddresses = append(template.IPAddresses, ip)
-		} else {
-			template.DNSNames = append(template.DNSNames, h)
-		}
-	}
-
-	if *isCA {
-		template.IsCA = true
-		template.KeyUsage |= x509.KeyUsageCertSign
-	}
-
-	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv)
-	if err != nil {
-		log.Fatalf("Failed to create certificate: %s", err)
-	}
-
-	certOut, err := os.Create(path + "cert.pem")
-	if err != nil {
-		log.Fatalf("failed to open cert.pem for writing: %s", err)
-	}
-	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
-	certOut.Close()
-	log.Print("written cert.pem\n")
-
-	keyOut, err := os.OpenFile(path+"key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
-	if err != nil {
-		log.Print("failed to open key.pem for writing:", err)
-		return
-	}
-	pem.Encode(keyOut, pemBlockForKey(priv))
-	keyOut.Close()
-	log.Print("written key.pem\n")
-}
-
-// Based on https://golang.org/src/crypto/tls/generate_cert.go
-func publicKey(priv interface{}) interface{} {
-	switch k := priv.(type) {
-	case *rsa.PrivateKey:
-		return &k.PublicKey
-	case *ecdsa.PrivateKey:
-		return &k.PublicKey
-	default:
-		return nil
-	}
-}
-
-// Based on https://golang.org/src/crypto/tls/generate_cert.go
-func pemBlockForKey(priv interface{}) *pem.Block {
-	switch k := priv.(type) {
-	case *rsa.PrivateKey:
-		return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k)}
-	case *ecdsa.PrivateKey:
-		b, err := x509.MarshalECPrivateKey(k)
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "Unable to marshal ECDSA private key: %v", err)
-			os.Exit(2)
-		}
-		return &pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
-	default:
-		return nil
-	}
-}