mirror of
https://github.com/ergochat/ergo.git
synced 2025-11-04 07:47:25 +01:00
mkcerts: Clean up and rename to be nicer
This commit is contained in:
Daniel Oaks
parent
b519145a8a
commit
d65f86e120
@ -39,7 +39,7 @@ go install
|
||||
cp oragono.yaml ircd.yaml
|
||||
vim ircd.yaml # modify the config file to your liking
|
||||
oragono initdb
|
||||
oragono createcerts
|
||||
oragono mkcerts
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
@ -17,8 +17,8 @@ import (
|
||||
"time"
|
||||
)
|
||||
|
||||
// CreateCert creates a testing ECDSA certificate, outputting the cert and key at the given filenames.
|
||||
func CreateCert(orgName string, host string, certFilename string, keyFilename string) error {
|
||||
// CreateCertBytes creates a testing ECDSA certificate, returning the cert and key bytes.
|
||||
func CreateCertBytes(orgName string, host string) (certBytes []byte, keyBytes []byte, err error) {
|
||||
validFrom := time.Now()
|
||||
validFor := 365 * 24 * time.Hour
|
||||
notAfter := validFrom.Add(validFor)
|
||||
@ -28,7 +28,7 @@ func CreateCert(orgName string, host string, certFilename string, keyFilename st
|
||||
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
|
||||
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to generate serial number: %s", err)
|
||||
return nil, nil, fmt.Errorf("failed to generate serial number: %s", err)
|
||||
}
|
||||
|
||||
template := x509.Certificate{
|
||||
@ -54,26 +54,47 @@ func CreateCert(orgName string, host string, certFilename string, keyFilename st
|
||||
|
||||
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Failed to create certificate: %s", err.Error())
|
||||
return nil, nil, fmt.Errorf("Failed to create certificate: %s", err.Error())
|
||||
}
|
||||
|
||||
certBytes = pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
|
||||
|
||||
b, err := x509.MarshalECPrivateKey(priv)
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("Unable to marshal ECDSA private key: %v", err.Error())
|
||||
}
|
||||
pemBlock := pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
|
||||
keyBytes = pem.EncodeToMemory(&pemBlock)
|
||||
return certBytes, keyBytes, nil
|
||||
}
|
||||
|
||||
// CreateCert creates a testing ECDSA certificate, outputting the cert and key at the given filenames.
|
||||
func CreateCert(orgName string, host string, certFilename string, keyFilename string) error {
|
||||
certBytes, keyBytes, err := CreateCertBytes(orgName, host)
|
||||
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
certOut, err := os.Create(certFilename)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to open %s for writing: %s", certFilename, err.Error())
|
||||
}
|
||||
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
|
||||
certOut.Close()
|
||||
defer certOut.Close()
|
||||
_, err = certOut.Write(certBytes)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to write out cert file %s: %s", certFilename, err.Error())
|
||||
}
|
||||
|
||||
keyOut, err := os.OpenFile(keyFilename, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to open %s for writing: %s", keyFilename, err.Error())
|
||||
}
|
||||
b, err := x509.MarshalECPrivateKey(priv)
|
||||
defer keyOut.Close()
|
||||
_, err = keyOut.Write(keyBytes)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Unable to marshal ECDSA private key: %v", err.Error())
|
||||
return fmt.Errorf("failed to write out key file %s: %s", keyFilename, err.Error())
|
||||
}
|
||||
pemBlock := pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
|
||||
pem.Encode(keyOut, &pemBlock)
|
||||
keyOut.Close()
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -23,7 +23,7 @@ Usage:
|
||||
oragono initdb [--conf <filename>]
|
||||
oragono upgradedb [--conf <filename>]
|
||||
oragono genpasswd [--conf <filename>]
|
||||
oragono createcerts [--conf <filename>]
|
||||
oragono mkcerts [--conf <filename>]
|
||||
oragono run [--conf <filename>]
|
||||
oragono -h | --help
|
||||
oragono --version
|
||||
@ -59,11 +59,11 @@ Options:
|
||||
} else if arguments["upgradedb"].(bool) {
|
||||
irc.UpgradeDB(config.Server.Database)
|
||||
log.Println("database upgraded: ", config.Server.Database)
|
||||
} else if arguments["createcerts"].(bool) {
|
||||
log.Println("creating self-signed certificates")
|
||||
} else if arguments["mkcerts"].(bool) {
|
||||
log.Println("making self-signed certificates")
|
||||
|
||||
for name, conf := range config.Server.TLSListeners {
|
||||
log.Printf(" creating cert for %s listener\n", name)
|
||||
log.Printf(" making cert for %s listener\n", name)
|
||||
host := config.Server.Name
|
||||
err := mkcerts.CreateCert("Oragono", host, conf.Cert, conf.Key)
|
||||
if err == nil {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user