3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-11-13 07:29:30 +01:00

mkcerts: Clean up and rename to be nicer

This commit is contained in:
Daniel Oaks 2016-08-13 18:17:40 +10:00
parent b519145a8a
commit d65f86e120
3 changed files with 37 additions and 16 deletions

View File

@ -39,7 +39,7 @@ go install
cp oragono.yaml ircd.yaml
vim ircd.yaml # modify the config file to your liking
oragono initdb
oragono createcerts
oragono mkcerts
```
## Configuration

View File

@ -17,8 +17,8 @@ import (
"time"
)
// CreateCert creates a testing ECDSA certificate, outputting the cert and key at the given filenames.
func CreateCert(orgName string, host string, certFilename string, keyFilename string) error {
// CreateCertBytes creates a testing ECDSA certificate, returning the cert and key bytes.
func CreateCertBytes(orgName string, host string) (certBytes []byte, keyBytes []byte, err error) {
validFrom := time.Now()
validFor := 365 * 24 * time.Hour
notAfter := validFrom.Add(validFor)
@ -28,7 +28,7 @@ func CreateCert(orgName string, host string, certFilename string, keyFilename st
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil {
return fmt.Errorf("failed to generate serial number: %s", err)
return nil, nil, fmt.Errorf("failed to generate serial number: %s", err)
}
template := x509.Certificate{
@ -54,26 +54,47 @@ func CreateCert(orgName string, host string, certFilename string, keyFilename st
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
if err != nil {
return fmt.Errorf("Failed to create certificate: %s", err.Error())
return nil, nil, fmt.Errorf("Failed to create certificate: %s", err.Error())
}
certBytes = pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
b, err := x509.MarshalECPrivateKey(priv)
if err != nil {
return nil, nil, fmt.Errorf("Unable to marshal ECDSA private key: %v", err.Error())
}
pemBlock := pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
keyBytes = pem.EncodeToMemory(&pemBlock)
return certBytes, keyBytes, nil
}
// CreateCert creates a testing ECDSA certificate, outputting the cert and key at the given filenames.
func CreateCert(orgName string, host string, certFilename string, keyFilename string) error {
certBytes, keyBytes, err := CreateCertBytes(orgName, host)
if err != nil {
return err
}
certOut, err := os.Create(certFilename)
if err != nil {
return fmt.Errorf("failed to open %s for writing: %s", certFilename, err.Error())
}
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
certOut.Close()
defer certOut.Close()
_, err = certOut.Write(certBytes)
if err != nil {
return fmt.Errorf("failed to write out cert file %s: %s", certFilename, err.Error())
}
keyOut, err := os.OpenFile(keyFilename, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil {
return fmt.Errorf("failed to open %s for writing: %s", keyFilename, err.Error())
}
b, err := x509.MarshalECPrivateKey(priv)
defer keyOut.Close()
_, err = keyOut.Write(keyBytes)
if err != nil {
return fmt.Errorf("Unable to marshal ECDSA private key: %v", err.Error())
return fmt.Errorf("failed to write out key file %s: %s", keyFilename, err.Error())
}
pemBlock := pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
pem.Encode(keyOut, &pemBlock)
keyOut.Close()
return nil
}

View File

@ -23,7 +23,7 @@ Usage:
oragono initdb [--conf <filename>]
oragono upgradedb [--conf <filename>]
oragono genpasswd [--conf <filename>]
oragono createcerts [--conf <filename>]
oragono mkcerts [--conf <filename>]
oragono run [--conf <filename>]
oragono -h | --help
oragono --version
@ -59,11 +59,11 @@ Options:
} else if arguments["upgradedb"].(bool) {
irc.UpgradeDB(config.Server.Database)
log.Println("database upgraded: ", config.Server.Database)
} else if arguments["createcerts"].(bool) {
log.Println("creating self-signed certificates")
} else if arguments["mkcerts"].(bool) {
log.Println("making self-signed certificates")
for name, conf := range config.Server.TLSListeners {
log.Printf(" creating cert for %s listener\n", name)
log.Printf(" making cert for %s listener\n", name)
host := config.Server.Name
err := mkcerts.CreateCert("Oragono", host, conf.Cert, conf.Key)
if err == nil {