diff --git a/README.md b/README.md index 3bfc868e..7c860f36 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ go install cp oragono.yaml ircd.yaml vim ircd.yaml # modify the config file to your liking oragono initdb -oragono createcerts +oragono mkcerts ``` ## Configuration diff --git a/mkcerts/certs.go b/mkcerts/certs.go index a956a984..e18fad06 100644 --- a/mkcerts/certs.go +++ b/mkcerts/certs.go @@ -17,8 +17,8 @@ import ( "time" ) -// CreateCert creates a testing ECDSA certificate, outputting the cert and key at the given filenames. -func CreateCert(orgName string, host string, certFilename string, keyFilename string) error { +// CreateCertBytes creates a testing ECDSA certificate, returning the cert and key bytes. +func CreateCertBytes(orgName string, host string) (certBytes []byte, keyBytes []byte, err error) { validFrom := time.Now() validFor := 365 * 24 * time.Hour notAfter := validFrom.Add(validFor) @@ -28,7 +28,7 @@ func CreateCert(orgName string, host string, certFilename string, keyFilename st serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) if err != nil { - return fmt.Errorf("failed to generate serial number: %s", err) + return nil, nil, fmt.Errorf("failed to generate serial number: %s", err) } template := x509.Certificate{ @@ -54,26 +54,47 @@ func CreateCert(orgName string, host string, certFilename string, keyFilename st derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv) if err != nil { - return fmt.Errorf("Failed to create certificate: %s", err.Error()) + return nil, nil, fmt.Errorf("Failed to create certificate: %s", err.Error()) + } + + certBytes = pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) + + b, err := x509.MarshalECPrivateKey(priv) + if err != nil { + return nil, nil, fmt.Errorf("Unable to marshal ECDSA private key: %v", err.Error()) + } + pemBlock := pem.Block{Type: "EC PRIVATE KEY", Bytes: b} + keyBytes = pem.EncodeToMemory(&pemBlock) + return certBytes, keyBytes, nil +} + +// CreateCert creates a testing ECDSA certificate, outputting the cert and key at the given filenames. +func CreateCert(orgName string, host string, certFilename string, keyFilename string) error { + certBytes, keyBytes, err := CreateCertBytes(orgName, host) + + if err != nil { + return err } certOut, err := os.Create(certFilename) if err != nil { return fmt.Errorf("failed to open %s for writing: %s", certFilename, err.Error()) } - pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) - certOut.Close() + defer certOut.Close() + _, err = certOut.Write(certBytes) + if err != nil { + return fmt.Errorf("failed to write out cert file %s: %s", certFilename, err.Error()) + } keyOut, err := os.OpenFile(keyFilename, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) if err != nil { return fmt.Errorf("failed to open %s for writing: %s", keyFilename, err.Error()) } - b, err := x509.MarshalECPrivateKey(priv) + defer keyOut.Close() + _, err = keyOut.Write(keyBytes) if err != nil { - return fmt.Errorf("Unable to marshal ECDSA private key: %v", err.Error()) + return fmt.Errorf("failed to write out key file %s: %s", keyFilename, err.Error()) } - pemBlock := pem.Block{Type: "EC PRIVATE KEY", Bytes: b} - pem.Encode(keyOut, &pemBlock) - keyOut.Close() + return nil } diff --git a/oragono.go b/oragono.go index aa8b881b..95ea6d26 100644 --- a/oragono.go +++ b/oragono.go @@ -23,7 +23,7 @@ Usage: oragono initdb [--conf ] oragono upgradedb [--conf ] oragono genpasswd [--conf ] - oragono createcerts [--conf ] + oragono mkcerts [--conf ] oragono run [--conf ] oragono -h | --help oragono --version @@ -59,11 +59,11 @@ Options: } else if arguments["upgradedb"].(bool) { irc.UpgradeDB(config.Server.Database) log.Println("database upgraded: ", config.Server.Database) - } else if arguments["createcerts"].(bool) { - log.Println("creating self-signed certificates") + } else if arguments["mkcerts"].(bool) { + log.Println("making self-signed certificates") for name, conf := range config.Server.TLSListeners { - log.Printf(" creating cert for %s listener\n", name) + log.Printf(" making cert for %s listener\n", name) host := config.Server.Name err := mkcerts.CreateCert("Oragono", host, conf.Cert, conf.Key) if err == nil {