mirror of
https://github.com/ergochat/ergo.git
synced 2024-11-22 11:59:40 +01:00
mkcerts: Clean up and rename to be nicer
This commit is contained in:
parent
b519145a8a
commit
d65f86e120
@ -39,7 +39,7 @@ go install
|
|||||||
cp oragono.yaml ircd.yaml
|
cp oragono.yaml ircd.yaml
|
||||||
vim ircd.yaml # modify the config file to your liking
|
vim ircd.yaml # modify the config file to your liking
|
||||||
oragono initdb
|
oragono initdb
|
||||||
oragono createcerts
|
oragono mkcerts
|
||||||
```
|
```
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
@ -17,8 +17,8 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
// CreateCert creates a testing ECDSA certificate, outputting the cert and key at the given filenames.
|
// CreateCertBytes creates a testing ECDSA certificate, returning the cert and key bytes.
|
||||||
func CreateCert(orgName string, host string, certFilename string, keyFilename string) error {
|
func CreateCertBytes(orgName string, host string) (certBytes []byte, keyBytes []byte, err error) {
|
||||||
validFrom := time.Now()
|
validFrom := time.Now()
|
||||||
validFor := 365 * 24 * time.Hour
|
validFor := 365 * 24 * time.Hour
|
||||||
notAfter := validFrom.Add(validFor)
|
notAfter := validFrom.Add(validFor)
|
||||||
@ -28,7 +28,7 @@ func CreateCert(orgName string, host string, certFilename string, keyFilename st
|
|||||||
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
|
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
|
||||||
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
|
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to generate serial number: %s", err)
|
return nil, nil, fmt.Errorf("failed to generate serial number: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
template := x509.Certificate{
|
template := x509.Certificate{
|
||||||
@ -54,26 +54,47 @@ func CreateCert(orgName string, host string, certFilename string, keyFilename st
|
|||||||
|
|
||||||
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
|
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Failed to create certificate: %s", err.Error())
|
return nil, nil, fmt.Errorf("Failed to create certificate: %s", err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
certBytes = pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
|
||||||
|
|
||||||
|
b, err := x509.MarshalECPrivateKey(priv)
|
||||||
|
if err != nil {
|
||||||
|
return nil, nil, fmt.Errorf("Unable to marshal ECDSA private key: %v", err.Error())
|
||||||
|
}
|
||||||
|
pemBlock := pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
|
||||||
|
keyBytes = pem.EncodeToMemory(&pemBlock)
|
||||||
|
return certBytes, keyBytes, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// CreateCert creates a testing ECDSA certificate, outputting the cert and key at the given filenames.
|
||||||
|
func CreateCert(orgName string, host string, certFilename string, keyFilename string) error {
|
||||||
|
certBytes, keyBytes, err := CreateCertBytes(orgName, host)
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
certOut, err := os.Create(certFilename)
|
certOut, err := os.Create(certFilename)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to open %s for writing: %s", certFilename, err.Error())
|
return fmt.Errorf("failed to open %s for writing: %s", certFilename, err.Error())
|
||||||
}
|
}
|
||||||
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
|
defer certOut.Close()
|
||||||
certOut.Close()
|
_, err = certOut.Write(certBytes)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("failed to write out cert file %s: %s", certFilename, err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
keyOut, err := os.OpenFile(keyFilename, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
|
keyOut, err := os.OpenFile(keyFilename, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to open %s for writing: %s", keyFilename, err.Error())
|
return fmt.Errorf("failed to open %s for writing: %s", keyFilename, err.Error())
|
||||||
}
|
}
|
||||||
b, err := x509.MarshalECPrivateKey(priv)
|
defer keyOut.Close()
|
||||||
|
_, err = keyOut.Write(keyBytes)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Unable to marshal ECDSA private key: %v", err.Error())
|
return fmt.Errorf("failed to write out key file %s: %s", keyFilename, err.Error())
|
||||||
}
|
}
|
||||||
pemBlock := pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
|
|
||||||
pem.Encode(keyOut, &pemBlock)
|
|
||||||
keyOut.Close()
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -23,7 +23,7 @@ Usage:
|
|||||||
oragono initdb [--conf <filename>]
|
oragono initdb [--conf <filename>]
|
||||||
oragono upgradedb [--conf <filename>]
|
oragono upgradedb [--conf <filename>]
|
||||||
oragono genpasswd [--conf <filename>]
|
oragono genpasswd [--conf <filename>]
|
||||||
oragono createcerts [--conf <filename>]
|
oragono mkcerts [--conf <filename>]
|
||||||
oragono run [--conf <filename>]
|
oragono run [--conf <filename>]
|
||||||
oragono -h | --help
|
oragono -h | --help
|
||||||
oragono --version
|
oragono --version
|
||||||
@ -59,11 +59,11 @@ Options:
|
|||||||
} else if arguments["upgradedb"].(bool) {
|
} else if arguments["upgradedb"].(bool) {
|
||||||
irc.UpgradeDB(config.Server.Database)
|
irc.UpgradeDB(config.Server.Database)
|
||||||
log.Println("database upgraded: ", config.Server.Database)
|
log.Println("database upgraded: ", config.Server.Database)
|
||||||
} else if arguments["createcerts"].(bool) {
|
} else if arguments["mkcerts"].(bool) {
|
||||||
log.Println("creating self-signed certificates")
|
log.Println("making self-signed certificates")
|
||||||
|
|
||||||
for name, conf := range config.Server.TLSListeners {
|
for name, conf := range config.Server.TLSListeners {
|
||||||
log.Printf(" creating cert for %s listener\n", name)
|
log.Printf(" making cert for %s listener\n", name)
|
||||||
host := config.Server.Name
|
host := config.Server.Name
|
||||||
err := mkcerts.CreateCert("Oragono", host, conf.Cert, conf.Key)
|
err := mkcerts.CreateCert("Oragono", host, conf.Cert, conf.Key)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
|
Loading…
Reference in New Issue
Block a user