GitHub
/
ergo
mirror of https://github.com/ergochat/ergo.git
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

mkcerts: Clean up and rename to be nicer

This commit is contained in:
Daniel Oaks 2016-08-13 18:17:40 +10:00
parent b519145a8a
commit d65f86e120
3 changed files with 37 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -39,7 +39,7 @@ go install
cp oragono.yaml ircd.yaml cp oragono.yaml ircd.yaml
vim ircd.yaml # modify the config file to your liking vim ircd.yaml # modify the config file to your liking
oragono initdb oragono initdb
oragono createcerts oragono mkcerts
``` ```
## Configuration ## Configuration

43
mkcerts/certs.go
View File

@ -17,8 +17,8 @@ import (
"time" "time"
) )
// CreateCert creates a testing ECDSA certificate, outputting the cert and key at the given filenames. // CreateCertBytes creates a testing ECDSA certificate, returning the cert and key bytes.
func CreateCert(orgName string, host string, certFilename string, keyFilename string) error { func CreateCertBytes(orgName string, host string) (certBytes []byte, keyBytes []byte, err error) {
validFrom := time.Now() validFrom := time.Now()
validFor := 365 * 24 * time.Hour validFor := 365 * 24 * time.Hour
notAfter := validFrom.Add(validFor) notAfter := validFrom.Add(validFor)
@ -28,7 +28,7 @@ func CreateCert(orgName string, host string, certFilename string, keyFilename st
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil { if err != nil {
return fmt.Errorf("failed to generate serial number: %s", err) return nil, nil, fmt.Errorf("failed to generate serial number: %s", err)
} }
template := x509.Certificate{ template := x509.Certificate{
@ -54,26 +54,47 @@ func CreateCert(orgName string, host string, certFilename string, keyFilename st
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv) derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
if err != nil { if err != nil {
return fmt.Errorf("Failed to create certificate: %s", err.Error()) return nil, nil, fmt.Errorf("Failed to create certificate: %s", err.Error())
}
certBytes = pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
b, err := x509.MarshalECPrivateKey(priv)
if err != nil {
return nil, nil, fmt.Errorf("Unable to marshal ECDSA private key: %v", err.Error())
}
pemBlock := pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
keyBytes = pem.EncodeToMemory(&pemBlock)
return certBytes, keyBytes, nil
}
// CreateCert creates a testing ECDSA certificate, outputting the cert and key at the given filenames.
func CreateCert(orgName string, host string, certFilename string, keyFilename string) error {
certBytes, keyBytes, err := CreateCertBytes(orgName, host)
if err != nil {
return err
} }
certOut, err := os.Create(certFilename) certOut, err := os.Create(certFilename)
if err != nil { if err != nil {
return fmt.Errorf("failed to open %s for writing: %s", certFilename, err.Error()) return fmt.Errorf("failed to open %s for writing: %s", certFilename, err.Error())
} }
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) defer certOut.Close()
certOut.Close() _, err = certOut.Write(certBytes)
if err != nil {
return fmt.Errorf("failed to write out cert file %s: %s", certFilename, err.Error())
}
keyOut, err := os.OpenFile(keyFilename, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) keyOut, err := os.OpenFile(keyFilename, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil { if err != nil {
return fmt.Errorf("failed to open %s for writing: %s", keyFilename, err.Error()) return fmt.Errorf("failed to open %s for writing: %s", keyFilename, err.Error())
} }
b, err := x509.MarshalECPrivateKey(priv) defer keyOut.Close()
_, err = keyOut.Write(keyBytes)
if err != nil { if err != nil {
return fmt.Errorf("Unable to marshal ECDSA private key: %v", err.Error()) return fmt.Errorf("failed to write out key file %s: %s", keyFilename, err.Error())
} }
pemBlock := pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
pem.Encode(keyOut, &pemBlock)
keyOut.Close()
return nil return nil
} }

8
oragono.go
View File

@ -23,7 +23,7 @@ Usage:
oragono initdb [--conf <filename>] oragono initdb [--conf <filename>]
oragono upgradedb [--conf <filename>] oragono upgradedb [--conf <filename>]
oragono genpasswd [--conf <filename>] oragono genpasswd [--conf <filename>]
oragono createcerts [--conf <filename>] oragono mkcerts [--conf <filename>]
oragono run [--conf <filename>] oragono run [--conf <filename>]
oragono -h | --help oragono -h | --help
oragono --version oragono --version
@ -59,11 +59,11 @@ Options:
} else if arguments["upgradedb"].(bool) { } else if arguments["upgradedb"].(bool) {
irc.UpgradeDB(config.Server.Database) irc.UpgradeDB(config.Server.Database)
log.Println("database upgraded: ", config.Server.Database) log.Println("database upgraded: ", config.Server.Database)
} else if arguments["createcerts"].(bool) { } else if arguments["mkcerts"].(bool) {
log.Println("creating self-signed certificates") log.Println("making self-signed certificates")
for name, conf := range config.Server.TLSListeners { for name, conf := range config.Server.TLSListeners {
log.Printf(" creating cert for %s listener\n", name) log.Printf(" making cert for %s listener\n", name)
host := config.Server.Name host := config.Server.Name
err := mkcerts.CreateCert("Oragono", host, conf.Cert, conf.Key) err := mkcerts.CreateCert("Oragono", host, conf.Cert, conf.Key)
if err == nil { if err == nil {