From 189d3a21ecbc146ae93b22c5d579e0439485b4e1 Mon Sep 17 00:00:00 2001 From: raul Date: Thu, 23 May 2024 10:42:10 +0200 Subject: [PATCH] Configure client certificate generation --- cmd/generate-ca.go | 2 +- cmd/generate.go | 38 ----------- cmd/generateFunc.go | 161 +++++++++++++++++++++++++------------------- 3 files changed, 94 insertions(+), 107 deletions(-) delete mode 100644 cmd/generate.go diff --git a/cmd/generate-ca.go b/cmd/generate-ca.go index aa235a4..3f0ac24 100644 --- a/cmd/generate-ca.go +++ b/cmd/generate-ca.go @@ -1,5 +1,5 @@ /* -Copyright © 2024 raul +Copyright © 2024 raul */ package cmd diff --git a/cmd/generate.go b/cmd/generate.go deleted file mode 100644 index c64f406..0000000 --- a/cmd/generate.go +++ /dev/null @@ -1,38 +0,0 @@ -/* -Copyright © 2024 raul -*/ - -package cmd - -import ( - "github.com/spf13/cobra" -) - -// generateCmd represents the generate command -var generateCmd = &cobra.Command{ - Use: "generate", - Short: "A brief description of your command", - Long: `A longer description that spans multiple lines and likely contains examples -and usage of using your command. For example: - -Cobra is a CLI library for Go that empowers applications. -This application is a tool to generate the needed files -to quickly create a Cobra application.`, - Run: func(cmd *cobra.Command, args []string) { - generateCert() - }, -} - -func init() { - rootCmd.AddCommand(generateCmd) - - // Here you will define your flags and configuration settings. - - // Cobra supports Persistent Flags which will work for this command - // and all subcommands, e.g.: - // generateCmd.PersistentFlags().String("foo", "", "A help for foo") - - // Cobra supports local flags which will only run when this command - // is called directly, e.g.: - // generateCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle") -} diff --git a/cmd/generateFunc.go b/cmd/generateFunc.go index 492feef..c893df2 100644 --- a/cmd/generateFunc.go +++ b/cmd/generateFunc.go @@ -1,5 +1,5 @@ /* -Copyright © 2024 raul +Copyright © 2024 raul */ package cmd @@ -35,8 +35,9 @@ var ( func generateCA() { home, err := os.UserHomeDir() if err != nil { - log.Fatalf("Error happened looking up user home directory: %v\n", err) + log.Printf("Error happened looking up user home directory: %v\n", err) } + checkFolders(home) RSA_bitsize = viper.GetInt("CA.rsa_bitsize") serialnumber = viper.GetInt("CA.serial_number") organization = viper.GetString("CA.organization") @@ -77,26 +78,26 @@ func generateCA() { ////// //fmt.Printf("Checking %v/.config/\n", home) - _, err = os.Stat(home + "/.config") - if err != nil { - if os.IsNotExist(err) { - fmt.Printf("$HOME/.config doesn't exist, creating...\n") - os.Mkdir(home+"/.config", 0700) - } else { - log.Fatalf("Error happened accessing .config: %v", err) - } - } + // _, err = os.Stat(home + "/.config") + // if err != nil { + // if os.IsNotExist(err) { + // fmt.Printf("$HOME/.config doesn't exist, creating...\n") + // os.Mkdir(home+"/.config", 0700) + // } else { + // log.Fatalf("Error happened accessing .config: %v", err) + // } + // } //fmt.Printf("Checking %v/.config/cert400\n", home) - _, err = os.Stat(home + "/.config/cert400") - if err != nil { - if os.IsNotExist(err) { - fmt.Printf("$HOME/.config/cert400 doesn't exist, creating...\n") - os.Mkdir(home+"/.config/cert400", 0700) - } else { - log.Fatalf("Error happened accessing cert400: %v\n", err) - } - } + // _, err = os.Stat(home + "/.config/cert400") + // if err != nil { + // if os.IsNotExist(err) { + // fmt.Printf("$HOME/.config/cert400 doesn't exist, creating...\n") + // os.Mkdir(home+"/.config/cert400", 0700) + // } else { + // log.Fatalf("Error happened accessing cert400: %v\n", err) + // } + // } fmt.Printf("Generating %v/.config/cert400/ca.key...\n", home) // TODO: Check if keys already exist and warn the user about it @@ -130,83 +131,70 @@ func generateCA() { key.WriteString(string(caPrivKeyPEM.Bytes())) } -func generateCert() { +func generateCert(serNumber int, clientOrg string, clientCountry string, + clientProvince string, clientLocality string, clientStreetAddr string, + clientPostCode string, clientDomain string, clientNotAfter int, clientBitSize int) (string, string, error) { home, err := os.UserHomeDir() if err != nil { - log.Printf("Error happened looking up user home directory: %v\n", err) - return + e := fmt.Errorf("Error happened looking up user home directory: %v\n", err) + return "", "", e } cert := &x509.Certificate{ - SerialNumber: big.NewInt(1658), + SerialNumber: big.NewInt(int64(serNumber)), Subject: pkix.Name{ - Organization: []string{"LOL Company"}, - Country: []string{"US"}, - Province: []string{""}, - Locality: []string{"San Francisco"}, - StreetAddress: []string{"Golden Gate Bridge"}, - PostalCode: []string{"94016"}, + Organization: []string{clientOrg}, + Country: []string{clientCountry}, + Province: []string{clientProvince}, + Locality: []string{clientLocality}, + StreetAddress: []string{clientStreetAddr}, + PostalCode: []string{clientPostCode}, }, - PermittedDNSDomains: []string{"test.bulgariu.xyz"}, + PermittedDNSDomains: []string{clientDomain}, NotBefore: time.Now(), - NotAfter: time.Now().AddDate(10, 0, 0), + NotAfter: time.Now().AddDate(clientNotAfter, 0, 0), SubjectKeyId: []byte{1, 2, 3, 4, 6}, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, KeyUsage: x509.KeyUsageDigitalSignature, } - certPrivKey, err := rsa.GenerateKey(rand.Reader, 4096) + certPrivKey, err := rsa.GenerateKey(rand.Reader, clientBitSize) if err != nil { - log.Printf("Error happened generating client privkey: %v\n", err) - return + e := fmt.Errorf("Error happened generating client privkey: %v\n", err) + return "", "", e } - ////////////////////// Fetching CA data ////////////////////// - // caPath, err := os.Open(home + "/.config/cert400/ca.crt") - // if err != nil { - // log.Printf("Error happened opening CA certificate: %v\n", err) - // return - // } - // defer caPath.Close() - // caPrivPath, err := os.Open(home + "/.config/cert400/ca.key") - // if err != nil { - // log.Printf("Error happened opening CA privkey: %v\n", err) - // return - // } - // defer caPrivPath.Close() - ////////////////////////////////////////////////////////////// - // Parse private CA certificate ///////////////////////////// caFile, err := os.ReadFile(home + "/.config/cert400/ca.crt") if err != nil { - log.Printf("Error happened reading from CA certificate: %v\n", err) - return + e := fmt.Errorf("Error happened reading from CA certificate: %v\n", err) + return "", "", e } caPubBlock, _ := pem.Decode(caFile) caCert, err := x509.ParseCertificate(caPubBlock.Bytes) if err != nil { - log.Printf("Error happened parsing CA certificate: %v\n", err) - return + e := fmt.Errorf("Error happened parsing CA certificate: %v\n", err) + return "", "", e } ///////////////////////////////////////////////////////////// // Parse public CA certificate ///////////////////////////// caPrivFile, err := os.ReadFile(home + "/.config/cert400/ca.key") if err != nil { - log.Printf("Error happened reading from CA privkey: %v\n", err) - return + e := fmt.Errorf("Error happened reading from CA privkey: %v\n", err) + return "", "", e } caPrivBlock, _ := pem.Decode(caPrivFile) caPrivKey, err := x509.ParsePKCS1PrivateKey(caPrivBlock.Bytes) if err != nil { - log.Printf("Error happened parsing CA privkey: %v\n", err) - return + e := fmt.Errorf("Error happened parsing CA privkey: %v\n", err) + return "", "", e } // Generate signed client certificate certBytes, err := x509.CreateCertificate(rand.Reader, cert, caCert, &certPrivKey.PublicKey, caPrivKey) if err != nil { - log.Printf("Error happened signing certificate: %v\n", err) - return + e := fmt.Errorf("Error happened signing certificate: %v\n", err) + return "", "", e } certPEM := new(bytes.Buffer) @@ -220,23 +208,60 @@ func generateCert() { Bytes: x509.MarshalPKCS1PrivateKey(certPrivKey), }) - fmt.Printf("Generating %v/.config/cert400/client.key...\n", home) - clientkey, err := os.OpenFile(home+"/.config/cert400/client.key", os.O_WRONLY|os.O_CREATE, 0600) + log.Printf("Generating %v/.config/") + fmt.Printf("Generating %v/.config/cert400/clientCertificates/"+clientDomain+".key...\n", home) + clientkey, err := os.OpenFile(home+"/.config/cert400/clientCertificates/"+clientDomain+".key", os.O_WRONLY|os.O_CREATE, 0600) if err != nil { - log.Printf("Error happened opening file: %v\n", err) - return + e := fmt.Errorf("Error happened opening file: %v\n", err) + return "", "", e } defer clientkey.Close() - fmt.Printf("Generating %v/.config/cert400/client.cert...\n", home) - clientcert, err := os.OpenFile(home+"/.config/cert400/client.crt", os.O_WRONLY|os.O_CREATE, 0600) + fmt.Printf("Generating %v/.config/cert400/clientCertificates/"+clientDomain+".crt...\n", home) + clientcert, err := os.OpenFile(home+"/.config/cert400/clientCertificates/"+clientDomain+".crt", os.O_WRONLY|os.O_CREATE, 0600) if err != nil { - log.Printf("Error happened opening file: %v\n", err) - return + e := fmt.Errorf("Error happened opening file: %v\n", err) + return "", "", e } defer clientcert.Close() + certPath := fmt.Sprintf("%v/.config/cert400/clientCertificates/%v.crt", home, clientDomain) + keyPath := fmt.Sprintf("%v/.config/cert400/clientCertificates/%v.key", home, clientDomain) + clientkey.WriteString(string(certPrivKeyPEM.Bytes())) clientcert.WriteString(string(certPEM.Bytes())) + return certPath, keyPath, nil +} + +func checkFolders(home string) { + _, err := os.Stat(home + "/.config") + if err != nil { + if os.IsNotExist(err) { + fmt.Printf("$HOME/.config doesn't exist, creating...\n") + os.Mkdir(home+"/.config", 0700) + } else { + log.Fatalf("Error happened accessing .config: %v", err) + } + } + _, err = os.Stat(home + "/.config/cert400") + if err != nil { + if os.IsNotExist(err) { + fmt.Printf("$HOME/.config/cert400 doesn't exist, creating...\n") + os.Mkdir(home+"/.config/cert400", 0700) + } else { + log.Fatalf("Error happened accessing cert400: %v\n", err) + } + } + + _, err = os.Stat(home + "/.config/cert400/clientCertificates") + if err != nil { + if os.IsNotExist(err) { + fmt.Printf("$HOME/.config/cert400/clientCertificates doesn't exist, creating...\n") + os.Mkdir(home+"/.config/cert400/clientCertificates", 0700) + } else { + log.Fatalf("Error happened accessing cert400: %v\n", err) + } + } + }