Configure client certificate generation

cmd/generate-ca.go

@@ -1,5 +1,5 @@
 /*
-Copyright © 2024 raul
+Copyright © 2024 raul <raul@bulgariu.xyz>
 */
 
 package cmd

cmd/generate.go

@@ -1,38 +0,0 @@
-/*
-Copyright © 2024 raul
-*/
-
-package cmd
-
-import (
-	"github.com/spf13/cobra"
-)
-
-// generateCmd represents the generate command
-var generateCmd = &cobra.Command{
-	Use:   "generate",
-	Short: "A brief description of your command",
-	Long: `A longer description that spans multiple lines and likely contains examples
-and usage of using your command. For example:
-
-Cobra is a CLI library for Go that empowers applications.
-This application is a tool to generate the needed files
-to quickly create a Cobra application.`,
-	Run: func(cmd *cobra.Command, args []string) {
-		generateCert()
-	},
-}
-
-func init() {
-	rootCmd.AddCommand(generateCmd)
-
-	// Here you will define your flags and configuration settings.
-
-	// Cobra supports Persistent Flags which will work for this command
-	// and all subcommands, e.g.:
-	// generateCmd.PersistentFlags().String("foo", "", "A help for foo")
-
-	// Cobra supports local flags which will only run when this command
-	// is called directly, e.g.:
-	// generateCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
-}

cmd/generateFunc.go

@@ -1,5 +1,5 @@
 /*
-Copyright © 2024 raul
+Copyright © 2024 raul <raul@bulgariu.xyz>
 */
 
 package cmd
@@ -35,8 +35,9 @@ var (
 func generateCA() {
 	home, err := os.UserHomeDir()
 	if err != nil {
-		log.Fatalf("Error happened looking up user home directory: %v\n", err)
+		log.Printf("Error happened looking up user home directory: %v\n", err)
 	}
+	checkFolders(home)
 	RSA_bitsize = viper.GetInt("CA.rsa_bitsize")
 	serialnumber = viper.GetInt("CA.serial_number")
 	organization = viper.GetString("CA.organization")
@@ -77,26 +78,26 @@ func generateCA() {
 
 	//////
 	//fmt.Printf("Checking %v/.config/\n", home)
-	_, err = os.Stat(home + "/.config")
-	if err != nil {
-		if os.IsNotExist(err) {
-			fmt.Printf("$HOME/.config doesn't exist, creating...\n")
-			os.Mkdir(home+"/.config", 0700)
-		} else {
-			log.Fatalf("Error happened accessing .config: %v", err)
-		}
-	}
+	// _, err = os.Stat(home + "/.config")
+	// if err != nil {
+	// 	if os.IsNotExist(err) {
+	// 		fmt.Printf("$HOME/.config doesn't exist, creating...\n")
+	// 		os.Mkdir(home+"/.config", 0700)
+	// 	} else {
+	// 		log.Fatalf("Error happened accessing .config: %v", err)
+	// 	}
+	// }
 
 	//fmt.Printf("Checking %v/.config/cert400\n", home)
-	_, err = os.Stat(home + "/.config/cert400")
-	if err != nil {
-		if os.IsNotExist(err) {
-			fmt.Printf("$HOME/.config/cert400 doesn't exist, creating...\n")
-			os.Mkdir(home+"/.config/cert400", 0700)
-		} else {
-			log.Fatalf("Error happened accessing cert400: %v\n", err)
-		}
-	}
+	// _, err = os.Stat(home + "/.config/cert400")
+	// if err != nil {
+	// 	if os.IsNotExist(err) {
+	// 		fmt.Printf("$HOME/.config/cert400 doesn't exist, creating...\n")
+	// 		os.Mkdir(home+"/.config/cert400", 0700)
+	// 	} else {
+	// 		log.Fatalf("Error happened accessing cert400: %v\n", err)
+	// 	}
+	// }
 
 	fmt.Printf("Generating %v/.config/cert400/ca.key...\n", home)
 	// TODO: Check if keys already exist and warn the user about it
@@ -130,83 +131,70 @@ func generateCA() {
 	key.WriteString(string(caPrivKeyPEM.Bytes()))
 }
 
-func generateCert() {
+func generateCert(serNumber int, clientOrg string, clientCountry string,
+	clientProvince string, clientLocality string, clientStreetAddr string,
+	clientPostCode string, clientDomain string, clientNotAfter int, clientBitSize int) (string, string, error) {
 	home, err := os.UserHomeDir()
 	if err != nil {
-		log.Printf("Error happened looking up user home directory: %v\n", err)
-		return
+		e := fmt.Errorf("Error happened looking up user home directory: %v\n", err)
+		return "", "", e
 	}
 	cert := &x509.Certificate{
-		SerialNumber: big.NewInt(1658),
+		SerialNumber: big.NewInt(int64(serNumber)),
 		Subject: pkix.Name{
-			Organization:  []string{"LOL Company"},
-			Country:       []string{"US"},
-			Province:      []string{""},
-			Locality:      []string{"San Francisco"},
-			StreetAddress: []string{"Golden Gate Bridge"},
-			PostalCode:    []string{"94016"},
+			Organization:  []string{clientOrg},
+			Country:       []string{clientCountry},
+			Province:      []string{clientProvince},
+			Locality:      []string{clientLocality},
+			StreetAddress: []string{clientStreetAddr},
+			PostalCode:    []string{clientPostCode},
 		},
-		PermittedDNSDomains: []string{"test.bulgariu.xyz"},
+		PermittedDNSDomains: []string{clientDomain},
 		NotBefore:           time.Now(),
-		NotAfter:            time.Now().AddDate(10, 0, 0),
+		NotAfter:            time.Now().AddDate(clientNotAfter, 0, 0),
 		SubjectKeyId:        []byte{1, 2, 3, 4, 6},
 		ExtKeyUsage:         []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
 		KeyUsage:            x509.KeyUsageDigitalSignature,
 	}
 
-	certPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)
+	certPrivKey, err := rsa.GenerateKey(rand.Reader, clientBitSize)
 	if err != nil {
-		log.Printf("Error happened generating client privkey: %v\n", err)
-		return
+		e := fmt.Errorf("Error happened generating client privkey: %v\n", err)
+		return "", "", e
 	}
 
-	////////////////////// Fetching CA data //////////////////////
-	// caPath, err := os.Open(home + "/.config/cert400/ca.crt")
-	// if err != nil {
-	// 	log.Printf("Error happened opening CA certificate: %v\n", err)
-	// 	return
-	// }
-	// defer caPath.Close()
-	// caPrivPath, err := os.Open(home + "/.config/cert400/ca.key")
-	// if err != nil {
-	// 	log.Printf("Error happened opening CA privkey: %v\n", err)
-	// 	return
-	// }
-	// defer caPrivPath.Close()
-	//////////////////////////////////////////////////////////////
-
 	// Parse private CA certificate /////////////////////////////
 	caFile, err := os.ReadFile(home + "/.config/cert400/ca.crt")
 	if err != nil {
-		log.Printf("Error happened reading from CA certificate: %v\n", err)
-		return
+		e := fmt.Errorf("Error happened reading from CA certificate: %v\n", err)
+		return "", "", e
 	}
 	caPubBlock, _ := pem.Decode(caFile)
 	caCert, err := x509.ParseCertificate(caPubBlock.Bytes)
 	if err != nil {
-		log.Printf("Error happened parsing CA certificate: %v\n", err)
-		return
+		e := fmt.Errorf("Error happened parsing CA certificate: %v\n", err)
+		return "", "", e
 	}
 	/////////////////////////////////////////////////////////////
 
 	// Parse public CA certificate /////////////////////////////
 	caPrivFile, err := os.ReadFile(home + "/.config/cert400/ca.key")
 	if err != nil {
-		log.Printf("Error happened reading from CA privkey: %v\n", err)
-		return
+		e := fmt.Errorf("Error happened reading from CA privkey: %v\n", err)
+		return "", "", e
 	}
 	caPrivBlock, _ := pem.Decode(caPrivFile)
 	caPrivKey, err := x509.ParsePKCS1PrivateKey(caPrivBlock.Bytes)
 	if err != nil {
-		log.Printf("Error happened parsing CA privkey: %v\n", err)
-		return
+		e := fmt.Errorf("Error happened parsing CA privkey: %v\n", err)
+		return "", "", e
 	}
 
 	// Generate signed client certificate
 	certBytes, err := x509.CreateCertificate(rand.Reader, cert, caCert, &certPrivKey.PublicKey, caPrivKey)
 	if err != nil {
-		log.Printf("Error happened signing certificate: %v\n", err)
-		return
+		e := fmt.Errorf("Error happened signing certificate: %v\n", err)
+		return "", "", e
 	}
 
 	certPEM := new(bytes.Buffer)
@@ -220,23 +208,60 @@ func generateCert() {
 		Bytes: x509.MarshalPKCS1PrivateKey(certPrivKey),
 	})
 
-	fmt.Printf("Generating %v/.config/cert400/client.key...\n", home)
-	clientkey, err := os.OpenFile(home+"/.config/cert400/client.key", os.O_WRONLY|os.O_CREATE, 0600)
+	log.Printf("Generating %v/.config/")
+	fmt.Printf("Generating %v/.config/cert400/clientCertificates/"+clientDomain+".key...\n", home)
+	clientkey, err := os.OpenFile(home+"/.config/cert400/clientCertificates/"+clientDomain+".key", os.O_WRONLY|os.O_CREATE, 0600)
 	if err != nil {
-		log.Printf("Error happened opening file: %v\n", err)
-		return
+		e := fmt.Errorf("Error happened opening file: %v\n", err)
+		return "", "", e
 	}
 	defer clientkey.Close()
 
-	fmt.Printf("Generating %v/.config/cert400/client.cert...\n", home)
-	clientcert, err := os.OpenFile(home+"/.config/cert400/client.crt", os.O_WRONLY|os.O_CREATE, 0600)
+	fmt.Printf("Generating %v/.config/cert400/clientCertificates/"+clientDomain+".crt...\n", home)
+	clientcert, err := os.OpenFile(home+"/.config/cert400/clientCertificates/"+clientDomain+".crt", os.O_WRONLY|os.O_CREATE, 0600)
 	if err != nil {
-		log.Printf("Error happened opening file: %v\n", err)
-		return
+		e := fmt.Errorf("Error happened opening file: %v\n", err)
+		return "", "", e
 	}
 	defer clientcert.Close()
 
+	certPath := fmt.Sprintf("%v/.config/cert400/clientCertificates/%v.crt", home, clientDomain)
+	keyPath := fmt.Sprintf("%v/.config/cert400/clientCertificates/%v.key", home, clientDomain)
+
 	clientkey.WriteString(string(certPrivKeyPEM.Bytes()))
 	clientcert.WriteString(string(certPEM.Bytes()))
 
+	return certPath, keyPath, nil
+}
+
+func checkFolders(home string) {
+	_, err := os.Stat(home + "/.config")
+	if err != nil {
+		if os.IsNotExist(err) {
+			fmt.Printf("$HOME/.config doesn't exist, creating...\n")
+			os.Mkdir(home+"/.config", 0700)
+		} else {
+			log.Fatalf("Error happened accessing .config: %v", err)
+		}
+	}
+	_, err = os.Stat(home + "/.config/cert400")
+	if err != nil {
+		if os.IsNotExist(err) {
+			fmt.Printf("$HOME/.config/cert400 doesn't exist, creating...\n")
+			os.Mkdir(home+"/.config/cert400", 0700)
+		} else {
+			log.Fatalf("Error happened accessing cert400: %v\n", err)
+		}
+	}
+
+	_, err = os.Stat(home + "/.config/cert400/clientCertificates")
+	if err != nil {
+		if os.IsNotExist(err) {
+			fmt.Printf("$HOME/.config/cert400/clientCertificates doesn't exist, creating...\n")
+			os.Mkdir(home+"/.config/cert400/clientCertificates", 0700)
+		} else {
+			log.Fatalf("Error happened accessing cert400: %v\n", err)
+		}
+	}
+
 }