raul
/
cert400
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Separate CA and client certificate generation

This commit is contained in:
raul 2024-05-23 08:50:38 +02:00
parent b1ea9e2912
commit df86078ee0
3 changed files with 99 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
cmd/generate-ca.go Normal file
View File

@ -0,0 +1,38 @@
/*
Copyright © 2024 raul
*/
package cmd
import (
"github.com/spf13/cobra"
)
// generateCmd represents the generate command
var generatecaCmd = &cobra.Command{
Use: "generate-ca",
Short: "A brief description of your command",
Long: `A longer description that spans multiple lines and likely contains examples
and usage of using your command. For example:
Cobra is a CLI library for Go that empowers applications.
This application is a tool to generate the needed files
to quickly create a Cobra application.`,
Run: func(cmd *cobra.Command, args []string) {
generateCA()
},
}
func init() {
rootCmd.AddCommand(generatecaCmd)
// Here you will define your flags and configuration settings.
// Cobra supports Persistent Flags which will work for this command
// and all subcommands, e.g.:
// generateCmd.PersistentFlags().String("foo", "", "A help for foo")
// Cobra supports local flags which will only run when this command
// is called directly, e.g.:
// generateCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
}

2
cmd/generate.go
View File

@ -19,7 +19,7 @@ Cobra is a CLI library for Go that empowers applications.
This application is a tool to generate the needed files This application is a tool to generate the needed files
to quickly create a Cobra application.`, to quickly create a Cobra application.`,
Run: func(cmd *cobra.Command, args []string) { Run: func(cmd *cobra.Command, args []string) {
generateCA() generateCert()
}, },
} }

84
cmd/generateFunc.go
View File

@ -12,7 +12,6 @@ import (
"crypto/x509/pkix" "crypto/x509/pkix"
"encoding/pem" "encoding/pem"
"fmt" "fmt"
"io"
"log" "log"
"math/big" "math/big"
"os" "os"
@ -134,7 +133,8 @@ func generateCA() {
func generateCert() { func generateCert() {
home, err := os.UserHomeDir() home, err := os.UserHomeDir()
if err != nil { if err != nil {
log.Fatalf("Error happened looking up user home directory: %v\n", err) log.Printf("Error happened looking up user home directory: %v\n", err)
return
} }
cert := &x509.Certificate{ cert := &x509.Certificate{
SerialNumber: big.NewInt(1658), SerialNumber: big.NewInt(1658),
@ -156,40 +156,57 @@ func generateCert() {
certPrivKey, err := rsa.GenerateKey(rand.Reader, 4096) certPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)
if err != nil { if err != nil {
log.Print(err) log.Printf("Error happened generating client privkey: %v\n", err)
return
} }
////////////////////// Fetching CA data ////////////////////// ////////////////////// Fetching CA data //////////////////////
caPath, err := os.Open(home + "/.config/cert400/ca.crt") // caPath, err := os.Open(home + "/.config/cert400/ca.crt")
if err != nil { // if err != nil {
log.Print(err) // log.Printf("Error happened opening CA certificate: %v\n", err)
} // return
defer caPath.Close() // }
caPrivPath, err := os.Open(home + "/.config/cert400/ca.key") // defer caPath.Close()
if err != nil { // caPrivPath, err := os.Open(home + "/.config/cert400/ca.key")
log.Print(err) // if err != nil {
} // log.Printf("Error happened opening CA privkey: %v\n", err)
defer caPrivPath.Close() // return
// }
// defer caPrivPath.Close()
////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////
caFile, err := io.ReadAll(caPath) // Parse private CA certificate /////////////////////////////
caFile, err := os.ReadFile(home + "/.config/cert400/ca.crt")
if err != nil { if err != nil {
log.Print(err) log.Printf("Error happened reading from CA certificate: %v\n", err)
return
} }
caCert, err := x509.ParseCertificate(caFile) caPubBlock, _ := pem.Decode(caFile)
caCert, err := x509.ParseCertificate(caPubBlock.Bytes)
if err != nil { if err != nil {
log.Print(err) log.Printf("Error happened parsing CA certificate: %v\n", err)
return
}
/////////////////////////////////////////////////////////////
// Parse public CA certificate /////////////////////////////
caPrivFile, err := os.ReadFile(home + "/.config/cert400/ca.key")
if err != nil {
log.Printf("Error happened reading from CA privkey: %v\n", err)
return
}
caPrivBlock, _ := pem.Decode(caPrivFile)
caPrivKey, err := x509.ParsePKCS1PrivateKey(caPrivBlock.Bytes)
if err != nil {
log.Printf("Error happened parsing CA privkey: %v\n", err)
return
} }
caPrivFile, err := io.ReadAll(caPrivPath) // Generate signed client certificate
if err != nil {
log.Print(err)
}
caPrivKey, err := x509.ParseCertificate(caPrivFile)
certBytes, err := x509.CreateCertificate(rand.Reader, cert, caCert, &certPrivKey.PublicKey, caPrivKey) certBytes, err := x509.CreateCertificate(rand.Reader, cert, caCert, &certPrivKey.PublicKey, caPrivKey)
if err != nil { if err != nil {
log.Print(err) log.Printf("Error happened signing certificate: %v\n", err)
return
} }
certPEM := new(bytes.Buffer) certPEM := new(bytes.Buffer)
@ -203,4 +220,23 @@ func generateCert() {
Bytes: x509.MarshalPKCS1PrivateKey(certPrivKey), Bytes: x509.MarshalPKCS1PrivateKey(certPrivKey),
}) })
fmt.Printf("Generating %v/.config/cert400/client.key...\n", home)
clientkey, err := os.OpenFile(home+"/.config/cert400/client.key", os.O_WRONLY|os.O_CREATE, 0600)
if err != nil {
log.Printf("Error happened opening file: %v\n", err)
return
}
defer clientkey.Close()
fmt.Printf("Generating %v/.config/cert400/client.cert...\n", home)
clientcert, err := os.OpenFile(home+"/.config/cert400/client.crt", os.O_WRONLY|os.O_CREATE, 0600)
if err != nil {
log.Printf("Error happened opening file: %v\n", err)
return
}
defer clientcert.Close()
clientkey.WriteString(string(certPrivKeyPEM.Bytes()))
clientcert.WriteString(string(certPEM.Bytes()))
} }