Browse Source

Initial working build.

This is very one-pass, no way right now to later generate more certificates.

Signed-off-by: gryffyn <me@neveris.one>
main
gryffyn 4 months ago
parent
commit
8a4a669764
Signed by: gryffyn GPG Key ID: 6948DD6514D02BEF
  1. 151
      cert/ca.go
  2. 132
      cert/client.go
  3. 2
      config.yml.dist
  4. 1
      config/config.go
  5. 27
      main.go

151
cert/ca.go

@ -0,0 +1,151 @@
package cert
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"math/big"
"os"
"strings"
"time"
"git.neveris.one/gryffyn/genca/config"
)
type CertAuth struct {
ExpiryTime int
CAName pkix.Name
CertReq *x509.Certificate
Key *rsa.PrivateKey
PemCert string
PemKey string
}
func CAFromConfig(cfg config.Config) CertAuth {
ca := CertAuth{
ExpiryTime: cfg.Ca.ExpiryTime,
CAName: pkix.Name{
Country: []string{
cfg.Ca.Dn.Country,
},
Organization: []string{
cfg.Ca.Dn.Organization,
},
Locality: []string{
cfg.Ca.Dn.Locality,
},
Province: []string{
cfg.Ca.Dn.Province,
},
StreetAddress: []string{
cfg.Ca.Dn.StreetAddress,
},
PostalCode: []string{
cfg.Ca.Dn.PostalCode,
},
CommonName: cfg.Ca.Dn.CommonName,
},
}
return ca
}
func (ca *CertAuth) genCertReq() {
cert := &x509.Certificate{
SerialNumber: big.NewInt(2019),
Subject: ca.CAName,
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(ca.ExpiryTime, 0, 0),
IsCA: true,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
BasicConstraintsValid: true,
}
ca.CertReq = cert
}
func (ca *CertAuth) genKey() error {
key, err := rsa.GenerateKey(rand.Reader, 4096)
if err != nil {
return err
}
ca.Key = key
ca.PemKey = pemEncodeKey(key)
return nil
}
func (ca *CertAuth) genCert() error {
cert, err := x509.CreateCertificate(rand.Reader, ca.CertReq, ca.CertReq, &ca.Key.PublicKey, ca.Key)
if err != nil {
return err
}
ca.PemCert = pemEncodeCert(cert)
return nil
}
func (ca *CertAuth) writeKey(path string) error {
var fullpath string
if strings.HasSuffix(path, "/") {
fullpath = path + "ca" + "/"
} else {
fullpath = path + "/" + "ca" + "/"
}
err := os.MkdirAll(fullpath, 0755)
if err != nil {
return err
}
out, err := os.Create(fullpath + "ca.key")
if err != nil {
return err
}
defer out.Close()
_, err = out.WriteString(ca.PemKey)
if err != nil {
return err
}
return nil
}
func (ca *CertAuth) writeCert(path string) error {
var fullpath string
if strings.HasSuffix(path, "/") {
fullpath = path + "ca" + "/"
} else {
fullpath = path + "/" + "ca" + "/"
}
err := os.MkdirAll(fullpath, 0755)
if err != nil {
return err
}
out, err := os.Create(fullpath + "ca.crt")
if err != nil {
return err
}
defer out.Close()
_, err = out.WriteString(ca.PemCert)
if err != nil {
return err
}
return nil
}
func (ca *CertAuth) GenCert() error {
ca.genCertReq()
err := ca.genKey()
err = ca.genCert()
if err != nil {
return err
}
return nil
}
func (ca *CertAuth) Write(path string) error {
err := ca.writeCert(path)
err = ca.writeKey(path)
if err != nil {
return err
}
return nil
}

132
cert.go → cert/client.go

@ -1,4 +1,4 @@
package main
package cert
import (
"bytes"
@ -12,16 +12,9 @@ import (
"os"
"strings"
"time"
)
type CertAuth struct {
ExpiryTime int
CAName pkix.Name
CertReq *x509.Certificate
Key *rsa.PrivateKey
PemCert string
PemKey string
}
"git.neveris.one/gryffyn/genca/config"
)
type CertClient struct {
Name string
@ -35,37 +28,39 @@ type CertClient struct {
PemKey string
}
func (ca *CertAuth) genCertReq() {
cert := &x509.Certificate{
SerialNumber: big.NewInt(2019),
Subject: ca.CAName,
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(ca.ExpiryTime, 0, 0),
IsCA: true,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
BasicConstraintsValid: true,
}
ca.CertReq = cert
}
func (ca *CertAuth) genKey() error {
key, err := rsa.GenerateKey(rand.Reader, 4096)
if err != nil {
return err
}
ca.Key = key
ca.PemKey = pemEncodeKey(key)
return nil
}
func (ca *CertAuth) genCert() error {
cert, err := x509.CreateCertificate(rand.Reader, ca.CertReq, ca.CertReq, &ca.Key.PublicKey, ca.Key)
if err != nil {
return err
}
ca.PemCert = pemEncodeCert(cert)
return nil
func CertsFromConfig(cfg config.Config) []CertClient {
var certs []CertClient
for _, cert := range cfg.Cert {
client := CertClient{
Name: cert.Name,
ExpiryTime: cert.ExpiryTime,
CAName: pkix.Name{
Country: []string{
cert.Dn.Country,
},
Organization: []string{
cert.Dn.Organization,
},
Locality: []string{
cert.Dn.Locality,
},
Province: []string{
cert.Dn.Province,
},
StreetAddress: []string{
cert.Dn.StreetAddress,
},
PostalCode: []string{
cert.Dn.PostalCode,
},
CommonName: cert.Dn.CommonName,
},
IP: cert.Ip,
DNS: cert.Dns,
}
certs = append(certs, client)
}
return certs
}
func pemEncodeCert(cert []byte) string {
@ -129,15 +124,15 @@ func (cc *CertClient) genCert(ca *CertAuth) error {
func (cc *CertClient) writeCert(path string) error {
var fullpath string
if strings.HasSuffix(path, "/") {
fullpath = path + cc.Name
fullpath = path + cc.Name + "/"
} else {
fullpath = path + "/" + cc.Name
fullpath = path + "/" + cc.Name + "/"
}
err := os.MkdirAll(fullpath, 0755)
if err != nil {
return err
}
out, err := os.Create(cc.Name + ".crt")
out, err := os.Create(fullpath + cc.Name + ".crt")
if err != nil {
return err
}
@ -153,15 +148,15 @@ func (cc *CertClient) writeCert(path string) error {
func (cc *CertClient) writeKey(path string) error {
var fullpath string
if strings.HasSuffix(path, "/") {
fullpath = path + cc.Name
fullpath = path + cc.Name + "/"
} else {
fullpath = path + "/" + cc.Name
fullpath = path + "/" + cc.Name + "/"
}
err := os.MkdirAll(fullpath, 0755)
if err != nil {
return err
}
out, err := os.Create(fullpath + ".key")
out, err := os.Create(fullpath + cc.Name + ".key")
if err != nil {
return err
}
@ -174,48 +169,19 @@ func (cc *CertClient) writeKey(path string) error {
return nil
}
func (ca *CertAuth) writeKey(path string) error {
var fullpath string
if strings.HasSuffix(path, "/") {
fullpath = path + "ca"
} else {
fullpath = path + "/" + "ca"
}
err := os.MkdirAll(fullpath, 0755)
if err != nil {
return err
}
out, err := os.Create(fullpath + ".key")
if err != nil {
return err
}
defer out.Close()
_, err = out.WriteString(ca.PemKey)
func (cc *CertClient) GenCert(ca *CertAuth) error {
cc.genCertReq()
err := cc.genKey()
err = cc.genCert(ca)
if err != nil {
return err
}
return nil
}
func (ca *CertAuth) writeCert(path string) error {
var fullpath string
if strings.HasSuffix(path, "/") {
fullpath = path + "ca"
} else {
fullpath = path + "/" + "ca"
}
err := os.MkdirAll(fullpath, 0755)
if err != nil {
return err
}
out, err := os.Create(fullpath + ".crt")
if err != nil {
return err
}
defer out.Close()
_, err = out.WriteString(ca.PemCert)
func (cc *CertClient) Write(path string) error {
err := cc.writeCert(path)
err = cc.writeKey(path)
if err != nil {
return err
}

2
config.yml.dist

@ -8,6 +8,7 @@ ca:
locality: Locality
streetAddress: 42 Street Name
postalCode: 99999
commonName: test
cert:
- name: cert1
@ -24,3 +25,4 @@ cert:
locality: Locality
streetAddress: 43 Other Street
postalCode: 99998
commonName: cert1

1
config/config.go

@ -14,6 +14,7 @@ type Dn struct {
Locality string `yaml:"locality"`
StreetAddress string `yaml:"streetAddress"`
PostalCode string `yaml:"postalCode"`
CommonName string `yaml:"commonName"`
}
type Config struct {

27
main.go

@ -1,20 +1,39 @@
package main
import (
"fmt"
"log"
"os"
"git.neveris.one/gryffyn/genca/cert"
"git.neveris.one/gryffyn/genca/config"
"github.com/davecgh/go-spew/spew"
)
func main() {
cin := config.Cfg{
fmt.Println("Loading config...")
cfg := config.Cfg{
Outfile: "config.yml",
Config: &config.Config{},
}
err := cin.Get()
err := cfg.Get()
if err != nil {
log.Fatalln(err)
}
spew.Dump(&cin.Config)
cwd, err := os.Getwd()
ca := cert.CAFromConfig(*cfg.Config)
certs := cert.CertsFromConfig(*cfg.Config)
fmt.Println("Generating CA...")
err = ca.GenCert()
fmt.Println("Writing CA...")
err = ca.Write(cwd + "/ssl")
for _, cc := range certs {
fmt.Println("Generating cert '" + cc.Name + "'...")
err = cc.GenCert(&ca)
fmt.Println("Writing cert '" + cc.Name + "'...")
err = cc.Write(cwd + "/ssl")
}
}

Loading…
Cancel
Save