Browse Source

initial commit

Signed-off-by: gryffyn <me@neveris.one>
main
gryffyn 5 months ago
commit
e1debb9edf
Signed by: gryffyn GPG Key ID: 6948DD6514D02BEF
  1. 4
      .gitignore
  2. 223
      cert.go
  3. 26
      config.yml.dist
  4. 55
      config/config.go
  5. 8
      go.mod
  6. 6
      go.sum
  7. 20
      main.go

4
.gitignore

@ -0,0 +1,4 @@
build/
.idea/
genca
config.yml

223
cert.go

@ -0,0 +1,223 @@
package main
import (
"bytes"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"math/big"
"net"
"os"
"strings"
"time"
)
type CertAuth struct {
ExpiryTime int
CAName pkix.Name
CertReq *x509.Certificate
Key *rsa.PrivateKey
PemCert string
PemKey string
}
type CertClient struct {
Name string
ExpiryTime int
CAName pkix.Name
IP []string
DNS []string
Key *rsa.PrivateKey
CertReq *x509.Certificate
PemCert string
PemKey string
}
func (ca *CertAuth) genCertReq() {
cert := &x509.Certificate{
SerialNumber: big.NewInt(2019),
Subject: ca.CAName,
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(ca.ExpiryTime, 0, 0),
IsCA: true,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
BasicConstraintsValid: true,
}
ca.CertReq = cert
}
func (ca *CertAuth) genKey() error {
key, err := rsa.GenerateKey(rand.Reader, 4096)
if err != nil {
return err
}
ca.Key = key
ca.PemKey = pemEncodeKey(key)
return nil
}
func (ca *CertAuth) genCert() error {
cert, err := x509.CreateCertificate(rand.Reader, ca.CertReq, ca.CertReq, &ca.Key.PublicKey, ca.Key)
if err != nil {
return err
}
ca.PemCert = pemEncodeCert(cert)
return nil
}
func pemEncodeCert(cert []byte) string {
caPEM := new(bytes.Buffer)
pem.Encode(caPEM, &pem.Block{
Type: "CERTIFICATE",
Bytes: cert,
})
return caPEM.String()
}
func pemEncodeKey(key *rsa.PrivateKey) string {
caPrivKeyPEM := new(bytes.Buffer)
pem.Encode(caPrivKeyPEM, &pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(key),
})
return caPrivKeyPEM.String()
}
func (cc *CertClient) genCertReq() {
var ips []net.IP
for _, v := range cc.IP {
ips = append(ips, net.ParseIP(v))
}
cert := &x509.Certificate{
SerialNumber: big.NewInt(1658),
Subject: cc.CAName,
DNSNames: cc.DNS,
IPAddresses: ips,
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(cc.ExpiryTime, 0, 0),
SubjectKeyId: []byte{1, 2, 3, 4, 6},
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
KeyUsage: x509.KeyUsageDigitalSignature,
}
cc.CertReq = cert
}
func (cc *CertClient) genKey() error {
key, err := rsa.GenerateKey(rand.Reader, 4096)
if err != nil {
return err
}
cc.Key = key
cc.PemKey = pemEncodeKey(key)
return nil
}
func (cc *CertClient) genCert(ca *CertAuth) error {
cert, err := x509.CreateCertificate(rand.Reader, cc.CertReq, ca.CertReq, &cc.Key.PublicKey, ca.Key)
if err != nil {
return err
}
cc.PemCert = pemEncodeCert(cert)
return nil
}
func (cc *CertClient) writeCert(path string) error {
var fullpath string
if strings.HasSuffix(path, "/") {
fullpath = path + cc.Name
} else {
fullpath = path + "/" + cc.Name
}
err := os.MkdirAll(fullpath, 0755)
if err != nil {
return err
}
out, err := os.Create(cc.Name + ".crt")
if err != nil {
return err
}
defer out.Close()
_, err = out.WriteString(cc.PemCert)
if err != nil {
return err
}
return nil
}
func (cc *CertClient) writeKey(path string) error {
var fullpath string
if strings.HasSuffix(path, "/") {
fullpath = path + cc.Name
} else {
fullpath = path + "/" + cc.Name
}
err := os.MkdirAll(fullpath, 0755)
if err != nil {
return err
}
out, err := os.Create(fullpath + ".key")
if err != nil {
return err
}
defer out.Close()
_, err = out.WriteString(cc.PemKey)
if err != nil {
return err
}
return nil
}
func (ca *CertAuth) writeKey(path string) error {
var fullpath string
if strings.HasSuffix(path, "/") {
fullpath = path + "ca"
} else {
fullpath = path + "/" + "ca"
}
err := os.MkdirAll(fullpath, 0755)
if err != nil {
return err
}
out, err := os.Create(fullpath + ".key")
if err != nil {
return err
}
defer out.Close()
_, err = out.WriteString(ca.PemKey)
if err != nil {
return err
}
return nil
}
func (ca *CertAuth) writeCert(path string) error {
var fullpath string
if strings.HasSuffix(path, "/") {
fullpath = path + "ca"
} else {
fullpath = path + "/" + "ca"
}
err := os.MkdirAll(fullpath, 0755)
if err != nil {
return err
}
out, err := os.Create(fullpath + ".crt")
if err != nil {
return err
}
defer out.Close()
_, err = out.WriteString(ca.PemCert)
if err != nil {
return err
}
return nil
}

26
config.yml.dist

@ -0,0 +1,26 @@
ca:
# time is in years
expiryTime: 10
dn:
organization: Company Ltd
country: Canada
province: Ontario
locality: Locality
streetAddress: 42 Street Name
postalCode: 99999
cert:
- name: cert1
# time is in years
expiryTime: 10
dns:
- test.tld
ip:
- 127.0.0.1
dn:
organization: Company Ltd
country: Canada
province: Manitoba
locality: Locality
streetAddress: 43 Other Street
postalCode: 99998

55
config/config.go

@ -0,0 +1,55 @@
package config
import (
"io/ioutil"
"os"
"gopkg.in/yaml.v2"
)
type Dn struct {
Organization string `yaml:"organization"`
Country string `yaml:"country"`
Province string `yaml:"province"`
Locality string `yaml:"locality"`
StreetAddress string `yaml:"streetAddress"`
PostalCode string `yaml:"postalCode"`
}
type Config struct {
Ca Ca `yaml:"ca"`
Cert []Cert `yaml:"cert"`
}
type Ca struct {
ExpiryTime int `yaml:"expiryTime"`
Dn Dn `yaml:"dn"`
}
type Cert struct {
Name string `yaml:"name"`
ExpiryTime int `yaml:"expiryTime"`
Dns []string `yaml:"dns"`
Ip []string `yaml:"ip"`
Dn Dn `yaml:"dn"`
}
type Cfg struct {
Outfile string
Config *Config
}
func ofile(filename string, data []byte) error {
return ioutil.WriteFile(filename, data, os.FileMode.Perm(0644))
}
func (c *Cfg) Write() error {
confm, _ := yaml.Marshal(&c.Config)
return ofile(c.Outfile, confm)
}
func (c *Cfg) Get() error {
in, err := os.ReadFile(c.Outfile)
err = yaml.Unmarshal(in, c.Config)
return err
}

8
go.mod

@ -0,0 +1,8 @@
module git.neveris.one/gryffyn/genca
go 1.14
require (
github.com/davecgh/go-spew v1.1.1 // indirect
gopkg.in/yaml.v2 v2.4.0
)

6
go.sum

@ -0,0 +1,6 @@
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=

20
main.go

@ -0,0 +1,20 @@
package main
import (
"log"
"git.neveris.one/gryffyn/genca/config"
"github.com/davecgh/go-spew/spew"
)
func main() {
cin := config.Cfg{
Outfile: "config.yml",
Config: &config.Config{},
}
err := cin.Get()
if err != nil {
log.Fatalln(err)
}
spew.Dump(&cin.Config)
}
Loading…
Cancel
Save