//AuthenticateAndSave generates a key, creates a CSR, sends to CA and stores the generated private key and certificate
func AuthenticateAndSave(endpoint, token, keyOut, crtOut, caCertOut *string, keysize int, cn, ip, domain, organization, country *string, caCertificateHash *[]byte) error {
key, err := pkix.CreateRSAKey(keysize)
if err != nil {
logger.Error.Printf("Unable to generate keys. %s", err)
return err
}
ipListArray, domainListArray, err := util.GetHostnameAndIp()
if err != nil {
return fmt.Errorf("Unable to obtain hostname and ip: %s", err)
}
ipList := util.ListToString(ipListArray, *ip)
domainList := util.ListToString(domainListArray, *domain)
logger.Info.Printf("Register Cert with: %s ; %s", *domainList, *ipList)
certProp := CertificateProperties{
name: *cn,
ip_list: *ipList,
domain_list: *domainList,
organization: *organization,
country: *country,
}
logger.Info.Println(certProp)
cert, err := Authenticate(endpoint, token, key, &certProp, caCertificateHash)
if err != nil {
return fmt.Errorf("Unable to authenticate. %s", err)
}
if err := key.SavePrivate(keyOut); err != nil {
return fmt.Errorf("Unable to save key: %s", err)
}
if err := cert.Save(crtOut); err != nil {
return fmt.Errorf("Unable to save certificate: %s", err)
}
caCert, err := GetCACertificate(endpoint)
if err != nil {
return fmt.Errorf("Unable to get CA Certificate. %s", err)
}
if err := caCert.Save(caCertOut); err != nil {
return fmt.Errorf("Unable to save CA certificate: %s", err)
}
return nil
}
//CreateHTTPSKeys generates a key-pair signed by the CA to be used in its HTTPS server
func CreateHTTPSKeys(outKey, outCert *string) error {
logger.Info.Println("Creating https key")
keyLength := 4096
// create keys
keys, err := pkix.CreateRSAKey(keyLength)
if err != nil {
return err
}
caIPList, caDomainList, err = util.GetHostnameAndIp()
// create csr
name := "ca"
ipListStr := util.ListToString(caIPList, "")
domainListStr := util.ListToString(caDomainList, "")
organization := "symbios"
country := "PT-PT"
ttl := 2 // years
logger.Info.Printf("HTTPS Cert with: %s ; %s", *domainListStr, *ipListStr)
csr, err := pkix.CreateCertificateSigningRequest(keys, name, *ipListStr, *domainListStr, organization, country)
if err != nil {
return err
}
certificate, err := pkix.CreateCertificateHost(caCertificate, caInfo, caKey, csr, ttl)
if err := keys.SavePrivate(outKey); err != nil {
return fmt.Errorf("Unable to save https key: %s", err)
}
if err := certificate.Save(outCert); err != nil {
return fmt.Errorf("Unable to save https certificate: %s", err)
}
return nil
}