// Sets up a fake CA cert in our temp location. NOTE: It is the callers'
// responsibilty to issue a `defer os.RemoveAll(tmpDir)` once done
func generateCaCert() error {
// Setup fake cert
os.Mkdir(mirror.GetCADir(), 755)
os.Mkdir(mirror.GetCertDir(), 755)
CaCertPath := filepath.Join(mirror.GetCADir(), "ca.pem")
CaKeyPath := filepath.Join(mirror.GetCertDir(), "key.pem")
testOrg := "test-org"
bits := 2048
if err := GenerateCACertificate(CaCertPath, CaKeyPath, testOrg, bits); err != nil {
return err
}
if _, err := os.Stat(CaCertPath); err != nil {
return err
}
if _, err := os.Stat(CaKeyPath); err != nil {
return err
}
return nil
}
func getDefaultConfig() *Config {
caHomeDir := mirror.GetCADir()
certDir := mirror.GetCertDir()
caCertPath := filepath.Join(caHomeDir, "ca.pem")
caKeyPath := filepath.Join(caHomeDir, "key.pem")
certPath := filepath.Join(certDir, "cert.pem")
keyPath := filepath.Join(certDir, "cert-key.pem")
serverCertPath := filepath.Join(certDir, "server-cert.pem")
serverKeyPath := filepath.Join(certDir, "server-key.pem")
return &Config{
ClientKeyPath: keyPath,
ClientCertPath: certPath,
CaCertPath: caCertPath,
CaKeyPath: caKeyPath,
ServerCertPath: serverCertPath,
ServerKeyPath: serverKeyPath,
}
}
func (p *PKI) ImportCA(name string, certPath string) error {
// Validate name - only alphanumeric
var nameMatch = regexp.MustCompile(`^[a-zA-Z-_\.0-9]+$`)
if !nameMatch.MatchString(name) {
return errors.New("CA Name must contain only alphanumeric characters")
}
dstCert := filepath.Join(mirror.GetCADir(), fmt.Sprintf("%s-ca.pem", name))
cert, err := ioutil.ReadFile(certPath)
if err != nil {
return err
}
// import Cert
if strings.Contains(string(cert), CertificatePreamble) {
ioutil.WriteFile(dstCert, cert, 0600)
} else {
return errors.New(fmt.Sprintf("Certificate provided is not valid, no %s present", CertificatePreamble))
}
return nil
}
