func GetOrGenerateServerCert(certPath string, hosts []string) (TLSConfig, error) {
serverCertPath := filepath.Join(certPath, "server.pem")
serverKeyPath := filepath.Join(certPath, "server-key.pem")
caCert, caKey, err := GetOrGenerateCA(certPath)
if err != nil {
return nil, err
}
if contents, err := loadAllFiles(serverCertPath, serverKeyPath); err == nil {
c := serverCerts{caCert, contents[0], contents[1]}
return &c, nil
} else if !os.IsNotExist(err) {
return nil, err
}
serverCert, serverKey, err := tlsutils.GenerateCertificate(hosts, caCert, caKey, certOrg, "", certBits)
if err != nil {
return nil, err
}
c := &serverCerts{caCert, serverCert, serverKey}
if EphemeralGen {
log.Printf("Generated ephemeral server certs")
return c, nil
}
err = writeAllFiles(map[string][]byte{
serverCertPath: serverCert,
serverKeyPath: serverKey,
})
if err != nil {
return nil, err
}
log.Printf("Generated server certs %v for hosts %v", []string{serverCertPath, serverKeyPath}, hosts)
return c, nil
}
func GetOrGenerateClientCert(certPath string) (TLSConfig, error) {
clientCertPath := filepath.Join(certPath, "cert.pem")
clientKeyPath := filepath.Join(certPath, "key.pem")
caCert, caKey, err := GetOrGenerateCA(certPath)
if err != nil {
return nil, err
}
if contents, err := loadAllFiles(clientCertPath, clientKeyPath); err == nil {
c := clientCerts{caCert, contents[0], contents[1]}
return &c, nil
} else if !os.IsNotExist(err) {
return nil, err
}
clientCert, clientKey, err := tlsutils.GenerateCertificate(nil, caCert, caKey, certOrg, "", certBits)
if err != nil {
return nil, err
}
c := &clientCerts{caCert, clientCert, clientKey}
if EphemeralGen {
log.Printf("Generated ephemeral client certs")
return c, nil
}
err = writeAllFiles(map[string][]byte{
clientCertPath: clientCert,
clientKeyPath: clientKey,
})
if err != nil {
return nil, err
}
log.Printf("Generated client certs %v", []string{clientCertPath, clientKeyPath})
return c, nil
}
func generate(c *cli.Context) {
outputDir := c.GlobalString("output-directory")
if outputDir == "" {
cli.ShowAppHelp(c)
log.Fatalf("you must specify an output directory")
}
hosts := c.StringSlice("host")
caCertPath := filepath.Join(outputDir, "ca.pem")
caKeyPath := filepath.Join(outputDir, "ca-key.pem")
serverCertPath := filepath.Join(outputDir, "server.pem")
serverKeyPath := filepath.Join(outputDir, "server-key.pem")
clientCertPath := filepath.Join(outputDir, "cert.pem")
clientKeyPath := filepath.Join(outputDir, "key.pem")
org := c.String("org")
bits := c.Int("bits")
overwrite := c.Bool("overwrite")
log.Printf("generating ca: org=%s bits=%d", org, bits)
log.Debugf("creating output dir: path=%s", outputDir)
if err := os.MkdirAll(outputDir, 0700); err != nil {
log.Fatal(err)
}
// ca cert
if err := utils.CreateIfNotExists(caCertPath, overwrite); err != nil {
log.Fatal(err)
}
// ca key
if err := utils.CreateIfNotExists(caKeyPath, overwrite); err != nil {
log.Fatal(err)
}
// server cert
if err := utils.CreateIfNotExists(serverCertPath, overwrite); err != nil {
log.Fatal(err)
}
// server key
if err := utils.CreateIfNotExists(serverKeyPath, overwrite); err != nil {
log.Fatal(err)
}
// client cert
if err := utils.CreateIfNotExists(clientCertPath, overwrite); err != nil {
log.Fatal(err)
}
// client key
if err := utils.CreateIfNotExists(clientKeyPath, overwrite); err != nil {
log.Fatal(err)
}
// generate ca
caCert, caKey, err := tlsutils.GenerateCACertificate(org, bits)
if err != nil {
log.Fatal(err)
}
log.Debugf("creating ca certificate: path=%s", caCertPath)
if err := ioutil.WriteFile(caCertPath, caCert, 0600); err != nil {
log.Fatal(err)
}
log.Debugf("creating ca key: path=%s", caKeyPath)
if err := ioutil.WriteFile(caKeyPath, caKey, 0600); err != nil {
log.Fatal(err)
}
// generate client
clientCert, clientKey, err := tlsutils.GenerateCertificate(
nil,
caCert,
caKey,
org,
"",
bits,
)
if err != nil {
log.Fatal(err)
}
log.Debugf("creating client certificate: path=%s", clientCertPath)
if err := ioutil.WriteFile(clientCertPath, clientCert, 0600); err != nil {
log.Fatal(err)
}
log.Debugf("creating client key: path=%s", clientKeyPath)
if err := ioutil.WriteFile(clientKeyPath, clientKey, 0600); err != nil {
log.Fatal(err)
}
// generate server
serverCert, serverKey, err := tlsutils.GenerateCertificate(
hosts,
caCert,
caKey,
org,
"",
bits,
)
if err != nil {
log.Fatal(err)
}
log.Debugf("creating server certificate: path=%s", serverCertPath)
if err := ioutil.WriteFile(serverCertPath, serverCert, 0600); err != nil {
log.Fatal(err)
}
log.Debugf("creating server key: path=%s", serverKeyPath)
if err := ioutil.WriteFile(serverKeyPath, serverKey, 0600); err != nil {
log.Fatal(err)
}
}
func generate(c *cli.Context) {
outputDir := c.GlobalString("output-directory")
if outputDir == "" {
cli.ShowAppHelp(c)
log.Fatalf("you must specify an output directory")
}
commonName := c.String("common-name")
caCertPath := c.String("ca-cert")
caKeyPath := c.String("ca-key")
certPath := c.String("cert")
keyPath := c.String("key")
org := c.String("org")
bits := c.Int("bits")
overwrite := c.Bool("overwrite")
if caCertPath == "" {
caCertPath = filepath.Join(outputDir, "ca.pem")
}
if caKeyPath == "" {
caKeyPath = filepath.Join(outputDir, "ca-key.pem")
}
if certPath == "" {
certPath = filepath.Join(outputDir, "cert.pem")
}
if keyPath == "" {
keyPath = filepath.Join(outputDir, "key.pem")
}
log.Printf("generating client certificate: cn=%q org=%s bits=%d cert=%q key=%q",
commonName,
org,
bits,
certPath,
keyPath,
)
log.Debugf("creating output dir: path=%s", outputDir)
if err := os.MkdirAll(outputDir, 0700); err != nil {
log.Fatal(err)
}
// cert
if err := utils.CreateIfNotExists(certPath, overwrite); err != nil {
log.Fatal(err)
}
// key
if err := utils.CreateIfNotExists(keyPath, overwrite); err != nil {
log.Fatal(err)
}
caCert, err := ioutil.ReadFile(caCertPath)
if err != nil {
log.Fatal(err)
}
caKey, err := ioutil.ReadFile(caKeyPath)
if err != nil {
log.Fatal(err)
}
cert, key, err := tlsutils.GenerateCertificate(
nil,
caCert,
caKey,
org,
commonName,
bits,
)
if err != nil {
log.Fatal(err)
}
log.Debugf("creating certificate: path=%s", certPath)
if err := ioutil.WriteFile(certPath, cert, 0600); err != nil {
log.Fatal(err)
}
log.Debugf("creating key: path=%s", keyPath)
if err := ioutil.WriteFile(keyPath, key, 0600); err != nil {
log.Fatal(err)
}
}
