예제 #1
0
// NewUserKey generates a new user RSA key, stores it in disk and returns its base64 encoding
func NewUserKey(username *string, keyLength int, expires *time.Time, out *string) (*string, *pkix.Certificate, *pkix.Key, error) {
	//logger.Info.Printf("New User Key: %d bits, user: %s", keyLength, *username)

	// generate keys
	keys, err := pkix.CreateRSAKey(keyLength)
	if err != nil {
		return nil, nil, nil, fmt.Errorf("Failed to create key: %s", err)
	}

	// create user self-signed certificate
	userCert, err := pkix.CreateUserCertificate(keys, *username, *expires)

	if out != nil {
		if err := keys.SavePrivate(out); err != nil {
			return nil, nil, nil, fmt.Errorf("failed to write private key: %s", err)
		}

		certOut := (*out) + ".crt"
		if err := userCert.Save(&certOut); err != nil {
			return nil, nil, nil, fmt.Errorf("failed to write public key certificate: %s", err)
		}
	}

	// encode public key
	encodedCertificate, err := userCert.EncodeBase64()
	if err != nil {
		return nil, nil, nil, fmt.Errorf("failed to encode user certificate: %s", err)
	}

	return encodedCertificate, userCert, keys, nil
}
예제 #2
0
//AuthenticateAndSave generates a key, creates a CSR, sends to CA and stores the generated private key and certificate
func AuthenticateAndSave(endpoint, token, keyOut, crtOut, caCertOut *string, keysize int, cn, ip, domain, organization, country *string, caCertificateHash *[]byte) error {
	key, err := pkix.CreateRSAKey(keysize)
	if err != nil {
		logger.Error.Printf("Unable to generate keys. %s", err)
		return err
	}

	ipListArray, domainListArray, err := util.GetHostnameAndIp()
	if err != nil {
		return fmt.Errorf("Unable to obtain hostname and ip: %s", err)
	}

	ipList := util.ListToString(ipListArray, *ip)
	domainList := util.ListToString(domainListArray, *domain)

	logger.Info.Printf("Register Cert with: %s  ; %s", *domainList, *ipList)

	certProp := CertificateProperties{
		name:         *cn,
		ip_list:      *ipList,
		domain_list:  *domainList,
		organization: *organization,
		country:      *country,
	}

	logger.Info.Println(certProp)

	cert, err := Authenticate(endpoint, token, key, &certProp, caCertificateHash)
	if err != nil {
		return fmt.Errorf("Unable to authenticate. %s", err)
	}

	if err := key.SavePrivate(keyOut); err != nil {
		return fmt.Errorf("Unable to save key: %s", err)
	}

	if err := cert.Save(crtOut); err != nil {
		return fmt.Errorf("Unable to save certificate: %s", err)
	}

	caCert, err := GetCACertificate(endpoint)
	if err != nil {
		return fmt.Errorf("Unable to get CA Certificate. %s", err)
	}

	if err := caCert.Save(caCertOut); err != nil {
		return fmt.Errorf("Unable to save CA certificate: %s", err)
	}

	return nil
}
예제 #3
0
//NewRootCertificate creates a new certificate authority root certificate
func NewRootCertificate(keylength int, expires time.Time, organization, country string) (*pkix.Key, *pkix.Certificate, *pkix.CertificateAuthorityInfo, error) {
	cKey, err := pkix.CreateRSAKey(keylength)
	if err != nil {
		logger.Error.Printf("Failed to create root key pair: %s", err)
		return nil, nil, nil, err
	}

	caKey = cKey

	caCertificate, caInfo, err = pkix.CreateCertificateAuthority(caKey, expires, organization, country)
	if err != nil {
		logger.Error.Printf("Failed to create certificate authority: %s", err)
		return nil, nil, nil, err
	}

	return caKey, caCertificate, caInfo, nil
}
예제 #4
0
//CreateHTTPSKeys generates a key-pair signed by the CA to be used in its HTTPS server
func CreateHTTPSKeys(outKey, outCert *string) error {
	logger.Info.Println("Creating https key")

	keyLength := 4096
	// create keys
	keys, err := pkix.CreateRSAKey(keyLength)
	if err != nil {
		return err
	}

	caIPList, caDomainList, err = util.GetHostnameAndIp()
	// create csr
	name := "ca"
	ipListStr := util.ListToString(caIPList, "")
	domainListStr := util.ListToString(caDomainList, "")
	organization := "symbios"
	country := "PT-PT"
	ttl := 2 // years

	logger.Info.Printf("HTTPS Cert with: %s  ; %s", *domainListStr, *ipListStr)

	csr, err := pkix.CreateCertificateSigningRequest(keys, name, *ipListStr, *domainListStr, organization, country)
	if err != nil {
		return err
	}

	certificate, err := pkix.CreateCertificateHost(caCertificate, caInfo, caKey, csr, ttl)

	if err := keys.SavePrivate(outKey); err != nil {
		return fmt.Errorf("Unable to save https key: %s", err)
	}

	if err := certificate.Save(outCert); err != nil {
		return fmt.Errorf("Unable to save https certificate: %s", err)
	}
	return nil
}
예제 #5
0
func TestContainer(t *testing.T) {
	logger.InitLogs(os.Stdout, os.Stdout, os.Stderr)
	// create root keys
	keysize := 2048
	key, err := pkix.CreateRSAKey(keysize)
	if err != nil {
		t.Fatal("Unable to generate keys.", err)
	}

	// start CA
	keylength := 4098
	organization := "org"
	country := "PT-PT"
	expiresDays := 10
	expires := time.Now().AddDate(0, 0, expiresDays).UTC()
	_, caCert, _, err := ca.NewRootCertificate(keylength, expires, organization, country)

	caFingerprint, err := caCert.Fingerprint()
	if err != nil {
		t.Fatal("Unable to generate keys.", err)
	}

	// add user to CA
	keyLength := 2048
	username := "******"
	userExpires := time.Now().AddDate(1, 0, 0).UTC()

	// generate private key
	_, userCert, userPrivateKey, err := client.NewUserKey(&username, keyLength, &userExpires, nil)
	if err != nil {
		t.Error(err)
	}
	ca.SetUserCertificate(userCert)
	userPrivateKeyBytes, err := userPrivateKey.ExportPrivate()
	if err != nil {
		t.Error(err)
	}

	tokenExpires := time.Duration(time.Second * 20)
	token, err := client.NewToken(userPrivateKeyBytes, username, tokenExpires)
	if err != nil {
		t.Error(err)
	}

	//setup mockHTTPServer
	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		// /cert
		if r.URL.String() == "/v1/cert" {
			ca.HandleCertRequest(w, r)
		}
		if r.URL.String() == "/v1/csr" {
			ca.HandleCSR(w, r)
		}
	}))

	defer ts.Close()
	fmt.Println(ts.URL)

	certProp := CertificateProperties{
		name:         "Tommy",
		ip_list:      "192.168.1.1",
		domain_list:  "symbios",
		organization: "symbios",
		country:      "US",
	}

	_, err = Authenticate(&ts.URL, token, key, &certProp, &caFingerprint)
	if err != nil {
		t.Fatalf("Unable to authenticate.", err)
	}
}