예제 #1
0
func GetOrGenerateCA(certPath string) ([]byte, []byte, error) {
	caCertPath := filepath.Join(certPath, "ca.pem")
	caKeyPath := filepath.Join(certPath, "ca-key.pem")

	if contents, err := loadAllFiles(caCertPath, caKeyPath); err == nil {
		return contents[0], contents[1], nil
	} else if !os.IsNotExist(err) {
		return nil, nil, err
	}

	caCert, caKey, err := tlsutils.GenerateCACertificate(certOrg, certBits)
	if err != nil {
		return nil, nil, err
	}
	if EphemeralGen {
		log.Printf("Generated ephemeral CA certs")
		return caCert, caKey, nil
	}

	err = writeAllFiles(map[string][]byte{
		caCertPath: caCert,
		caKeyPath:  caKey,
	})
	if err != nil {
		return nil, nil, err
	}
	log.Printf("Generated CA certs %v", []string{caCertPath, caKeyPath})
	return caCert, caKey, nil
}
예제 #2
0
파일: generate.go 프로젝트: 40a/certm
func generate(c *cli.Context) {
	outputDir := c.GlobalString("output-directory")
	if outputDir == "" {
		cli.ShowAppHelp(c)
		log.Fatalf("you must specify an output directory")
	}

	caCertPath := filepath.Join(outputDir, "ca.pem")
	caKeyPath := filepath.Join(outputDir, "ca-key.pem")
	org := c.String("org")
	bits := c.Int("bits")
	overwrite := c.Bool("overwrite")

	log.Printf("generating ca: org=%s bits=%d", org, bits)

	log.Debugf("creating output dir: path=%s", outputDir)
	if err := os.MkdirAll(outputDir, 0700); err != nil {
		log.Fatal(err)
	}

	// cert
	if err := utils.CreateIfNotExists(caCertPath, overwrite); err != nil {
		log.Fatal(err)
	}

	// key
	if err := utils.CreateIfNotExists(caKeyPath, overwrite); err != nil {
		log.Fatal(err)
	}

	cert, key, err := tlsutils.GenerateCACertificate(org, bits)
	if err != nil {
		log.Fatal(err)
	}

	log.Debugf("creating certificate: path=%s", caCertPath)
	if err := ioutil.WriteFile(caCertPath, cert, 0600); err != nil {
		log.Fatal(err)
	}

	log.Debugf("creating key: path=%s", caKeyPath)
	if err := ioutil.WriteFile(caKeyPath, key, 0600); err != nil {
		log.Fatal(err)
	}
}
예제 #3
0
파일: generate.go 프로젝트: 40a/certm
func generate(c *cli.Context) {
	outputDir := c.GlobalString("output-directory")
	if outputDir == "" {
		cli.ShowAppHelp(c)
		log.Fatalf("you must specify an output directory")
	}

	hosts := c.StringSlice("host")
	caCertPath := filepath.Join(outputDir, "ca.pem")
	caKeyPath := filepath.Join(outputDir, "ca-key.pem")
	serverCertPath := filepath.Join(outputDir, "server.pem")
	serverKeyPath := filepath.Join(outputDir, "server-key.pem")
	clientCertPath := filepath.Join(outputDir, "cert.pem")
	clientKeyPath := filepath.Join(outputDir, "key.pem")
	org := c.String("org")
	bits := c.Int("bits")
	overwrite := c.Bool("overwrite")

	log.Printf("generating ca: org=%s bits=%d", org, bits)

	log.Debugf("creating output dir: path=%s", outputDir)
	if err := os.MkdirAll(outputDir, 0700); err != nil {
		log.Fatal(err)
	}

	// ca cert
	if err := utils.CreateIfNotExists(caCertPath, overwrite); err != nil {
		log.Fatal(err)
	}

	// ca key
	if err := utils.CreateIfNotExists(caKeyPath, overwrite); err != nil {
		log.Fatal(err)
	}

	// server cert
	if err := utils.CreateIfNotExists(serverCertPath, overwrite); err != nil {
		log.Fatal(err)
	}

	// server key
	if err := utils.CreateIfNotExists(serverKeyPath, overwrite); err != nil {
		log.Fatal(err)
	}

	// client cert
	if err := utils.CreateIfNotExists(clientCertPath, overwrite); err != nil {
		log.Fatal(err)
	}

	// client key
	if err := utils.CreateIfNotExists(clientKeyPath, overwrite); err != nil {
		log.Fatal(err)
	}

	// generate ca
	caCert, caKey, err := tlsutils.GenerateCACertificate(org, bits)
	if err != nil {
		log.Fatal(err)
	}

	log.Debugf("creating ca certificate: path=%s", caCertPath)
	if err := ioutil.WriteFile(caCertPath, caCert, 0600); err != nil {
		log.Fatal(err)
	}

	log.Debugf("creating ca key: path=%s", caKeyPath)
	if err := ioutil.WriteFile(caKeyPath, caKey, 0600); err != nil {
		log.Fatal(err)
	}

	// generate client
	clientCert, clientKey, err := tlsutils.GenerateCertificate(
		nil,
		caCert,
		caKey,
		org,
		"",
		bits,
	)
	if err != nil {
		log.Fatal(err)
	}

	log.Debugf("creating client certificate: path=%s", clientCertPath)
	if err := ioutil.WriteFile(clientCertPath, clientCert, 0600); err != nil {
		log.Fatal(err)
	}

	log.Debugf("creating client key: path=%s", clientKeyPath)
	if err := ioutil.WriteFile(clientKeyPath, clientKey, 0600); err != nil {
		log.Fatal(err)
	}

	// generate server
	serverCert, serverKey, err := tlsutils.GenerateCertificate(
		hosts,
		caCert,
		caKey,
		org,
		"",
		bits,
	)
	if err != nil {
		log.Fatal(err)
	}

	log.Debugf("creating server certificate: path=%s", serverCertPath)
	if err := ioutil.WriteFile(serverCertPath, serverCert, 0600); err != nil {
		log.Fatal(err)
	}

	log.Debugf("creating server key: path=%s", serverKeyPath)
	if err := ioutil.WriteFile(serverKeyPath, serverKey, 0600); err != nil {
		log.Fatal(err)
	}
}