Пример #1
0
//AuthenticateAndSave generates a key, creates a CSR, sends to CA and stores the generated private key and certificate
func AuthenticateAndSave(endpoint, token, keyOut, crtOut, caCertOut *string, keysize int, cn, ip, domain, organization, country *string, caCertificateHash *[]byte) error {
	key, err := pkix.CreateRSAKey(keysize)
	if err != nil {
		logger.Error.Printf("Unable to generate keys. %s", err)
		return err
	}

	ipListArray, domainListArray, err := util.GetHostnameAndIp()
	if err != nil {
		return fmt.Errorf("Unable to obtain hostname and ip: %s", err)
	}

	ipList := util.ListToString(ipListArray, *ip)
	domainList := util.ListToString(domainListArray, *domain)

	logger.Info.Printf("Register Cert with: %s  ; %s", *domainList, *ipList)

	certProp := CertificateProperties{
		name:         *cn,
		ip_list:      *ipList,
		domain_list:  *domainList,
		organization: *organization,
		country:      *country,
	}

	logger.Info.Println(certProp)

	cert, err := Authenticate(endpoint, token, key, &certProp, caCertificateHash)
	if err != nil {
		return fmt.Errorf("Unable to authenticate. %s", err)
	}

	if err := key.SavePrivate(keyOut); err != nil {
		return fmt.Errorf("Unable to save key: %s", err)
	}

	if err := cert.Save(crtOut); err != nil {
		return fmt.Errorf("Unable to save certificate: %s", err)
	}

	caCert, err := GetCACertificate(endpoint)
	if err != nil {
		return fmt.Errorf("Unable to get CA Certificate. %s", err)
	}

	if err := caCert.Save(caCertOut); err != nil {
		return fmt.Errorf("Unable to save CA certificate: %s", err)
	}

	return nil
}
Пример #2
0
//CreateHTTPSKeys generates a key-pair signed by the CA to be used in its HTTPS server
func CreateHTTPSKeys(outKey, outCert *string) error {
	logger.Info.Println("Creating https key")

	keyLength := 4096
	// create keys
	keys, err := pkix.CreateRSAKey(keyLength)
	if err != nil {
		return err
	}

	caIPList, caDomainList, err = util.GetHostnameAndIp()
	// create csr
	name := "ca"
	ipListStr := util.ListToString(caIPList, "")
	domainListStr := util.ListToString(caDomainList, "")
	organization := "symbios"
	country := "PT-PT"
	ttl := 2 // years

	logger.Info.Printf("HTTPS Cert with: %s  ; %s", *domainListStr, *ipListStr)

	csr, err := pkix.CreateCertificateSigningRequest(keys, name, *ipListStr, *domainListStr, organization, country)
	if err != nil {
		return err
	}

	certificate, err := pkix.CreateCertificateHost(caCertificate, caInfo, caKey, csr, ttl)

	if err := keys.SavePrivate(outKey); err != nil {
		return fmt.Errorf("Unable to save https key: %s", err)
	}

	if err := certificate.Save(outCert); err != nil {
		return fmt.Errorf("Unable to save https certificate: %s", err)
	}
	return nil
}