closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4277 Commits
2 Branches
178 MiB
Tree: 1b962bac0b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1b962bac0b'
${ noResults }
gitea/cmd/cert.go

164 lines
4.5 KiB
Raw Normal View History

Fix #524
10 years ago
Feature: Integrate crypto/tls/generate_cert.go command
10 years ago
Fix import path
8 years ago
Feature: Integrate crypto/tls/generate_cert.go command
10 years ago
Made linter happy in cmd folder
8 years ago
Feature: Integrate crypto/tls/generate_cert.go command
10 years ago
Made linter happy in cmd folder
8 years ago
Feature: Integrate crypto/tls/generate_cert.go command
10 years ago
fix api broken
9 years ago
Feature: Integrate crypto/tls/generate_cert.go command
10 years ago
Minor fix for go vet
8 years ago
Feature: Integrate crypto/tls/generate_cert.go command
10 years ago
#3045 fix DEPRECATED Action signature erorr
8 years ago
Feature: Integrate crypto/tls/generate_cert.go command
10 years ago
fix import path, fix #1782
9 years ago
Feature: Integrate crypto/tls/generate_cert.go command
10 years ago
Minor fix for go vet
8 years ago
Feature: Integrate crypto/tls/generate_cert.go command
10 years ago
#3045 fix DEPRECATED Action signature erorr
8 years ago
Feature: Integrate crypto/tls/generate_cert.go command
10 years ago
 
  1. // +build cert

  2. 

  3. // Copyright 2009 The Go Authors. All rights reserved.

  4. // Copyright 2014 The Gogs Authors. All rights reserved.

  5. // Use of this source code is governed by a MIT-style

  6. // license that can be found in the LICENSE file.

  7. 

  8. package cmd
  9. 

  10. import (
  11. 	"crypto/ecdsa"
  12. 	"crypto/elliptic"
  13. 	"crypto/rand"
  14. 	"crypto/rsa"
  15. 	"crypto/x509"
  16. 	"crypto/x509/pkix"
  17. 	"encoding/pem"
  18. 	"log"
  19. 	"math/big"
  20. 	"net"
  21. 	"os"
  22. 	"strings"
  23. 	"time"
  24. 

  25. 	"github.com/urfave/cli"
  26. )
  27. 

  28. // CmdCert represents the available cert sub-command.

  29. var CmdCert = cli.Command{
  30. 	Name:  "cert",
  31. 	Usage: "Generate self-signed certificate",
  32. 	Description: `Generate a self-signed X.509 certificate for a TLS server.
  33. Outputs to 'cert.pem' and 'key.pem' and will overwrite existing files.`,
  34. 	Action: runCert,
  35. 	Flags: []cli.Flag{
  36. 		stringFlag("host", "", "Comma-separated hostnames and IPs to generate a certificate for"),
  37. 		stringFlag("ecdsa-curve", "", "ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521"),
  38. 		intFlag("rsa-bits", 2048, "Size of RSA key to generate. Ignored if --ecdsa-curve is set"),
  39. 		stringFlag("start-date", "", "Creation date formatted as Jan 1 15:04:05 2011"),
  40. 		durationFlag("duration", 365*24*time.Hour, "Duration that certificate is valid for"),
  41. 		boolFlag("ca", "whether this cert should be its own Certificate Authority"),
  42. 	},
  43. }
  44. 

  45. func publicKey(priv interface{}) interface{} {
  46. 	switch k := priv.(type) {
  47. 	case *rsa.PrivateKey:
  48. 		return &k.PublicKey
  49. 	case *ecdsa.PrivateKey:
  50. 		return &k.PublicKey
  51. 	default:
  52. 		return nil
  53. 	}
  54. }
  55. 

  56. func pemBlockForKey(priv interface{}) *pem.Block {
  57. 	switch k := priv.(type) {
  58. 	case *rsa.PrivateKey:
  59. 		return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k)}
  60. 	case *ecdsa.PrivateKey:
  61. 		b, err := x509.MarshalECPrivateKey(k)
  62. 		if err != nil {
  63. 			log.Fatalf("Unable to marshal ECDSA private key: %v\n", err)
  64. 		}
  65. 		return &pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
  66. 	default:
  67. 		return nil
  68. 	}
  69. }
  70. 

  71. func runCert(ctx *cli.Context) error {
  72. 	if len(ctx.String("host")) == 0 {
  73. 		log.Fatal("Missing required --host parameter")
  74. 	}
  75. 

  76. 	var priv interface{}
  77. 	var err error
  78. 	switch ctx.String("ecdsa-curve") {
  79. 	case "":
  80. 		priv, err = rsa.GenerateKey(rand.Reader, ctx.Int("rsa-bits"))
  81. 	case "P224":
  82. 		priv, err = ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
  83. 	case "P256":
  84. 		priv, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
  85. 	case "P384":
  86. 		priv, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
  87. 	case "P521":
  88. 		priv, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
  89. 	default:
  90. 		log.Fatalf("Unrecognized elliptic curve: %q", ctx.String("ecdsa-curve"))
  91. 	}
  92. 	if err != nil {
  93. 		log.Fatalf("Failed to generate private key: %s", err)
  94. 	}
  95. 

  96. 	var notBefore time.Time
  97. 	if len(ctx.String("start-date")) == 0 {
  98. 		notBefore = time.Now()
  99. 	} else {
  100. 		notBefore, err = time.Parse("Jan 2 15:04:05 2006", ctx.String("start-date"))
  101. 		if err != nil {
  102. 			log.Fatalf("Failed to parse creation date: %s", err)
  103. 		}
  104. 	}
  105. 

  106. 	notAfter := notBefore.Add(ctx.Duration("duration"))
  107. 

  108. 	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
  109. 	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
  110. 	if err != nil {
  111. 		log.Fatalf("Failed to generate serial number: %s", err)
  112. 	}
  113. 

  114. 	template := x509.Certificate{
  115. 		SerialNumber: serialNumber,
  116. 		Subject: pkix.Name{
  117. 			Organization: []string{"Acme Co"},
  118. 			CommonName:   "Gogs",
  119. 		},
  120. 		NotBefore: notBefore,
  121. 		NotAfter:  notAfter,
  122. 

  123. 		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
  124. 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
  125. 		BasicConstraintsValid: true,
  126. 	}
  127. 

  128. 	hosts := strings.Split(ctx.String("host"), ",")
  129. 	for _, h := range hosts {
  130. 		if ip := net.ParseIP(h); ip != nil {
  131. 			template.IPAddresses = append(template.IPAddresses, ip)
  132. 		} else {
  133. 			template.DNSNames = append(template.DNSNames, h)
  134. 		}
  135. 	}
  136. 

  137. 	if ctx.Bool("ca") {
  138. 		template.IsCA = true
  139. 		template.KeyUsage |= x509.KeyUsageCertSign
  140. 	}
  141. 

  142. 	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv)
  143. 	if err != nil {
  144. 		log.Fatalf("Failed to create certificate: %s", err)
  145. 	}
  146. 

  147. 	certOut, err := os.Create("cert.pem")
  148. 	if err != nil {
  149. 		log.Fatalf("Failed to open cert.pem for writing: %s", err)
  150. 	}
  151. 	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
  152. 	certOut.Close()
  153. 	log.Println("Written cert.pem")
  154. 

  155. 	keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
  156. 	if err != nil {
  157. 		log.Fatalf("Failed to open key.pem for writing: %v\n", err)
  158. 	}
  159. 	pem.Encode(keyOut, pemBlockForKey(priv))
  160. 	keyOut.Close()
  161. 	log.Println("Written key.pem")
  162. 

  163. 	return nil
  164. }