closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4815 Commits
2 Branches
178 MiB
Tree: 2831267db1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2831267db1'
${ noResults }
gitea/cmd/cert.go

186 lines
4.8 KiB
Raw Normal View History

Feature: Integrate crypto/tls/generate_cert.go command
10 years ago
Get rid of bin folder within makefile, enabled TiDB (#319) * Get rid of the bin folder within the build process Signed-off-by: Thomas Boerger <thomas@webhippie.de> * Dropped latest make task, it is unused Signed-off-by: Thomas Boerger <thomas@webhippie.de> * Added tidb tag to drone config Signed-off-by: Thomas Boerger <thomas@webhippie.de> * Dropped the cert build tag Signed-off-by: Thomas Boerger <thomas@webhippie.de> * Dropped useless minwinsvc build tag Signed-off-by: Thomas Boerger <thomas@webhippie.de> * Dropped the useless build tags from drone config Signed-off-by: Thomas Boerger <thomas@webhippie.de>
8 years ago
Feature: Integrate crypto/tls/generate_cert.go command
10 years ago
Fix import path
8 years ago
Feature: Integrate crypto/tls/generate_cert.go command
10 years ago
Made linter happy in cmd folder
8 years ago
Feature: Integrate crypto/tls/generate_cert.go command
10 years ago
Made linter happy in cmd folder
8 years ago
Feature: Integrate crypto/tls/generate_cert.go command
10 years ago
Use cli Flags directly and not some helper funcs Signed-off-by: Matthias Loibl <mail@matthiasloibl.com>
8 years ago
Feature: Integrate crypto/tls/generate_cert.go command
10 years ago
Minor fix for go vet
8 years ago
Feature: Integrate crypto/tls/generate_cert.go command
10 years ago
#3045 fix DEPRECATED Action signature erorr
8 years ago
Feature: Integrate crypto/tls/generate_cert.go command
10 years ago
Remove remaining Gogs reference on locales and cmd (#430)
8 years ago
Feature: Integrate crypto/tls/generate_cert.go command
10 years ago
Minor fix for go vet
8 years ago
Feature: Integrate crypto/tls/generate_cert.go command
10 years ago
#3045 fix DEPRECATED Action signature erorr
8 years ago
Feature: Integrate crypto/tls/generate_cert.go command
10 years ago
 
  1. // Copyright 2009 The Go Authors. All rights reserved.

  2. // Copyright 2014 The Gogs Authors. All rights reserved.

  3. // Copyright 2016 The Gitea Authors. All rights reserved.

  4. // Use of this source code is governed by a MIT-style

  5. // license that can be found in the LICENSE file.

  6. 

  7. package cmd
  8. 

  9. import (
  10. 	"crypto/ecdsa"
  11. 	"crypto/elliptic"
  12. 	"crypto/rand"
  13. 	"crypto/rsa"
  14. 	"crypto/x509"
  15. 	"crypto/x509/pkix"
  16. 	"encoding/pem"
  17. 	"log"
  18. 	"math/big"
  19. 	"net"
  20. 	"os"
  21. 	"strings"
  22. 	"time"
  23. 

  24. 	"github.com/urfave/cli"
  25. )
  26. 

  27. // CmdCert represents the available cert sub-command.

  28. var CmdCert = cli.Command{
  29. 	Name:  "cert",
  30. 	Usage: "Generate self-signed certificate",
  31. 	Description: `Generate a self-signed X.509 certificate for a TLS server.
  32. Outputs to 'cert.pem' and 'key.pem' and will overwrite existing files.`,
  33. 	Action: runCert,
  34. 	Flags: []cli.Flag{
  35. 		cli.StringFlag{
  36. 			Name:  "host",
  37. 			Value: "",
  38. 			Usage: "Comma-separated hostnames and IPs to generate a certificate for",
  39. 		},
  40. 		cli.StringFlag{
  41. 			Name:  "ecdsa-curve",
  42. 			Value: "",
  43. 			Usage: "ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521",
  44. 		},
  45. 		cli.IntFlag{
  46. 			Name:  "rsa-bits",
  47. 			Value: 2048,
  48. 			Usage: "Size of RSA key to generate. Ignored if --ecdsa-curve is set",
  49. 		},
  50. 		cli.StringFlag{
  51. 			Name:  "start-date",
  52. 			Value: "",
  53. 			Usage: "Creation date formatted as Jan 1 15:04:05 2011",
  54. 		},
  55. 		cli.DurationFlag{
  56. 			Name:  "duration",
  57. 			Value: 365 * 24 * time.Hour,
  58. 			Usage: "Duration that certificate is valid for",
  59. 		},
  60. 		cli.BoolFlag{
  61. 			Name:  "ca",
  62. 			Usage: "whether this cert should be its own Certificate Authority",
  63. 		},
  64. 	},
  65. }
  66. 

  67. func publicKey(priv interface{}) interface{} {
  68. 	switch k := priv.(type) {
  69. 	case *rsa.PrivateKey:
  70. 		return &k.PublicKey
  71. 	case *ecdsa.PrivateKey:
  72. 		return &k.PublicKey
  73. 	default:
  74. 		return nil
  75. 	}
  76. }
  77. 

  78. func pemBlockForKey(priv interface{}) *pem.Block {
  79. 	switch k := priv.(type) {
  80. 	case *rsa.PrivateKey:
  81. 		return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k)}
  82. 	case *ecdsa.PrivateKey:
  83. 		b, err := x509.MarshalECPrivateKey(k)
  84. 		if err != nil {
  85. 			log.Fatalf("Unable to marshal ECDSA private key: %v\n", err)
  86. 		}
  87. 		return &pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
  88. 	default:
  89. 		return nil
  90. 	}
  91. }
  92. 

  93. func runCert(ctx *cli.Context) error {
  94. 	if len(ctx.String("host")) == 0 {
  95. 		log.Fatal("Missing required --host parameter")
  96. 	}
  97. 

  98. 	var priv interface{}
  99. 	var err error
  100. 	switch ctx.String("ecdsa-curve") {
  101. 	case "":
  102. 		priv, err = rsa.GenerateKey(rand.Reader, ctx.Int("rsa-bits"))
  103. 	case "P224":
  104. 		priv, err = ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
  105. 	case "P256":
  106. 		priv, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
  107. 	case "P384":
  108. 		priv, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
  109. 	case "P521":
  110. 		priv, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
  111. 	default:
  112. 		log.Fatalf("Unrecognized elliptic curve: %q", ctx.String("ecdsa-curve"))
  113. 	}
  114. 	if err != nil {
  115. 		log.Fatalf("Failed to generate private key: %s", err)
  116. 	}
  117. 

  118. 	var notBefore time.Time
  119. 	if len(ctx.String("start-date")) == 0 {
  120. 		notBefore = time.Now()
  121. 	} else {
  122. 		notBefore, err = time.Parse("Jan 2 15:04:05 2006", ctx.String("start-date"))
  123. 		if err != nil {
  124. 			log.Fatalf("Failed to parse creation date: %s", err)
  125. 		}
  126. 	}
  127. 

  128. 	notAfter := notBefore.Add(ctx.Duration("duration"))
  129. 

  130. 	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
  131. 	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
  132. 	if err != nil {
  133. 		log.Fatalf("Failed to generate serial number: %s", err)
  134. 	}
  135. 

  136. 	template := x509.Certificate{
  137. 		SerialNumber: serialNumber,
  138. 		Subject: pkix.Name{
  139. 			Organization: []string{"Acme Co"},
  140. 			CommonName:   "Gitea",
  141. 		},
  142. 		NotBefore: notBefore,
  143. 		NotAfter:  notAfter,
  144. 

  145. 		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
  146. 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
  147. 		BasicConstraintsValid: true,
  148. 	}
  149. 

  150. 	hosts := strings.Split(ctx.String("host"), ",")
  151. 	for _, h := range hosts {
  152. 		if ip := net.ParseIP(h); ip != nil {
  153. 			template.IPAddresses = append(template.IPAddresses, ip)
  154. 		} else {
  155. 			template.DNSNames = append(template.DNSNames, h)
  156. 		}
  157. 	}
  158. 

  159. 	if ctx.Bool("ca") {
  160. 		template.IsCA = true
  161. 		template.KeyUsage |= x509.KeyUsageCertSign
  162. 	}
  163. 

  164. 	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv)
  165. 	if err != nil {
  166. 		log.Fatalf("Failed to create certificate: %s", err)
  167. 	}
  168. 

  169. 	certOut, err := os.Create("cert.pem")
  170. 	if err != nil {
  171. 		log.Fatalf("Failed to open cert.pem for writing: %s", err)
  172. 	}
  173. 	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
  174. 	certOut.Close()
  175. 	log.Println("Written cert.pem")
  176. 

  177. 	keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
  178. 	if err != nil {
  179. 		log.Fatalf("Failed to open key.pem for writing: %v\n", err)
  180. 	}
  181. 	pem.Encode(keyOut, pemBlockForKey(priv))
  182. 	keyOut.Close()
  183. 	log.Println("Written key.pem")
  184. 

  185. 	return nil
  186. }