mirror of
https://github.com/coalaura/up.git
synced 2025-07-17 21:44:35 +00:00
validate server key
This commit is contained in:
Laura
73
server/certificate.go
Normal file
73
server/certificate.go
Normal file
@ -0,0 +1,73 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/x509"
|
||||
"crypto/x509/pkix"
|
||||
"encoding/pem"
|
||||
"math/big"
|
||||
"os"
|
||||
"time"
|
||||
)
|
||||
|
||||
func EnsureCertificate(certPath, keyPath string) error {
|
||||
if _, err := os.Stat(certPath); err == nil {
|
||||
if _, err = os.Stat(keyPath); err == nil {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
private, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
now := time.Now()
|
||||
|
||||
serial, err := rand.Int(rand.Reader, big.NewInt(1<<62))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
template := x509.Certificate{
|
||||
SerialNumber: serial,
|
||||
Subject: pkix.Name{CommonName: "up"},
|
||||
NotBefore: now,
|
||||
NotAfter: now.AddDate(1, 0, 0),
|
||||
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
|
||||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
|
||||
}
|
||||
|
||||
certificate, err := x509.CreateCertificate(rand.Reader, &template, &template, &private.PublicKey, private)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
cFile, err := os.OpenFile(certPath, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0600)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
defer cFile.Close()
|
||||
|
||||
err = pem.Encode(cFile, &pem.Block{
|
||||
Type: "CERTIFICATE",
|
||||
Bytes: certificate,
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
kFile, err := os.OpenFile(keyPath, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0600)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
defer kFile.Close()
|
||||
|
||||
return pem.Encode(kFile, &pem.Block{
|
||||
Type: "RSA PRIVATE KEY",
|
||||
Bytes: x509.MarshalPKCS1PrivateKey(private),
|
||||
})
|
||||
}
|
||||
@ -9,7 +9,7 @@ import (
|
||||
)
|
||||
|
||||
var (
|
||||
log = logger.New().WithOptions(logger.Options{
|
||||
log = logger.New().DetectTerminal().WithOptions(logger.Options{
|
||||
NoLevel: true,
|
||||
})
|
||||
|
||||
@ -21,6 +21,9 @@ func main() {
|
||||
authorized, err := LoadAuthorizedKeys()
|
||||
log.MustPanic(err)
|
||||
|
||||
err = EnsureCertificate("cert.pem", "key.pem")
|
||||
log.MustPanic(err)
|
||||
|
||||
r := chi.NewRouter()
|
||||
|
||||
r.Post("/request", func(w http.ResponseWriter, r *http.Request) {
|
||||
@ -34,5 +37,5 @@ func main() {
|
||||
r.Post("/receive", HandleReceiveRequest)
|
||||
|
||||
log.Println("Listening on :7966")
|
||||
http.ListenAndServe(":7966", r)
|
||||
http.ListenAndServeTLS(":7966", "cert.pem", "key.pem", r)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user