Compare commits

..

10 Commits

Author SHA1 Message Date
Urko 9893e625b5 fix: duration 2023-02-20 21:35:19 +01:00
Urko d37336d578 feat: update READMe add goreportcard 2023-02-15 20:05:21 +01:00
Urko 03272b363d feat: fix misspell 2023-02-15 19:49:25 +01:00
Urko 6088b91dbd feat: update makefile 2023-02-15 19:49:14 +01:00
Urko 9a470510a4 feat: add Makefile 2023-02-15 19:48:05 +01:00
Urko 34e22c5338 feat: update readme 2023-02-15 19:47:58 +01:00
Urko 868ebbf79d fix lint 2023-02-15 19:47:52 +01:00
Urko e73874986e feat: update README 2023-02-15 19:45:27 +01:00
Urko 762ba66de8 feat: add README 2023-02-15 19:41:00 +01:00
Urko b7ae9b2fd9 feat: add .env.example 2023-02-15 19:34:48 +01:00
6 changed files with 103 additions and 7 deletions

3
.env.example Normal file
View File

@ -0,0 +1,3 @@
VIPER_CONFIG=your-viper-file-name-without-extension
VIPER_CONFIG_TYPE=yaml
ENV=dev

6
Makefile Normal file
View File

@ -0,0 +1,6 @@
lint:
golangci-lint run ./...
goreportcard:
goreportcard-cli -v
test:
go test ./...

79
README.md Normal file
View File

@ -0,0 +1,79 @@
# go-gen-cert
## Preamble
I've decided to create this project based on [this example](https://github.com/yasushi-saito/grpc-ssl-example/blob/master/go/main.go) but with some improvements, which I would like to give thanks.
I had some trouble during TLS communication between both of my gRPC server and client. I've decided to create a tool to generate SSL certificates following a little of this [guide](https://jamielinux.com/docs/openssl-certificate-authority/create-the-intermediate-pair.html).
## TODO:
- [ ] Create intermediate authority to sign certificates on behalf CA to add more security. If intermediate is hacked then you can revoke from CA and generate new intermediates keeping CA isolated from beeing hacked.
- [ ] Complete tests
## Configuration
If you are on `dev` environment, like I've been doing, you must create `.env` file similar as `.env.example` in this repo:
```bash
VIPER_CONFIG=your-viper-file-name-without-extension
VIPER_CONFIG_TYPE=yaml
ENV=dev
```
Then add viper configuration file, yaml for example, in your root directory:
```yaml
export_dir: "/home"
ca:
serial_number: 12152 # serial number
subject:
organization: "yourdomain.com"
common_name: "*.yourdomain.com"
key_usage: 1
ext_key_usage:
- 1
- 2
duration: 518400 #1 year
client:
serial_number: 12151232 # serial number
subject:
organization: "yourdomain.com"
country: "RM"
province: "REML"
locality: ""
street_address: ""
postal_code: ""
subject_key_id:
- 1
- 2
- 3
- 4
- 6
key_usage: 1
ext_key_usage:
- 1
- 2
duration: 518400
```
## Execution
Then you can just run
```bash
go run main.go
```
## goreportcard
```bash
make goreportcard
```
output:
```bash
goreportcard-cli -v
Grade ........... A+ 94.1%
Files .................. 9
Issues ................. 1
gofmt ............... 100%
go_vet .............. 100%
gocyclo ............. 100%
ineffassign ......... 100%
license ............... 0%
misspell ............ 100%
```

View File

@ -108,7 +108,7 @@ func exportPem(filename string, data []byte) {
if err != nil { if err != nil {
log.Fatalf("rootCA.WithClientCert: %s", err) log.Fatalf("rootCA.WithClientCert: %s", err)
} }
log.Printf("file created successfuly: %s\n", outputPath) log.Printf("file created successfully: %s\n", outputPath)
} }
func init() { func init() {

View File

@ -47,11 +47,11 @@ func encodePrivateKey(priv *ecdsa.PrivateKey) ([]byte, error) {
if err != nil { if err != nil {
return nil, fmt.Errorf("marshal: %s", err) return nil, fmt.Errorf("marshal: %s", err)
} }
pem.Encode(out, &pem.Block{ err = pem.Encode(out, &pem.Block{
Type: "PRIVATE KEY", Type: "PRIVATE KEY",
Bytes: privBytes, Bytes: privBytes,
}) })
return out.Bytes(), nil return out.Bytes(), err
} }
// Create a self-signed certificate. // Create a self-signed certificate.
@ -80,7 +80,11 @@ func newRootCA(config *ca.CaConfig) ([]byte, []byte, error) {
} }
out := &bytes.Buffer{} out := &bytes.Buffer{}
pem.Encode(out, &pem.Block{Type: "CERTIFICATE", Bytes: der}) err = pem.Encode(out, &pem.Block{Type: "CERTIFICATE", Bytes: der})
if err != nil {
return nil, nil, fmt.Errorf("pem.Encode: %s", err)
}
caPEM := out.Bytes() caPEM := out.Bytes()
keyPEM, err := encodePrivateKey(priv) keyPEM, err := encodePrivateKey(priv)
if err != nil { if err != nil {
@ -125,7 +129,11 @@ func newClientCert(config *client.ClientCertConfig, rootCA *x509.Certificate, ro
} }
out := &bytes.Buffer{} out := &bytes.Buffer{}
pem.Encode(out, &pem.Block{Type: "CERTIFICATE", Bytes: der}) err = pem.Encode(out, &pem.Block{Type: "CERTIFICATE", Bytes: der})
if err != nil {
return nil, nil, fmt.Errorf("pem.Encode: %s", err)
}
certPEM := out.Bytes() certPEM := out.Bytes()
keyPEM, err := encodePrivateKey(priv) keyPEM, err := encodePrivateKey(priv)
if err != nil { if err != nil {

View File

@ -8,7 +8,7 @@ ca:
ext_key_usage: ext_key_usage:
- 1 - 1
- 2 - 2
duration: 518400 #1 year duration: "8760h0m0s" #1 year
client: client:
serial_number: 12151232 # serial number serial_number: 12151232 # serial number
subject: subject:
@ -28,4 +28,4 @@ client:
ext_key_usage: ext_key_usage:
- 1 - 1
- 2 - 2
duration: 518400 duration: "8760h0m0s"