Compare commits
No commits in common. "9893e625b5c2a212acae99e73bbcc8fc078459b3" and "652ca4b524b2e826928ae6c412ce1ee4bb7c2599" have entirely different histories.
9893e625b5
...
652ca4b524
|
@ -1,3 +0,0 @@
|
||||||
VIPER_CONFIG=your-viper-file-name-without-extension
|
|
||||||
VIPER_CONFIG_TYPE=yaml
|
|
||||||
ENV=dev
|
|
6
Makefile
6
Makefile
|
@ -1,6 +0,0 @@
|
||||||
lint:
|
|
||||||
golangci-lint run ./...
|
|
||||||
goreportcard:
|
|
||||||
goreportcard-cli -v
|
|
||||||
test:
|
|
||||||
go test ./...
|
|
79
README.md
79
README.md
|
@ -1,79 +0,0 @@
|
||||||
# go-gen-cert
|
|
||||||
|
|
||||||
## Preamble
|
|
||||||
I've decided to create this project based on [this example](https://github.com/yasushi-saito/grpc-ssl-example/blob/master/go/main.go) but with some improvements, which I would like to give thanks.
|
|
||||||
|
|
||||||
I had some trouble during TLS communication between both of my gRPC server and client. I've decided to create a tool to generate SSL certificates following a little of this [guide](https://jamielinux.com/docs/openssl-certificate-authority/create-the-intermediate-pair.html).
|
|
||||||
|
|
||||||
## TODO:
|
|
||||||
- [ ] Create intermediate authority to sign certificates on behalf CA to add more security. If intermediate is hacked then you can revoke from CA and generate new intermediates keeping CA isolated from beeing hacked.
|
|
||||||
|
|
||||||
- [ ] Complete tests
|
|
||||||
|
|
||||||
## Configuration
|
|
||||||
If you are on `dev` environment, like I've been doing, you must create `.env` file similar as `.env.example` in this repo:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
VIPER_CONFIG=your-viper-file-name-without-extension
|
|
||||||
VIPER_CONFIG_TYPE=yaml
|
|
||||||
ENV=dev
|
|
||||||
```
|
|
||||||
|
|
||||||
Then add viper configuration file, yaml for example, in your root directory:
|
|
||||||
```yaml
|
|
||||||
export_dir: "/home"
|
|
||||||
ca:
|
|
||||||
serial_number: 12152 # serial number
|
|
||||||
subject:
|
|
||||||
organization: "yourdomain.com"
|
|
||||||
common_name: "*.yourdomain.com"
|
|
||||||
key_usage: 1
|
|
||||||
ext_key_usage:
|
|
||||||
- 1
|
|
||||||
- 2
|
|
||||||
duration: 518400 #1 year
|
|
||||||
client:
|
|
||||||
serial_number: 12151232 # serial number
|
|
||||||
subject:
|
|
||||||
organization: "yourdomain.com"
|
|
||||||
country: "RM"
|
|
||||||
province: "REML"
|
|
||||||
locality: ""
|
|
||||||
street_address: ""
|
|
||||||
postal_code: ""
|
|
||||||
subject_key_id:
|
|
||||||
- 1
|
|
||||||
- 2
|
|
||||||
- 3
|
|
||||||
- 4
|
|
||||||
- 6
|
|
||||||
key_usage: 1
|
|
||||||
ext_key_usage:
|
|
||||||
- 1
|
|
||||||
- 2
|
|
||||||
duration: 518400
|
|
||||||
```
|
|
||||||
## Execution
|
|
||||||
Then you can just run
|
|
||||||
```bash
|
|
||||||
go run main.go
|
|
||||||
```
|
|
||||||
|
|
||||||
## goreportcard
|
|
||||||
```bash
|
|
||||||
make goreportcard
|
|
||||||
```
|
|
||||||
output:
|
|
||||||
```bash
|
|
||||||
goreportcard-cli -v
|
|
||||||
Grade ........... A+ 94.1%
|
|
||||||
Files .................. 9
|
|
||||||
Issues ................. 1
|
|
||||||
gofmt ............... 100%
|
|
||||||
go_vet .............. 100%
|
|
||||||
gocyclo ............. 100%
|
|
||||||
ineffassign ......... 100%
|
|
||||||
license ............... 0%
|
|
||||||
|
|
||||||
misspell ............ 100%
|
|
||||||
```
|
|
|
@ -108,7 +108,7 @@ func exportPem(filename string, data []byte) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("rootCA.WithClientCert: %s", err)
|
log.Fatalf("rootCA.WithClientCert: %s", err)
|
||||||
}
|
}
|
||||||
log.Printf("file created successfully: %s\n", outputPath)
|
log.Printf("file created successfuly: %s\n", outputPath)
|
||||||
}
|
}
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
|
|
@ -47,11 +47,11 @@ func encodePrivateKey(priv *ecdsa.PrivateKey) ([]byte, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("marshal: %s", err)
|
return nil, fmt.Errorf("marshal: %s", err)
|
||||||
}
|
}
|
||||||
err = pem.Encode(out, &pem.Block{
|
pem.Encode(out, &pem.Block{
|
||||||
Type: "PRIVATE KEY",
|
Type: "PRIVATE KEY",
|
||||||
Bytes: privBytes,
|
Bytes: privBytes,
|
||||||
})
|
})
|
||||||
return out.Bytes(), err
|
return out.Bytes(), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Create a self-signed certificate.
|
// Create a self-signed certificate.
|
||||||
|
@ -80,11 +80,7 @@ func newRootCA(config *ca.CaConfig) ([]byte, []byte, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
out := &bytes.Buffer{}
|
out := &bytes.Buffer{}
|
||||||
err = pem.Encode(out, &pem.Block{Type: "CERTIFICATE", Bytes: der})
|
pem.Encode(out, &pem.Block{Type: "CERTIFICATE", Bytes: der})
|
||||||
if err != nil {
|
|
||||||
return nil, nil, fmt.Errorf("pem.Encode: %s", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
caPEM := out.Bytes()
|
caPEM := out.Bytes()
|
||||||
keyPEM, err := encodePrivateKey(priv)
|
keyPEM, err := encodePrivateKey(priv)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -129,11 +125,7 @@ func newClientCert(config *client.ClientCertConfig, rootCA *x509.Certificate, ro
|
||||||
}
|
}
|
||||||
|
|
||||||
out := &bytes.Buffer{}
|
out := &bytes.Buffer{}
|
||||||
err = pem.Encode(out, &pem.Block{Type: "CERTIFICATE", Bytes: der})
|
pem.Encode(out, &pem.Block{Type: "CERTIFICATE", Bytes: der})
|
||||||
if err != nil {
|
|
||||||
return nil, nil, fmt.Errorf("pem.Encode: %s", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
certPEM := out.Bytes()
|
certPEM := out.Bytes()
|
||||||
keyPEM, err := encodePrivateKey(priv)
|
keyPEM, err := encodePrivateKey(priv)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -8,7 +8,7 @@ ca:
|
||||||
ext_key_usage:
|
ext_key_usage:
|
||||||
- 1
|
- 1
|
||||||
- 2
|
- 2
|
||||||
duration: "8760h0m0s" #1 year
|
duration: 518400 #1 year
|
||||||
client:
|
client:
|
||||||
serial_number: 12151232 # serial number
|
serial_number: 12151232 # serial number
|
||||||
subject:
|
subject:
|
||||||
|
@ -28,4 +28,4 @@ client:
|
||||||
ext_key_usage:
|
ext_key_usage:
|
||||||
- 1
|
- 1
|
||||||
- 2
|
- 2
|
||||||
duration: "8760h0m0s"
|
duration: 518400
|
Loading…
Reference in New Issue