diff options
| author | adnano <[email protected]> | 2020-10-13 17:33:14 -0400 |
|---|---|---|
| committer | adnano <[email protected]> | 2020-10-13 17:33:14 -0400 |
| commit | d99e3ed17c04ab10493854881c52ccf26623eca6 (patch) | |
| tree | f1c685be17d0688bc0e3b8cfe5a211b96f820e9f /examples | |
| parent | Remove WriteX509KeyPair function (diff) | |
| download | go-gemini-d99e3ed17c04ab10493854881c52ccf26623eca6.tar.xz go-gemini-d99e3ed17c04ab10493854881c52ccf26623eca6.zip | |
Remove NewRawCertificate function
Diffstat (limited to 'examples')
| -rw-r--r-- | examples/cert.go | 44 | ||||
| -rw-r--r-- | examples/server.go | 51 |
2 files changed, 80 insertions, 15 deletions
diff --git a/examples/cert.go b/examples/cert.go index 7d3597d..4c16a01 100644 --- a/examples/cert.go +++ b/examples/cert.go @@ -3,6 +3,10 @@ package main import ( + "bytes" + "crypto/tls" + "crypto/x509" + "encoding/pem" "log" "os" "time" @@ -13,19 +17,27 @@ import ( func main() { host := "localhost" duration := 365 * 24 * time.Hour - crt, key, err := gmi.NewRawCertificate(host, duration) + cert, err := gmi.NewCertificate(host, duration) if err != nil { log.Fatal(err) } - - if err := writeX509KeyPair(host, crt, key); err != nil { + if err := writeCertificate(host, cert); err != nil { log.Fatal(err) } } -// writeX509KeyPair writes the provided certificate and private key +// writeCertificate writes the provided certificate and private key // to path.crt and path.key respectively. -func writeX509KeyPair(path string, crt, key []byte) error { +func writeCertificate(path string, cert tls.Certificate) error { + crt, err := marshalX509Certificate(cert.Leaf.Raw) + if err != nil { + return err + } + key, err := marshalPrivateKey(cert.PrivateKey) + if err != nil { + return err + } + // Write the certificate crtPath := path + ".crt" crtOut, err := os.OpenFile(crtPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) @@ -47,3 +59,25 @@ func writeX509KeyPair(path string, crt, key []byte) error { } return nil } + +// marshalX509Certificate returns a PEM-encoded version of the given raw certificate. +func marshalX509Certificate(cert []byte) ([]byte, error) { + var b bytes.Buffer + if err := pem.Encode(&b, &pem.Block{Type: "CERTIFICATE", Bytes: cert}); err != nil { + return nil, err + } + return b.Bytes(), nil +} + +// marshalPrivateKey returns PEM encoded versions of the given certificate and private key. +func marshalPrivateKey(priv interface{}) ([]byte, error) { + var b bytes.Buffer + privBytes, err := x509.MarshalPKCS8PrivateKey(priv) + if err != nil { + return nil, err + } + if err := pem.Encode(&b, &pem.Block{Type: "PRIVATE KEY", Bytes: privBytes}); err != nil { + return nil, err + } + return b.Bytes(), nil +} diff --git a/examples/server.go b/examples/server.go index 5892e16..c3b1e39 100644 --- a/examples/server.go +++ b/examples/server.go @@ -3,8 +3,12 @@ package main import ( + "bytes" "crypto/tls" + "crypto/x509" + "encoding/pem" "log" + "os" "time" "git.sr.ht/~adnano/gmi" @@ -22,22 +26,18 @@ func main() { case gmi.ErrCertificateExpired: log.Print("Old certificate expired, creating new one") // Generate a new certificate if the old one is expired. - crt, key, err := gmi.NewRawCertificate(hostname, time.Minute) + cert, err := gmi.NewCertificate(hostname, time.Minute) if err != nil { // Failed to generate new certificate, abort return nil } // Store and return the new certificate - err = writeX509KeyPair("/var/lib/gemini/certs/"+hostname, crt, key) + err = writeCertificate("/var/lib/gemini/certs/"+hostname, cert) if err != nil { return nil } - newCert, err := tls.X509KeyPair(crt, key) - if err != nil { - return nil - } - store.Add(hostname, newCert) - return &newCert + store.Add(hostname, cert) + return &cert } } return cert @@ -52,9 +52,18 @@ func main() { } } -// writeX509KeyPair writes the provided certificate and private key +// writeCertificate writes the provided certificate and private key // to path.crt and path.key respectively. -func writeX509KeyPair(path string, crt, key []byte) error { +func writeCertificate(path string, cert tls.Certificate) error { + crt, err := marshalX509Certificate(cert.Leaf.Raw) + if err != nil { + return err + } + key, err := marshalPrivateKey(cert.PrivateKey) + if err != nil { + return err + } + // Write the certificate crtPath := path + ".crt" crtOut, err := os.OpenFile(crtPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) @@ -76,3 +85,25 @@ func writeX509KeyPair(path string, crt, key []byte) error { } return nil } + +// marshalX509Certificate returns a PEM-encoded version of the given raw certificate. +func marshalX509Certificate(cert []byte) ([]byte, error) { + var b bytes.Buffer + if err := pem.Encode(&b, &pem.Block{Type: "CERTIFICATE", Bytes: cert}); err != nil { + return nil, err + } + return b.Bytes(), nil +} + +// marshalPrivateKey returns PEM encoded versions of the given certificate and private key. +func marshalPrivateKey(priv interface{}) ([]byte, error) { + var b bytes.Buffer + privBytes, err := x509.MarshalPKCS8PrivateKey(priv) + if err != nil { + return nil, err + } + if err := pem.Encode(&b, &pem.Block{Type: "PRIVATE KEY", Bytes: privBytes}); err != nil { + return nil, err + } + return b.Bytes(), nil +} |