From d99e3ed17c04ab10493854881c52ccf26623eca6 Mon Sep 17 00:00:00 2001
From: adnano <me@adnano.co>
Date: Tue, 13 Oct 2020 17:33:14 -0400
Subject: Remove NewRawCertificate function

---
 examples/cert.go   | 44 +++++++++++++++++++++++++++++++++++++++-----
 examples/server.go | 51 +++++++++++++++++++++++++++++++++++++++++----------
 2 files changed, 80 insertions(+), 15 deletions(-)

(limited to 'examples')

diff --git a/examples/cert.go b/examples/cert.go
index 7d3597d..4c16a01 100644
--- a/examples/cert.go
+++ b/examples/cert.go
@@ -3,6 +3,10 @@
 package main
 
 import (
+	"bytes"
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/pem"
 	"log"
 	"os"
 	"time"
@@ -13,19 +17,27 @@ import (
 func main() {
 	host := "localhost"
 	duration := 365 * 24 * time.Hour
-	crt, key, err := gmi.NewRawCertificate(host, duration)
+	cert, err := gmi.NewCertificate(host, duration)
 	if err != nil {
 		log.Fatal(err)
 	}
-
-	if err := writeX509KeyPair(host, crt, key); err != nil {
+	if err := writeCertificate(host, cert); err != nil {
 		log.Fatal(err)
 	}
 }
 
-// writeX509KeyPair writes the provided certificate and private key
+// writeCertificate writes the provided certificate and private key
 // to path.crt and path.key respectively.
-func writeX509KeyPair(path string, crt, key []byte) error {
+func writeCertificate(path string, cert tls.Certificate) error {
+	crt, err := marshalX509Certificate(cert.Leaf.Raw)
+	if err != nil {
+		return err
+	}
+	key, err := marshalPrivateKey(cert.PrivateKey)
+	if err != nil {
+		return err
+	}
+
 	// Write the certificate
 	crtPath := path + ".crt"
 	crtOut, err := os.OpenFile(crtPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
@@ -47,3 +59,25 @@ func writeX509KeyPair(path string, crt, key []byte) error {
 	}
 	return nil
 }
+
+// marshalX509Certificate returns a PEM-encoded version of the given raw certificate.
+func marshalX509Certificate(cert []byte) ([]byte, error) {
+	var b bytes.Buffer
+	if err := pem.Encode(&b, &pem.Block{Type: "CERTIFICATE", Bytes: cert}); err != nil {
+		return nil, err
+	}
+	return b.Bytes(), nil
+}
+
+// marshalPrivateKey returns PEM encoded versions of the given certificate and private key.
+func marshalPrivateKey(priv interface{}) ([]byte, error) {
+	var b bytes.Buffer
+	privBytes, err := x509.MarshalPKCS8PrivateKey(priv)
+	if err != nil {
+		return nil, err
+	}
+	if err := pem.Encode(&b, &pem.Block{Type: "PRIVATE KEY", Bytes: privBytes}); err != nil {
+		return nil, err
+	}
+	return b.Bytes(), nil
+}
diff --git a/examples/server.go b/examples/server.go
index 5892e16..c3b1e39 100644
--- a/examples/server.go
+++ b/examples/server.go
@@ -3,8 +3,12 @@
 package main
 
 import (
+	"bytes"
 	"crypto/tls"
+	"crypto/x509"
+	"encoding/pem"
 	"log"
+	"os"
 	"time"
 
 	"git.sr.ht/~adnano/gmi"
@@ -22,22 +26,18 @@ func main() {
 			case gmi.ErrCertificateExpired:
 				log.Print("Old certificate expired, creating new one")
 				// Generate a new certificate if the old one is expired.
-				crt, key, err := gmi.NewRawCertificate(hostname, time.Minute)
+				cert, err := gmi.NewCertificate(hostname, time.Minute)
 				if err != nil {
 					// Failed to generate new certificate, abort
 					return nil
 				}
 				// Store and return the new certificate
-				err = writeX509KeyPair("/var/lib/gemini/certs/"+hostname, crt, key)
+				err = writeCertificate("/var/lib/gemini/certs/"+hostname, cert)
 				if err != nil {
 					return nil
 				}
-				newCert, err := tls.X509KeyPair(crt, key)
-				if err != nil {
-					return nil
-				}
-				store.Add(hostname, newCert)
-				return &newCert
+				store.Add(hostname, cert)
+				return &cert
 			}
 		}
 		return cert
@@ -52,9 +52,18 @@ func main() {
 	}
 }
 
-// writeX509KeyPair writes the provided certificate and private key
+// writeCertificate writes the provided certificate and private key
 // to path.crt and path.key respectively.
-func writeX509KeyPair(path string, crt, key []byte) error {
+func writeCertificate(path string, cert tls.Certificate) error {
+	crt, err := marshalX509Certificate(cert.Leaf.Raw)
+	if err != nil {
+		return err
+	}
+	key, err := marshalPrivateKey(cert.PrivateKey)
+	if err != nil {
+		return err
+	}
+
 	// Write the certificate
 	crtPath := path + ".crt"
 	crtOut, err := os.OpenFile(crtPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
@@ -76,3 +85,25 @@ func writeX509KeyPair(path string, crt, key []byte) error {
 	}
 	return nil
 }
+
+// marshalX509Certificate returns a PEM-encoded version of the given raw certificate.
+func marshalX509Certificate(cert []byte) ([]byte, error) {
+	var b bytes.Buffer
+	if err := pem.Encode(&b, &pem.Block{Type: "CERTIFICATE", Bytes: cert}); err != nil {
+		return nil, err
+	}
+	return b.Bytes(), nil
+}
+
+// marshalPrivateKey returns PEM encoded versions of the given certificate and private key.
+func marshalPrivateKey(priv interface{}) ([]byte, error) {
+	var b bytes.Buffer
+	privBytes, err := x509.MarshalPKCS8PrivateKey(priv)
+	if err != nil {
+		return nil, err
+	}
+	if err := pem.Encode(&b, &pem.Block{Type: "PRIVATE KEY", Bytes: privBytes}); err != nil {
+		return nil, err
+	}
+	return b.Bytes(), nil
+}
-- 
cgit v1.2.3