status-im
/
status-go
mirror of https://github.com/status-im/status-go.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Created dedicated Exported funcs for x509 cert and pem generation (#2601)

This commit is contained in:
Samuel Hawksby-Robinson 2022-03-28 13:37:58 +01:00 committed by GitHub
parent 8a5f77dc37
commit b8f309a47c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 52 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
server/certs.go Normal file
View File

@ -0,0 +1,50 @@
package server
import (
"crypto/ecdsa"
"crypto/rand"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"math/big"
"time"
)
func GenerateX509Cert(from, to time.Time) (*x509.Certificate, error) {
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil {
return nil, err
}
template := &x509.Certificate{
SerialNumber: serialNumber,
Subject: pkix.Name{Organization: []string{"Self-signed cert"}},
NotBefore: from,
NotAfter: to,
DNSNames: []string{"localhost"},
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
IsCA: true,
}
return template, nil
}
func GenerateX509PEMs(cert *x509.Certificate, key *ecdsa.PrivateKey) (certPem, keyPem []byte, err error) {
derBytes, err := x509.CreateCertificate(rand.Reader, cert, cert, &key.PublicKey, key)
if err != nil {
return
}
certPem = pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
privBytes, err := x509.MarshalPKCS8PrivateKey(key)
if err != nil {
return
}
keyPem = pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: privBytes})
return
}

33
server/server.go
View File

@ -6,12 +6,8 @@ import (
"crypto/elliptic" "crypto/elliptic"
"crypto/rand" "crypto/rand"
"crypto/tls" "crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"database/sql" "database/sql"
"encoding/pem"
"fmt" "fmt"
"math/big"
"net" "net"
"net/http" "net/http"
"time" "time"
@ -31,7 +27,6 @@ func generateTLSCert() error {
} }
priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil { if err != nil {
return err return err
} }
@ -39,41 +34,17 @@ func generateTLSCert() error {
notBefore := time.Now() notBefore := time.Now()
notAfter := notBefore.Add(365 * 24 * time.Hour) notAfter := notBefore.Add(365 * 24 * time.Hour)
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) cert, err := GenerateX509Cert(notBefore, notAfter)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil { if err != nil {
return err return err
} }
template := x509.Certificate{ certPem, keyPem, err := GenerateX509PEMs(cert, priv)
SerialNumber: serialNumber,
Subject: pkix.Name{Organization: []string{"Self-signed cert"}},
NotBefore: notBefore,
NotAfter: notAfter,
DNSNames: []string{"localhost"},
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
IsCA: true,
}
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
if err != nil { if err != nil {
return err return err
} }
certPem := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
privBytes, err := x509.MarshalPKCS8PrivateKey(priv)
if err != nil {
return err
}
keyPem := pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: privBytes})
finalCert, err := tls.X509KeyPair(certPem, keyPem) finalCert, err := tls.X509KeyPair(certPem, keyPem)
if err != nil { if err != nil {
return err return err
} }