cleaned up keygen

cmd/keygen.go

@@ -6,10 +6,11 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
-	"io/ioutil"
 	"log"
+	"os"
 	"strings"
 
+	"github.com/MDrollette/go-i2p/reseed"
 	"github.com/MDrollette/go-i2p/su3"
 	"github.com/codegangsta/cli"
 )
@@ -22,11 +23,11 @@ func NewKeygenCommand() cli.Command {
 		Flags: []cli.Flag{
 			cli.StringFlag{
 				Name:  "signer",
-				Usage: "Your su3 signing ID (ex. something@mail.i2p)",
+				Usage: "Generate a private key and certificate for the given su3 signing ID (ex. something@mail.i2p)",
 			},
 			cli.StringFlag{
 				Name:  "host",
-				Usage: "Hostname to use for self-signed TLS certificate",
+				Usage: "Generate a self-signed TLS certificate and private key for the given host",
 			},
 		},
 	}
@@ -34,13 +35,24 @@ func NewKeygenCommand() cli.Command {
 
 func keygenAction(c *cli.Context) {
 	signerId := c.String("signer")
-	if signerId == "" {
-		fmt.Println("--signer is required")
-		return
+	host := c.String("host")
+
+	if signerId == "" && host == "" {
+		log.Fatalln("You must specify either a --host or a --signer")
 	}
 
+	if signerId != "" {
+		createSigner(signerId)
+	}
+
+	if host != "" {
+		createTLSCertificate(host)
+	}
+}
+
+func createSigner(signerId string) {
 	// generate private key
-	fmt.Println("Generating keys. This may take a moment...")
+	fmt.Println("Generating signing keys. This may take a minute...")
 	signerKey, err := rsa.GenerateKey(rand.Reader, 4096)
 	if err != nil {
 		log.Fatalln(err)
@@ -48,17 +60,53 @@ func keygenAction(c *cli.Context) {
 
 	signerCert, err := su3.NewSigningCertificate(signerId, signerKey)
 
-	// save private key
-	privFile := strings.Replace(signerId, "@", "_at_", 1) + ".pem"
-	if ioutil.WriteFile(privFile, pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(signerKey)}), 0600); err != nil {
-		log.Fatalln(err)
-	}
-	fmt.Println("private key saved to:", privFile)
-
 	// save cert
 	certFile := strings.Replace(signerId, "@", "_at_", 1) + ".crt"
-	if ioutil.WriteFile(certFile, pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: signerCert}), 0755); err != nil {
+	certOut, err := os.Create(certFile)
+	if err != nil {
+		log.Printf("failed to open %s for writing\n", certFile)
 		log.Fatalln(err)
 	}
-	fmt.Println("certificate saved to", certFile)
+	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: signerCert})
+	certOut.Close()
+	fmt.Println("signing certificate saved to:", certFile)
+
+	// save signing private key
+	privFile := strings.Replace(signerId, "@", "_at_", 1) + ".pem"
+	keyOut, err := os.OpenFile(privFile, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+	if err != nil {
+		log.Printf("failed to open %s for writing\n", privFile)
+		log.Fatalln(err)
+	}
+	pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(signerKey)})
+	keyOut.Close()
+	fmt.Println("signing private key saved to:", privFile)
+}
+
+func createTLSCertificate(host string) {
+	fmt.Println("Generating TLS keys. This may take a minute...")
+	priv, err := rsa.GenerateKey(rand.Reader, 4096)
+	if err != nil {
+		log.Fatalln("failed to generate TLS private key:", err)
+	}
+
+	tlsCert, err := reseed.NewTLSCertificate(host, priv)
+
+	// save the TLS certificate
+	certOut, err := os.Create("tls_cert.pem")
+	if err != nil {
+		log.Fatalln("failed to open tls_cert.pem for writing:", err)
+	}
+	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: tlsCert})
+	certOut.Close()
+	fmt.Println("TLS certificate saved to: tls_cert.pem")
+
+	// save the TLS private key
+	keyOut, err := os.OpenFile("tls_key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+	if err != nil {
+		log.Fatalln("failed to open tls_key.pem for writing:", err)
+	}
+	pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
+	keyOut.Close()
+	fmt.Println("TLS private key saved to: tls_key.pem")
 }