idk/reseed-tools
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases Wiki Activity

move key store to reseed

Browse Source
This commit is contained in:
Matt Drollette
2014-12-10 20:04:21 -06:00
parent ffbc13d6de
commit 9e2d1ad715
8 changed files with 110 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
cmd/keygen.go
View File

@@ -12,6 +12,7 @@ import (
"os"
"time"
"github.com/MDrollette/go-i2p/reseed"
"github.com/codegangsta/cli"
)
@@ -23,7 +24,7 @@ func NewKeygenCommand() cli.Command {
Action: keygenAction,
Flags: []cli.Flag{
cli.StringFlag{
Name: "signer",
Name: "email",
Usage: "Your email address (ex. something@mail.i2p)",
},
},
@@ -31,18 +32,29 @@ func NewKeygenCommand() cli.Command {
}
func keygenAction(c *cli.Context) {
//"CN=" + cname + ",OU=" + ou + ",O=I2P Anonymous Network,L=XX,ST=XX,C=XX",
signer := c.String("email")
if signer == "" {
log.Fatalln("You must specify an email address (ex. --email=something@mail.i2p)")
}
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil {
log.Fatalf("failed to generate serial number: %s", err)
}
template := &x509.Certificate{
BasicConstraintsValid: true,
IsCA: true,
SubjectKeyId: []byte{1, 2, 3},
SerialNumber: big.NewInt(1234),
SubjectKeyId: []byte(signer),
SerialNumber: serialNumber,
Subject: pkix.Name{
Organization: []string{"I2P Anonymous Network"},
OrganizationalUnit: []string{"I2P"},
Locality: []string{"XX"},
StreetAddress: []string{"XX"},
Country: []string{"XX"},
CommonName: signer,
},
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(10, 0, 0),
@@ -51,6 +63,7 @@ func keygenAction(c *cli.Context) {
}
// generate private key
fmt.Println("Generating keys. This may take a moment...")
privatekey, err := rsa.GenerateKey(rand.Reader, 4096)
if err != nil {
log.Fatalln(err)
@@ -78,11 +91,12 @@ func keygenAction(c *cli.Context) {
fmt.Println("private key saved to reseed_private.pem")
// save cert
certOut, err := os.Create("reseed_cert.pem")
filename := reseed.SignerFilename(signer)
certOut, err := os.Create(filename)
if err != nil {
log.Fatalf("failed to open reseed_cert.pem for writing: %s", err)
log.Fatalf("failed to open %s for writing: %s", filename, err)
}
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: cert})
certOut.Close()
fmt.Println("certificate saved to reseed_cert.pem")
fmt.Println("certificate saved to", filename)
}

10
cmd/verify.go
View File

@@ -4,6 +4,7 @@ import (
"fmt"
"os"
"github.com/MDrollette/go-i2p/reseed"
"github.com/MDrollette/go-i2p/su3"
"github.com/codegangsta/cli"
)
@@ -32,7 +33,14 @@ func su3VerifyAction(c *cli.Context) {
fmt.Println(su3File.String())
if err := su3File.VerifySignature(); nil != err {
// get the reseeder key
ks := reseed.KeyStore{Path: "./certificates"}
cert, err := ks.ReseederCertificate(su3File.SignerId)
if nil != err {
panic(err)
}
if err := su3File.VerifySignature(cert); nil != err {
panic(err)
}

13
cmd/verify_public.go
View File

@@ -7,6 +7,7 @@ import (
"net/http"
"sync"
"github.com/MDrollette/go-i2p/reseed"
"github.com/MDrollette/go-i2p/su3"
"github.com/codegangsta/cli"
)
@@ -57,7 +58,6 @@ func download(out chan *http.Response, urls []string) {
wg.Add(1)
go func(url string) {
defer wg.Done()
req, err := http.NewRequest("GET", fmt.Sprintf("%si2pseeds.su3", url), nil)
if err != nil {
log.Fatalln(err)
@@ -77,6 +77,8 @@ func download(out chan *http.Response, urls []string) {
}
func validate(in chan *http.Response) {
ks := reseed.KeyStore{Path: "./certificates"}
for resp := range in {
fmt.Printf("Validating: %s\n", resp.Request.URL)
@@ -92,7 +94,14 @@ func validate(in chan *http.Response) {
}
resp.Body.Close()
if err := su3File.VerifySignature(); nil != err {
cert, err := ks.ReseederCertificate(su3File.SignerId)
if nil != err {
fmt.Println("Invalid: Unable to find public key.", err)
fmt.Println("")
continue
}
if err := su3File.VerifySignature(cert); nil != err {
fmt.Println("Invalid: Unable to verify signature", err)
} else {
fmt.Printf("Valid: For signer '%s'\n", su3File.SignerId)