113 lines
3.0 KiB
Go
113 lines
3.0 KiB
Go
package cmd
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"crypto/x509"
|
|
"encoding/pem"
|
|
"fmt"
|
|
"log"
|
|
"os"
|
|
"strings"
|
|
|
|
"github.com/MDrollette/go-i2p/reseed"
|
|
"github.com/MDrollette/go-i2p/su3"
|
|
"github.com/codegangsta/cli"
|
|
)
|
|
|
|
func NewKeygenCommand() cli.Command {
|
|
return cli.Command{
|
|
Name: "keygen",
|
|
Usage: "Generate keys for reseed su3 signing and TLS serving.",
|
|
Action: keygenAction,
|
|
Flags: []cli.Flag{
|
|
cli.StringFlag{
|
|
Name: "signer",
|
|
Usage: "Generate a private key and certificate for the given su3 signing ID (ex. something@mail.i2p)",
|
|
},
|
|
cli.StringFlag{
|
|
Name: "host",
|
|
Usage: "Generate a self-signed TLS certificate and private key for the given host",
|
|
},
|
|
},
|
|
}
|
|
}
|
|
|
|
func keygenAction(c *cli.Context) {
|
|
signerId := c.String("signer")
|
|
host := c.String("host")
|
|
|
|
if signerId == "" && host == "" {
|
|
log.Fatalln("You must specify either a --host or a --signer")
|
|
}
|
|
|
|
if signerId != "" {
|
|
createSigner(signerId)
|
|
}
|
|
|
|
if host != "" {
|
|
createTLSCertificate(host)
|
|
}
|
|
}
|
|
|
|
func createSigner(signerId string) {
|
|
// generate private key
|
|
fmt.Println("Generating signing keys. This may take a minute...")
|
|
signerKey, err := rsa.GenerateKey(rand.Reader, 4096)
|
|
if err != nil {
|
|
log.Fatalln(err)
|
|
}
|
|
|
|
signerCert, err := su3.NewSigningCertificate(signerId, signerKey)
|
|
|
|
// save cert
|
|
certFile := strings.Replace(signerId, "@", "_at_", 1) + ".crt"
|
|
certOut, err := os.Create(certFile)
|
|
if err != nil {
|
|
log.Printf("failed to open %s for writing\n", certFile)
|
|
log.Fatalln(err)
|
|
}
|
|
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: signerCert})
|
|
certOut.Close()
|
|
fmt.Println("signing certificate saved to:", certFile)
|
|
|
|
// save signing private key
|
|
privFile := strings.Replace(signerId, "@", "_at_", 1) + ".pem"
|
|
keyOut, err := os.OpenFile(privFile, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
|
|
if err != nil {
|
|
log.Printf("failed to open %s for writing\n", privFile)
|
|
log.Fatalln(err)
|
|
}
|
|
pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(signerKey)})
|
|
keyOut.Close()
|
|
fmt.Println("signing private key saved to:", privFile)
|
|
}
|
|
|
|
func createTLSCertificate(host string) {
|
|
fmt.Println("Generating TLS keys. This may take a minute...")
|
|
priv, err := rsa.GenerateKey(rand.Reader, 4096)
|
|
if err != nil {
|
|
log.Fatalln("failed to generate TLS private key:", err)
|
|
}
|
|
|
|
tlsCert, err := reseed.NewTLSCertificate(host, priv)
|
|
|
|
// save the TLS certificate
|
|
certOut, err := os.Create("tls_cert.pem")
|
|
if err != nil {
|
|
log.Fatalln("failed to open tls_cert.pem for writing:", err)
|
|
}
|
|
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: tlsCert})
|
|
certOut.Close()
|
|
fmt.Println("TLS certificate saved to: tls_cert.pem")
|
|
|
|
// save the TLS private key
|
|
keyOut, err := os.OpenFile("tls_key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
|
|
if err != nil {
|
|
log.Fatalln("failed to open tls_key.pem for writing:", err)
|
|
}
|
|
pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
|
|
keyOut.Close()
|
|
fmt.Println("TLS private key saved to: tls_key.pem")
|
|
}
|