Switch to btcutil for certificate generation.
This commit is contained in:
parent
3a59e4d064
commit
035f8f82b7
2 changed files with 13 additions and 86 deletions
|
@ -252,7 +252,7 @@ func (b *blockManager) handleDonePeerMsg(peers *list.List, p *peer) {
|
|||
// Attempt to find a new peer to sync from if the quitting peer is the
|
||||
// sync peer.
|
||||
if b.syncPeer != nil && b.syncPeer == p {
|
||||
if b.fetchingHeaders {
|
||||
if b.fetchingHeaders {
|
||||
b.fetchingHeaders = false
|
||||
b.startBlock = nil
|
||||
b.fetchBlock = nil
|
||||
|
|
97
rpcserver.go
97
rpcserver.go
|
@ -8,18 +8,11 @@ import (
|
|||
"bytes"
|
||||
"code.google.com/p/go.net/websocket"
|
||||
"container/list"
|
||||
"crypto/ecdsa"
|
||||
"crypto/elliptic"
|
||||
"crypto/rand"
|
||||
"crypto/sha256"
|
||||
_ "crypto/sha512" // for cert generation
|
||||
"crypto/subtle"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"crypto/x509/pkix"
|
||||
"encoding/base64"
|
||||
"encoding/hex"
|
||||
"encoding/pem"
|
||||
"errors"
|
||||
"fmt"
|
||||
"github.com/conformal/btcchain"
|
||||
|
@ -28,6 +21,7 @@ import (
|
|||
"github.com/conformal/btcscript"
|
||||
"github.com/conformal/btcutil"
|
||||
"github.com/conformal/btcwire"
|
||||
"io/ioutil"
|
||||
"math/big"
|
||||
"net"
|
||||
"net/http"
|
||||
|
@ -215,94 +209,27 @@ func (s *rpcServer) Stop() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// genkey generates a key/cert pair to the paths provided.
|
||||
// TODO(oga) wrap errors with fmt.Errorf for more context?
|
||||
func genKey(key, cert string) error {
|
||||
// genCertPair generates a key/cert pair to the paths provided.
|
||||
func genCertPair(certFile, keyFile string) error {
|
||||
rpcsLog.Infof("Generating TLS certificates...")
|
||||
priv, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
|
||||
|
||||
org := "btcd autogenerated cert"
|
||||
validUntil := time.Now().Add(10 * 365 * 24 * time.Hour)
|
||||
cert, key, err := btcutil.NewTLSCertPair(org, validUntil, nil)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
notBefore := time.Now()
|
||||
notAfter := notBefore.Add(10 * 365 * 24 * time.Hour)
|
||||
|
||||
// end of ASN.1 time
|
||||
endOfTime := time.Date(2049, 12, 31, 23, 59, 59, 0, time.UTC)
|
||||
if notAfter.After(endOfTime) {
|
||||
notAfter = endOfTime
|
||||
}
|
||||
|
||||
template := x509.Certificate{
|
||||
SerialNumber: new(big.Int).SetInt64(0),
|
||||
Subject: pkix.Name{
|
||||
Organization: []string{"btcd autogenerated cert"},
|
||||
},
|
||||
NotBefore: notBefore,
|
||||
NotAfter: notAfter,
|
||||
|
||||
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageCertSign,
|
||||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
|
||||
IsCA: true, // so can sign self.
|
||||
BasicConstraintsValid: true,
|
||||
}
|
||||
|
||||
host, err := os.Hostname()
|
||||
if err != nil {
|
||||
// Write cert and key files.
|
||||
if err = ioutil.WriteFile(certFile, cert, 0666); err != nil {
|
||||
return err
|
||||
}
|
||||
template.DNSNames = append(template.DNSNames, host, "localhost")
|
||||
|
||||
needLocalhost := true
|
||||
addrs, err := net.InterfaceAddrs()
|
||||
if err != nil {
|
||||
if err = ioutil.WriteFile(keyFile, key, 0600); err != nil {
|
||||
os.Remove(certFile)
|
||||
return err
|
||||
}
|
||||
for _, a := range addrs {
|
||||
ip, _, err := net.ParseCIDR(a.String())
|
||||
if err == nil {
|
||||
if ip.String() == "127.0.0.1" {
|
||||
needLocalhost = false
|
||||
}
|
||||
template.IPAddresses = append(template.IPAddresses, ip)
|
||||
}
|
||||
}
|
||||
if needLocalhost {
|
||||
localHost := net.ParseIP("127.0.0.1")
|
||||
template.IPAddresses = append(template.IPAddresses, localHost)
|
||||
}
|
||||
|
||||
derBytes, err := x509.CreateCertificate(rand.Reader, &template,
|
||||
&template, &priv.PublicKey, priv)
|
||||
if err != nil {
|
||||
fmt.Fprintf(os.Stderr, "Failed to create certificate: %v\n", err)
|
||||
os.Exit(-1)
|
||||
}
|
||||
|
||||
certOut, err := os.Create(cert)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
|
||||
certOut.Close()
|
||||
|
||||
keyOut, err := os.OpenFile(key, os.O_WRONLY|os.O_CREATE|os.O_TRUNC,
|
||||
0600)
|
||||
if err != nil {
|
||||
os.Remove(cert)
|
||||
return err
|
||||
}
|
||||
keybytes, err := x509.MarshalECPrivateKey(priv)
|
||||
if err != nil {
|
||||
os.Remove(key)
|
||||
os.Remove(cert)
|
||||
return err
|
||||
}
|
||||
pem.Encode(keyOut, &pem.Block{Type: "EC PRIVATE KEY", Bytes: keybytes})
|
||||
keyOut.Close()
|
||||
|
||||
rpcsLog.Infof("Done generating TLS certificates")
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -326,7 +253,7 @@ func newRPCServer(listenAddrs []string, s *server) (*rpcServer, error) {
|
|||
// check for existence of cert file and key file
|
||||
if !fileExists(cfg.RPCKey) && !fileExists(cfg.RPCCert) {
|
||||
// if both files do not exist, we generate them.
|
||||
err := genKey(cfg.RPCKey, cfg.RPCCert)
|
||||
err := genCertPair(cfg.RPCCert, cfg.RPCKey)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
Loading…
Add table
Reference in a new issue