Switch to btcutil for certificate generation.

2014-01-10 14:45:04 -05:00 · 2014-01-10 14:45:04 -05:00 · 035f8f82b7
commit 035f8f82b7
parent 3a59e4d064
2 changed files with 13 additions and 86 deletions
--- a/blockmanager.go
+++ b/blockmanager.go
@ -252,7 +252,7 @@ func (b *blockManager) handleDonePeerMsg(peers *list.List, p *peer) {
 	// Attempt to find a new peer to sync from if the quitting peer is the
 	// sync peer.
 	if b.syncPeer != nil && b.syncPeer == p {
-		if b.fetchingHeaders  {
+		if b.fetchingHeaders {
 			b.fetchingHeaders = false
 			b.startBlock = nil
 			b.fetchBlock = nil
--- a/rpcserver.go
+++ b/rpcserver.go
@ -8,18 +8,11 @@ import (
 	"bytes"
 	"code.google.com/p/go.net/websocket"
 	"container/list"
-	"crypto/ecdsa"
-	"crypto/elliptic"
-	"crypto/rand"
 	"crypto/sha256"
-	_ "crypto/sha512" // for cert generation
 	"crypto/subtle"
 	"crypto/tls"
-	"crypto/x509"
-	"crypto/x509/pkix"
 	"encoding/base64"
 	"encoding/hex"
-	"encoding/pem"
 	"errors"
 	"fmt"
 	"github.com/conformal/btcchain"
@ -28,6 +21,7 @@ import (
 	"github.com/conformal/btcscript"
 	"github.com/conformal/btcutil"
 	"github.com/conformal/btcwire"
+	"io/ioutil"
 	"math/big"
 	"net"
 	"net/http"
@ -215,94 +209,27 @@ func (s *rpcServer) Stop() error {
 	return nil
 }

-// genkey generates a key/cert pair to the paths provided.
-// TODO(oga) wrap errors with fmt.Errorf for more context?
-func genKey(key, cert string) error {
+// genCertPair generates a key/cert pair to the paths provided.
+func genCertPair(certFile, keyFile string) error {
 	rpcsLog.Infof("Generating TLS certificates...")
-	priv, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
+
+	org := "btcd autogenerated cert"
+	validUntil := time.Now().Add(10 * 365 * 24 * time.Hour)
+	cert, key, err := btcutil.NewTLSCertPair(org, validUntil, nil)
 	if err != nil {
 		return err
 	}

-	notBefore := time.Now()
-	notAfter := notBefore.Add(10 * 365 * 24 * time.Hour)
-
-	// end of ASN.1 time
-	endOfTime := time.Date(2049, 12, 31, 23, 59, 59, 0, time.UTC)
-	if notAfter.After(endOfTime) {
-		notAfter = endOfTime
-	}
-
-	template := x509.Certificate{
-		SerialNumber: new(big.Int).SetInt64(0),
-		Subject: pkix.Name{
-			Organization: []string{"btcd autogenerated cert"},
-		},
-		NotBefore: notBefore,
-		NotAfter:  notAfter,
-
-		KeyUsage:    x509.KeyUsageKeyEncipherment | x509.KeyUsageCertSign,
-		ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
-		IsCA:        true, // so can sign self.
-		BasicConstraintsValid: true,
-	}
-
-	host, err := os.Hostname()
-	if err != nil {
+	// Write cert and key files.
+	if err = ioutil.WriteFile(certFile, cert, 0666); err != nil {
 		return err
 	}
-	template.DNSNames = append(template.DNSNames, host, "localhost")
-
-	needLocalhost := true
-	addrs, err := net.InterfaceAddrs()
-	if err != nil {
+	if err = ioutil.WriteFile(keyFile, key, 0600); err != nil {
+		os.Remove(certFile)
 		return err
 	}
-	for _, a := range addrs {
-		ip, _, err := net.ParseCIDR(a.String())
-		if err == nil {
-			if ip.String() == "127.0.0.1" {
-				needLocalhost = false
-			}
-			template.IPAddresses = append(template.IPAddresses, ip)
-		}
-	}
-	if needLocalhost {
-		localHost := net.ParseIP("127.0.0.1")
-		template.IPAddresses = append(template.IPAddresses, localHost)
-	}
-
-	derBytes, err := x509.CreateCertificate(rand.Reader, &template,
-		&template, &priv.PublicKey, priv)
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "Failed to create certificate: %v\n", err)
-		os.Exit(-1)
-	}
-
-	certOut, err := os.Create(cert)
-	if err != nil {
-		return err
-	}
-	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
-	certOut.Close()
-
-	keyOut, err := os.OpenFile(key, os.O_WRONLY|os.O_CREATE|os.O_TRUNC,
-		0600)
-	if err != nil {
-		os.Remove(cert)
-		return err
-	}
-	keybytes, err := x509.MarshalECPrivateKey(priv)
-	if err != nil {
-		os.Remove(key)
-		os.Remove(cert)
-		return err
-	}
-	pem.Encode(keyOut, &pem.Block{Type: "EC PRIVATE KEY", Bytes: keybytes})
-	keyOut.Close()

 	rpcsLog.Infof("Done generating TLS certificates")
-
 	return nil
 }

@ -326,7 +253,7 @@ func newRPCServer(listenAddrs []string, s *server) (*rpcServer, error) {
 	// check for existence of cert file and key file
 	if !fileExists(cfg.RPCKey) && !fileExists(cfg.RPCCert) {
 		// if both files do not exist, we generate them.
-		err := genKey(cfg.RPCKey, cfg.RPCCert)
+		err := genCertPair(cfg.RPCCert, cfg.RPCKey)
 		if err != nil {
 			return nil, err
 		}