Switch to btcutil for certificate generation.

This commit is contained in:
Josh Rickmar 2014-01-10 14:45:04 -05:00
parent 3a59e4d064
commit 035f8f82b7
2 changed files with 13 additions and 86 deletions

View file

@ -252,7 +252,7 @@ func (b *blockManager) handleDonePeerMsg(peers *list.List, p *peer) {
// Attempt to find a new peer to sync from if the quitting peer is the
// sync peer.
if b.syncPeer != nil && b.syncPeer == p {
if b.fetchingHeaders {
if b.fetchingHeaders {
b.fetchingHeaders = false
b.startBlock = nil
b.fetchBlock = nil

View file

@ -8,18 +8,11 @@ import (
"bytes"
"code.google.com/p/go.net/websocket"
"container/list"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/sha256"
_ "crypto/sha512" // for cert generation
"crypto/subtle"
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"encoding/base64"
"encoding/hex"
"encoding/pem"
"errors"
"fmt"
"github.com/conformal/btcchain"
@ -28,6 +21,7 @@ import (
"github.com/conformal/btcscript"
"github.com/conformal/btcutil"
"github.com/conformal/btcwire"
"io/ioutil"
"math/big"
"net"
"net/http"
@ -215,94 +209,27 @@ func (s *rpcServer) Stop() error {
return nil
}
// genkey generates a key/cert pair to the paths provided.
// TODO(oga) wrap errors with fmt.Errorf for more context?
func genKey(key, cert string) error {
// genCertPair generates a key/cert pair to the paths provided.
func genCertPair(certFile, keyFile string) error {
rpcsLog.Infof("Generating TLS certificates...")
priv, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
org := "btcd autogenerated cert"
validUntil := time.Now().Add(10 * 365 * 24 * time.Hour)
cert, key, err := btcutil.NewTLSCertPair(org, validUntil, nil)
if err != nil {
return err
}
notBefore := time.Now()
notAfter := notBefore.Add(10 * 365 * 24 * time.Hour)
// end of ASN.1 time
endOfTime := time.Date(2049, 12, 31, 23, 59, 59, 0, time.UTC)
if notAfter.After(endOfTime) {
notAfter = endOfTime
}
template := x509.Certificate{
SerialNumber: new(big.Int).SetInt64(0),
Subject: pkix.Name{
Organization: []string{"btcd autogenerated cert"},
},
NotBefore: notBefore,
NotAfter: notAfter,
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageCertSign,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
IsCA: true, // so can sign self.
BasicConstraintsValid: true,
}
host, err := os.Hostname()
if err != nil {
// Write cert and key files.
if err = ioutil.WriteFile(certFile, cert, 0666); err != nil {
return err
}
template.DNSNames = append(template.DNSNames, host, "localhost")
needLocalhost := true
addrs, err := net.InterfaceAddrs()
if err != nil {
if err = ioutil.WriteFile(keyFile, key, 0600); err != nil {
os.Remove(certFile)
return err
}
for _, a := range addrs {
ip, _, err := net.ParseCIDR(a.String())
if err == nil {
if ip.String() == "127.0.0.1" {
needLocalhost = false
}
template.IPAddresses = append(template.IPAddresses, ip)
}
}
if needLocalhost {
localHost := net.ParseIP("127.0.0.1")
template.IPAddresses = append(template.IPAddresses, localHost)
}
derBytes, err := x509.CreateCertificate(rand.Reader, &template,
&template, &priv.PublicKey, priv)
if err != nil {
fmt.Fprintf(os.Stderr, "Failed to create certificate: %v\n", err)
os.Exit(-1)
}
certOut, err := os.Create(cert)
if err != nil {
return err
}
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
certOut.Close()
keyOut, err := os.OpenFile(key, os.O_WRONLY|os.O_CREATE|os.O_TRUNC,
0600)
if err != nil {
os.Remove(cert)
return err
}
keybytes, err := x509.MarshalECPrivateKey(priv)
if err != nil {
os.Remove(key)
os.Remove(cert)
return err
}
pem.Encode(keyOut, &pem.Block{Type: "EC PRIVATE KEY", Bytes: keybytes})
keyOut.Close()
rpcsLog.Infof("Done generating TLS certificates")
return nil
}
@ -326,7 +253,7 @@ func newRPCServer(listenAddrs []string, s *server) (*rpcServer, error) {
// check for existence of cert file and key file
if !fileExists(cfg.RPCKey) && !fileExists(cfg.RPCCert) {
// if both files do not exist, we generate them.
err := genKey(cfg.RPCKey, cfg.RPCCert)
err := genCertPair(cfg.RPCCert, cfg.RPCKey)
if err != nil {
return nil, err
}