Add standalone gencerts utility to create RPC TLS certificates.
This commit is contained in:
parent
035f8f82b7
commit
aec17304a0
1 changed files with 101 additions and 0 deletions
101
util/gencerts/gencerts.go
Normal file
101
util/gencerts/gencerts.go
Normal file
|
@ -0,0 +1,101 @@
|
||||||
|
// Copyright (c) 2013-2014 Conformal Systems LLC.
|
||||||
|
// Use of this source code is governed by an ISC
|
||||||
|
// license that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"github.com/conformal/btcutil"
|
||||||
|
"github.com/conformal/go-flags"
|
||||||
|
"io/ioutil"
|
||||||
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
"strings"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
type config struct {
|
||||||
|
Directory string `short:"d" long:"directory" description:"Directory to write certificate pair"`
|
||||||
|
Years int `short:"y" long:"years" description:"How many years a certificate is valid for"`
|
||||||
|
Organization string `short:"o" long:"org" description:"Organization in certificate"`
|
||||||
|
ExtraHosts []string `short:"H" long:"host" description:"Additional hosts/IPs to create certificate for"`
|
||||||
|
Force bool `short:"f" long:"force" description:"Force overwriting of any old certs and keys"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
cfg := config{
|
||||||
|
Years: 10,
|
||||||
|
Organization: "gencerts",
|
||||||
|
}
|
||||||
|
parser := flags.NewParser(&cfg, flags.Default)
|
||||||
|
_, err := parser.Parse()
|
||||||
|
if err != nil {
|
||||||
|
if e, ok := err.(*flags.Error); !ok || e.Type != flags.ErrHelp {
|
||||||
|
parser.WriteHelp(os.Stderr)
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if cfg.Directory == "" {
|
||||||
|
var err error
|
||||||
|
cfg.Directory, err = os.Getwd()
|
||||||
|
if err != nil {
|
||||||
|
fmt.Fprintf(os.Stderr, "No directory specified and Cannot get working directory\n")
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
cfg.Directory = cleanAndExpandPath(cfg.Directory)
|
||||||
|
certFile := filepath.Join(cfg.Directory, "rpc.cert")
|
||||||
|
keyFile := filepath.Join(cfg.Directory, "rpc.key")
|
||||||
|
|
||||||
|
if !cfg.Force {
|
||||||
|
if fileExists(certFile) || fileExists(keyFile) {
|
||||||
|
fmt.Fprintf(os.Stderr, "%v: certificate and/or key files exist; use -f to force\n", cfg.Directory)
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
validUntil := time.Now().Add(time.Duration(cfg.Years) * 365 * 24 * time.Hour)
|
||||||
|
cert, key, err := btcutil.NewTLSCertPair(cfg.Organization, validUntil, cfg.ExtraHosts)
|
||||||
|
if err != nil {
|
||||||
|
fmt.Fprintf(os.Stderr, "cannot generate certificate pair: %v\n", err)
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Write cert and key files.
|
||||||
|
if err = ioutil.WriteFile(certFile, cert, 0666); err != nil {
|
||||||
|
fmt.Fprintf(os.Stderr, "cannot write cert: %v\n", err)
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
|
if err = ioutil.WriteFile(keyFile, key, 0600); err != nil {
|
||||||
|
os.Remove(certFile)
|
||||||
|
fmt.Fprintf(os.Stderr, "cannot write key: %v\n", err)
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// cleanAndExpandPath expands environement variables and leading ~ in the
|
||||||
|
// passed path, cleans the result, and returns it.
|
||||||
|
func cleanAndExpandPath(path string) string {
|
||||||
|
// Expand initial ~ to OS specific home directory.
|
||||||
|
if strings.HasPrefix(path, "~") {
|
||||||
|
appHomeDir := btcutil.AppDataDir("gencerts", false)
|
||||||
|
homeDir := filepath.Dir(appHomeDir)
|
||||||
|
path = strings.Replace(path, "~", homeDir, 1)
|
||||||
|
}
|
||||||
|
|
||||||
|
// NOTE: The os.ExpandEnv doesn't work with Windows-style %VARIABLE%,
|
||||||
|
// but they variables can still be expanded via POSIX-style $VARIABLE.
|
||||||
|
return filepath.Clean(os.ExpandEnv(path))
|
||||||
|
}
|
||||||
|
|
||||||
|
// filesExists reports whether the named file or directory exists.
|
||||||
|
func fileExists(name string) bool {
|
||||||
|
if _, err := os.Stat(name); err != nil {
|
||||||
|
if os.IsNotExist(err) {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return true
|
||||||
|
}
|
Loading…
Reference in a new issue