paadi/tecamino-dbm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

change selfsigned cert to work with firefox
All checks were successful
Build DBM Service / build (amd64, , linux) (push) Successful in 2m2s
Details
Build DBM Service / build (amd64, .exe, windows) (push) Successful in 1m52s
Details
Build DBM Service / build (arm, 6, , linux) (push) Successful in 1m57s
Details
Build DBM Service / build (arm64, , linux) (push) Successful in 1m52s
Details

Browse Source
This commit is contained in:
Adrian Zürcher
2026-02-19 08:41:15 +01:00
parent 5990e8ee11
commit d515e2d9d7
2 changed files with 148 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

162
cert/cert.go
View File

@@ -7,6 +7,7 @@ import (
"crypto/x509/pkix" "crypto/x509/pkix"
"encoding/pem" "encoding/pem"
"math/big" "math/big"
"net"
"os" "os"
"path" "path"
"time" "time"
@@ -35,65 +36,142 @@ func (c *Cert) GenerateSelfSignedCert() error {
return nil return nil
} }
priv, err := rsa.GenerateKey(rand.Reader, 2048) caCert, caKey, err := createCA()
if err != nil { if err != nil {
return err return err
} }
serialNumber, _ := rand.Int(rand.Reader, big.NewInt(1<<62)) serverCert, serverKey, err := createServerCert(caCert, caKey)
template := x509.Certificate{
SerialNumber: serialNumber,
Subject: pkix.Name{
CommonName: "localhost",
Organization: []string{c.Organization},
},
NotBefore: time.Now(),
NotAfter: time.Now().Add(365 * 24 * time.Hour),
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
DNSNames: []string{"localhost"},
}
certDER, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
if err != nil { if err != nil {
return err return err
} }
if _, err := os.Stat(path.Dir(c.CertFile)); os.IsNotExist(err) { if err := os.MkdirAll(path.Dir(c.CertFile), 0700); err != nil {
os.MkdirAll(path.Dir(c.CertFile), 0700)
}
certOut, err := os.Create(c.CertFile)
if err != nil {
return err
}
defer certOut.Close()
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: certDER})
// Set permission to 0600 (read/write by owner only)
if err := os.Chmod(c.CertFile, 0600); err != nil {
return err return err
} }
if _, err := os.Stat(path.Dir(c.KeyFile)); os.IsNotExist(err) { if err := os.MkdirAll(path.Dir(c.KeyFile), 0700); err != nil {
os.MkdirAll(path.Dir(c.KeyFile), 0700)
}
keyOut, err := os.Create(c.KeyFile)
if err != nil {
return err return err
} }
defer keyOut.Close()
pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}) if err := saveCert(c.CertFile, serverCert.Raw); err != nil {
return err
}
// Set permission to 0600 (read/write by owner only) if err := saveKey(c.KeyFile, serverKey); err != nil {
if err := os.Chmod(c.KeyFile, 0600); err != nil {
return err return err
} }
return nil return nil
} }
func createCA() (*x509.Certificate, *rsa.PrivateKey, error) {
priv, _ := rsa.GenerateKey(rand.Reader, 2048)
serial, _ := rand.Int(rand.Reader, big.NewInt(1<<62))
template := x509.Certificate{
SerialNumber: serial,
Subject: pkix.Name{
CommonName: "Local Dev CA",
},
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(10, 0, 0),
KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign,
BasicConstraintsValid: true,
IsCA: true,
}
certDER, _ := x509.CreateCertificate(
rand.Reader,
&template,
&template,
&priv.PublicKey,
priv,
)
cert, _ := x509.ParseCertificate(certDER)
return cert, priv, nil
}
func createServerCert(
ca *x509.Certificate,
caKey *rsa.PrivateKey,
) (*x509.Certificate, *rsa.PrivateKey, error) {
priv, _ := rsa.GenerateKey(rand.Reader, 2048)
serial, _ := rand.Int(rand.Reader, big.NewInt(1<<62))
template := x509.Certificate{
SerialNumber: serial,
Subject: pkix.Name{
CommonName: "localhost",
},
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(1, 0, 0),
KeyUsage: x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
DNSNames: []string{
"localhost",
"lvh.me",
},
IPAddresses: []net.IP{
net.ParseIP("127.0.0.1"),
net.ParseIP("::1"),
},
}
certDER, _ := x509.CreateCertificate(
rand.Reader,
&template,
ca,
&priv.PublicKey,
caKey,
)
cert, _ := x509.ParseCertificate(certDER)
return cert, priv, nil
}
func saveCert(path string, der []byte) error {
file, err := os.Create(path)
if err != nil {
return err
}
defer file.Close()
if err := pem.Encode(file, &pem.Block{
Type: "CERTIFICATE",
Bytes: der,
}); err != nil {
return err
}
return os.Chmod(path, 0600)
}
func saveKey(path string, key *rsa.PrivateKey) error {
file, err := os.Create(path)
if err != nil {
return err
}
defer file.Close()
if err := pem.Encode(file, &pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(key),
}); err != nil {
return err
}
return os.Chmod(path, 0600)
}

28
test/dbm_test.go
View File

@@ -3,6 +3,7 @@ package test
import ( import (
"fmt" "fmt"
"math/rand" "math/rand"
"os"
"runtime" "runtime"
"testing" "testing"
"time" "time"
@@ -146,3 +147,30 @@ func TestServer(t *testing.T) {
t.Fatal(server.ServeHttp("http://localhost", 8100)) t.Fatal(server.ServeHttp("http://localhost", 8100))
} }
func TestCreateCerts(t *testing.T) {
certFile := "cert.pem"
keyFile := "key.pem"
defer func() {
err := os.Remove(certFile)
if err != nil {
t.Fatal(err)
}
err = os.Remove(keyFile)
if err != nil {
t.Fatal(err)
}
}()
t.Log("test create certificates")
cert := cert.Cert{
Organization: "tecamino",
CertFile: certFile,
KeyFile: keyFile,
}
if err := cert.GenerateSelfSignedCert(); err != nil {
t.Fatal(err)
}
}