Skip to content

Commit 75ed0d4

Browse files
committed
feat: generate self signed certs if no certs are detected
1 parent aab797e commit 75ed0d4

File tree

4 files changed

+92
-1
lines changed

4 files changed

+92
-1
lines changed

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1 +1,2 @@
11
certs/**
2+
!certs/*.go

certs/generate-certs.go

Lines changed: 80 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,80 @@
1+
package certs
2+
3+
import (
4+
"crypto/ecdsa"
5+
"crypto/elliptic"
6+
"crypto/rand"
7+
"crypto/x509"
8+
"crypto/x509/pkix"
9+
"encoding/pem"
10+
"fmt"
11+
"math/big"
12+
"os"
13+
"time"
14+
)
15+
16+
func CreateSelfSignedCert(certFile, keyFile string) error {
17+
// Generate a private key
18+
priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
19+
if err != nil {
20+
return fmt.Errorf("failed to generate private key: %v", err)
21+
}
22+
23+
// Create a certificate template
24+
notBefore := time.Now()
25+
notAfter := notBefore.Add(365 * 24 * time.Hour)
26+
27+
serialNumber, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
28+
if err != nil {
29+
return fmt.Errorf("failed to generate serial number: %v", err)
30+
}
31+
32+
template := x509.Certificate{
33+
SerialNumber: serialNumber,
34+
Subject: pkix.Name{
35+
Organization: []string{"Self-Signed Co"},
36+
},
37+
NotBefore: notBefore,
38+
NotAfter: notAfter,
39+
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
40+
ExtKeyUsage: []x509.ExtKeyUsage{
41+
x509.ExtKeyUsageServerAuth,
42+
},
43+
BasicConstraintsValid: true,
44+
}
45+
46+
// Generate a self-signed certificate
47+
certDER, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
48+
if err != nil {
49+
return fmt.Errorf("failed to create certificate: %v", err)
50+
}
51+
52+
// Save the certificate to certFile
53+
certOut, err := os.Create(certFile)
54+
if err != nil {
55+
return fmt.Errorf("failed to open cert.pem for writing: %v", err)
56+
}
57+
defer certOut.Close()
58+
59+
if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: certDER}); err != nil {
60+
return fmt.Errorf("failed to write data to cert.pem: %v", err)
61+
}
62+
63+
// Save the private key to keyFile
64+
keyOut, err := os.Create(keyFile)
65+
if err != nil {
66+
return fmt.Errorf("failed to open key.pem for writing: %v", err)
67+
}
68+
defer keyOut.Close()
69+
70+
privBytes, err := x509.MarshalECPrivateKey(priv)
71+
if err != nil {
72+
return fmt.Errorf("failed to marshal private key: %v", err)
73+
}
74+
if err := pem.Encode(keyOut, &pem.Block{Type: "EC PRIVATE KEY", Bytes: privBytes}); err != nil {
75+
return fmt.Errorf("failed to write data to key.pem: %v", err)
76+
}
77+
78+
fmt.Println("Successfully created self-signed certificate and private key.")
79+
return nil
80+
}

config.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,11 @@ general:
22
debug: true
33
production: false
44
network:
5-
forcehttp: true
65
fqdn: 0.0.0.0
76
port: 8080
87
ssl: true
98
ssl-config:
9+
redirecthttp: true
1010
allowselfsigned: true
1111
certificatepath: ./certs/testing.crt
1212
privatekeypath: ./certs/testing.key

main.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ import (
55
"fmt"
66
"os"
77
"os/signal"
8+
"packagelock/certs"
89
"packagelock/config"
910
"packagelock/server"
1011
"syscall"
@@ -30,6 +31,15 @@ func main() {
3031
config.Config.SetDefault("general.app-version", AppVersion)
3132
}
3233

34+
if _, err := os.Stat(config.Config.GetString("network.ssl-config.certificatepath")); os.IsNotExist(err) {
35+
fmt.Println("Certificate files missing, creating new self-signed.")
36+
err := certs.CreateSelfSignedCert(config.Config.GetString("network.ssl-config.certificatepath"), config.Config.GetString("network.ssl-config.privatekeypath"))
37+
if err != nil {
38+
fmt.Printf("Error creating self-signed certificate: %v\n", err)
39+
return
40+
}
41+
}
42+
3343
fmt.Println(config.Config.AllSettings())
3444

3545
// Channel to signal the restart

0 commit comments

Comments
 (0)