Add client cert handling

This commit is contained in:
Melon 2022-03-13 02:24:11 +00:00
parent 8c8c8966e0
commit c86bc8d7e1
Signed by: melon
GPG Key ID: B0ADD5395BCDAAB6
4 changed files with 67 additions and 9 deletions

6
.idea/vcs.xml Normal file
View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="VcsDirectoryMappings">
<mapping directory="$PROJECT_DIR$" vcs="Git" />
</component>
</project>

4
ca.go
View File

@ -15,11 +15,11 @@ func MakeCaTls() (*CertGen, error) {
ca := &x509.Certificate{
SerialNumber: big.NewInt(29052019),
Subject: pkix.Name{
Organization: []string{"Ski Creds Server"},
Organization: []string{"Ski Creds CA"},
Country: []string{"GB"},
Province: []string{""},
Locality: []string{"London"},
CommonName: "ski-creds-server",
CommonName: "ski-creds-ca",
},
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(10, 0, 0),

52
client.go Normal file
View File

@ -0,0 +1,52 @@
package certgen
import (
"crypto/rand"
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"log"
"math/big"
"time"
)
func MakeClientTls() (*CertGen, error) {
cert := &x509.Certificate{
SerialNumber: big.NewInt(29052019),
Subject: pkix.Name{
Organization: []string{"Ski Creds Client"},
Country: []string{"GB"},
Province: []string{""},
Locality: []string{"London"},
CommonName: "ski-creds-client",
},
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(10, 0, 0),
SubjectKeyId: []byte{1, 2, 3, 4, 6},
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
KeyUsage: x509.KeyUsageDigitalSignature,
}
clientPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)
if err != nil {
log.Fatalln("Failed to generate client private key:", err)
}
clientBytes, err := x509.CreateCertificate(rand.Reader, cert, cert, clientPrivKey.Public(), clientPrivKey)
if err != nil {
log.Fatalln("Failed to generate client certificate bytes:", err)
}
privKeyBytes := x509.MarshalPKCS1PrivateKey(clientPrivKey)
gen := &CertGen{cert: cert, certBytes: clientBytes, key: clientPrivKey, keyBytes: privKeyBytes}
err = gen.generatePem()
if err != nil {
return nil, err
}
caKeyPair, err := tls.X509KeyPair(gen.certPem, gen.keyPem)
if err != nil {
log.Fatalln("Failed to generate client key pair:", err)
}
gen.tlsCert = caKeyPair
return gen, nil
}

View File

@ -21,12 +21,12 @@ func MakeServerTls(ca *CertGen) (*CertGen, error) {
Locality: []string{"London"},
CommonName: "ski-creds-server",
},
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(10, 0, 0),
IsCA: true,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
BasicConstraintsValid: true,
DNSNames: []string{"panda.local"},
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(10, 0, 0),
SubjectKeyId: []byte{1, 2, 3, 4, 6},
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
KeyUsage: x509.KeyUsageDigitalSignature,
}
serverPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)
@ -46,7 +46,7 @@ func MakeServerTls(ca *CertGen) (*CertGen, error) {
}
caKeyPair, err := tls.X509KeyPair(gen.certPem, gen.keyPem)
if err != nil {
log.Fatalln("Failed to generate CA key pair:", err)
log.Fatalln("Failed to generate server key pair:", err)
}
gen.tlsCert = caKeyPair
return gen, nil