API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 23rd, 2017
72
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.24 KB | None | 0 0
raw download clone embed print report
  1. // Copyright 2009 The Go Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style
  3. // license that can be found in the LICENSE file.
  4.  
  5. // Generate a self-signed X.509 certificate for a TLS server. Outputs to
  6. // 'cert.pem' and 'key.pem' and will overwrite existing files.
  7.  
  8. package main
  9.  
  10. import (
  11. "crypto/ecdsa"
  12. "crypto/elliptic"
  13. "crypto/rand"
  14. "crypto/rsa"
  15. "crypto/x509"
  16. "crypto/x509/pkix"
  17. "encoding/pem"
  18. "flag"
  19. "fmt"
  20. "log"
  21. "math/big"
  22. "net"
  23. "os"
  24. "strings"
  25. "time"
  26. )
  27.  
  28. var (
  29. host = flag.String("host", "", "Comma-separated hostnames and IPs to generate a certificate for")
  30. validFrom = flag.String("start-date", "", "Creation date formatted as Jan 1 15:04:05 2011")
  31. validFor = flag.Duration("duration", 365*24*time.Hour, "Duration that certificate is valid for")
  32. isCA = flag.Bool("ca", false, "whether this cert should be its own Certificate Authority")
  33. rsaBits = flag.Int("rsa-bits", 2048, "Size of RSA key to generate. Ignored if --ecdsa-curve is set")
  34. ecdsaCurve = flag.String("ecdsa-curve", "", "ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521")
  35. )
  36.  
  37. func publicKey(priv interface{}) interface{} {
  38. switch k := priv.(type) {
  39. case *rsa.PrivateKey:
  40. return &k.PublicKey
  41. case *ecdsa.PrivateKey:
  42. return &k.PublicKey
  43. default:
  44. return nil
  45. }
  46. }
  47.  
  48. func pemBlockForKey(priv interface{}) *pem.Block {
  49. switch k := priv.(type) {
  50. case *rsa.PrivateKey:
  51. return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k)}
  52. case *ecdsa.PrivateKey:
  53. b, err := x509.MarshalECPrivateKey(k)
  54. if err != nil {
  55. fmt.Fprintf(os.Stderr, "Unable to marshal ECDSA private key: %v", err)
  56. os.Exit(2)
  57. }
  58. return &pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
  59. default:
  60. return nil
  61. }
  62. }
  63.  
  64. func main() {
  65. flag.Parse()
  66.  
  67. if len(*host) == 0 {
  68. log.Fatalf("Missing required --host parameter")
  69. }
  70.  
  71. var priv interface{}
  72. var err error
  73. switch *ecdsaCurve {
  74. case "":
  75. priv, err = rsa.GenerateKey(rand.Reader, *rsaBits)
  76. case "P224":
  77. priv, err = ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
  78. case "P256":
  79. priv, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
  80. case "P384":
  81. priv, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
  82. case "P521":
  83. priv, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
  84. default:
  85. fmt.Fprintf(os.Stderr, "Unrecognized elliptic curve: %q", *ecdsaCurve)
  86. os.Exit(1)
  87. }
  88. if err != nil {
  89. log.Fatalf("failed to generate private key: %s", err)
  90. }
  91.  
  92. var notBefore time.Time
  93. if len(*validFrom) == 0 {
  94. notBefore = time.Now()
  95. } else {
  96. notBefore, err = time.Parse("Jan 2 15:04:05 2006", *validFrom)
  97. if err != nil {
  98. fmt.Fprintf(os.Stderr, "Failed to parse creation date: %s\n", err)
  99. os.Exit(1)
  100. }
  101. }
  102.  
  103. notAfter := notBefore.Add(*validFor)
  104.  
  105. serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
  106. serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
  107. if err != nil {
  108. log.Fatalf("failed to generate serial number: %s", err)
  109. }
  110.  
  111. template := x509.Certificate{
  112. SerialNumber: serialNumber,
  113. Subject: pkix.Name{
  114. Organization: []string{"Acme Co"},
  115. },
  116. NotBefore: notBefore,
  117. NotAfter: notAfter,
  118.  
  119. KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
  120. ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
  121. BasicConstraintsValid: true,
  122. }
  123.  
  124. hosts := strings.Split(*host, ",")
  125. for _, h := range hosts {
  126. if ip := net.ParseIP(h); ip != nil {
  127. template.IPAddresses = append(template.IPAddresses, ip)
  128. } else {
  129. template.DNSNames = append(template.DNSNames, h)
  130. }
  131. }
  132.  
  133. if *isCA {
  134. template.IsCA = true
  135. template.KeyUsage |= x509.KeyUsageCertSign
  136. }
  137.  
  138. derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv)
  139. if err != nil {
  140. log.Fatalf("Failed to create certificate: %s", err)
  141. }
  142.  
  143. certOut, err := os.Create("cert.pem")
  144. if err != nil {
  145. log.Fatalf("failed to open cert.pem for writing: %s", err)
  146. }
  147. pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
  148. certOut.Close()
  149. log.Print("written cert.pem\n")
  150.  
  151. keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
  152. if err != nil {
  153. log.Print("failed to open key.pem for writing:", err)
  154. return
  155. }
  156. pem.Encode(keyOut, pemBlockForKey(priv))
  157. keyOut.Close()
  158. log.Print("written key.pem\n")
  159. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!