generate certs as needed, remove unneeded interfaces

master
David Ashby 2 years ago
parent 7d3999cfd3
commit da4e3ec935
  1. 97
      certificates/certificates.go
  2. 90
      main.go

@ -0,0 +1,97 @@
package certificates
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"fmt"
"math/big"
"net"
"os"
"strings"
"time"
)
func GenerateKeyPair(host string) (*rsa.PrivateKey, []byte, error) {
priv, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
return &rsa.PrivateKey{}, []byte{}, err
}
keyUsage := x509.KeyUsageDigitalSignature
notBefore := time.Now()
notAfter := notBefore.Add(time.Hour * 24 * 365 * 5) // five yearss
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil {
return &rsa.PrivateKey{}, []byte{}, err
}
template := x509.Certificate{
SerialNumber: serialNumber,
Subject: pkix.Name{
Organization: []string{"Castor Server"},
},
NotBefore: notBefore,
NotAfter: notAfter,
KeyUsage: keyUsage,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
}
hosts := strings.Split(host, ",")
for _, h := range hosts {
if ip := net.ParseIP(h); ip != nil {
template.IPAddresses = append(template.IPAddresses, ip)
} else {
template.DNSNames = append(template.DNSNames, h)
}
}
bytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
if err != nil {
return &rsa.PrivateKey{}, []byte{}, err
}
return priv, bytes, nil
}
func TestCertificateExists(certname, keyname string) error {
_, err := os.Stat(certname)
if err != nil {
return fmt.Errorf("Could not open %s; %w", certname, err)
}
_, err = os.Stat(keyname)
if err != nil {
return fmt.Errorf("Could not open %s; %w", keyname, err)
}
return nil
}
func WriteCertsToFile(certname, keyname string, cert []byte, privkey *rsa.PrivateKey) error {
certOut, err := os.Create(certname)
if err != nil {
return fmt.Errorf("Failed to open %s for writing: %w", certname, err)
}
if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: cert}); err != nil {
return fmt.Errorf("Failed to write data to %s: %w", certname, err)
}
if err := certOut.Close(); err != nil {
return fmt.Errorf("Error closing %s: %w", certname, err)
}
keyOut, err := os.OpenFile(keyname, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil {
return fmt.Errorf("Failed to open %s for writing: %w", keyname, err)
}
privBytes, err := x509.MarshalPKCS8PrivateKey(privkey)
if err != nil {
return fmt.Errorf("Unable to marshal private key: %v", err)
}
if err := pem.Encode(keyOut, &pem.Block{Type: "PRIVATE KEY", Bytes: privBytes}); err != nil {
return fmt.Errorf("Failed to write data to %s: %v", keyname, err)
}
if err := keyOut.Close(); err != nil {
return fmt.Errorf("Error closing %s: %v", keyname, err)
}
return nil
}

@ -14,6 +14,8 @@ import (
"net/url"
"os"
"path/filepath"
"git.yetaga.in/alazyreader/castor/certificates"
)
var responseCodes = map[string]int{
@ -37,35 +39,22 @@ var responseCodes = map[string]int{
"CERTIFICATENOTVALID": 62,
}
// interface
type geminiRequest interface {
GetURL() *url.URL
}
// implementation
type request struct {
type geminiRequest struct {
url *url.URL
}
func (r request) GetURL() *url.URL {
func (r *geminiRequest) GetURL() *url.URL {
return r.url
}
// interface
type geminiResponse interface {
WriteStatus(code int, meta string) (int, error)
Write([]byte) (int, error)
}
// implementation
type response struct {
type geminiResponse struct {
statusSent bool
status int
meta string
connection net.Conn
}
func (w *response) WriteStatus(code int, meta string) (int, error) {
func (w *geminiResponse) WriteStatus(code int, meta string) (int, error) {
if w.statusSent {
return 0, fmt.Errorf("Cannot set status after start of response")
}
@ -75,7 +64,7 @@ func (w *response) WriteStatus(code int, meta string) (int, error) {
return fmt.Fprintf(w.connection, "%d %s\r\n", code, meta)
}
func (w *response) Write(b []byte) (int, error) {
func (w *geminiResponse) Write(b []byte) (int, error) {
if !w.statusSent {
// this can't guess text/gemini, of course.
guessedType := http.DetectContentType(b)
@ -84,24 +73,23 @@ func (w *response) Write(b []byte) (int, error) {
return w.connection.Write(b)
}
// interface
type geminiHandler interface {
Handle(geminiResponse, geminiRequest)
Handle(*geminiResponse, *geminiRequest)
}
type geminiHandlerFunc func(geminiResponse, geminiRequest)
type geminiHandlerFunc func(*geminiResponse, *geminiRequest)
// Handle calls f(w, r).
func (f geminiHandlerFunc) Handle(w geminiResponse, r geminiRequest) {
func (f geminiHandlerFunc) Handle(w *geminiResponse, r *geminiRequest) {
f(w, r)
}
// implementations
// handlers
type staticGeminiHandler struct {
StaticString string
}
func (h staticGeminiHandler) Handle(w geminiResponse, r geminiRequest) {
func (h staticGeminiHandler) Handle(w *geminiResponse, r *geminiRequest) {
w.Write([]byte(h.StaticString))
}
@ -124,7 +112,7 @@ func genIndex(folder, rel string) ([]byte, error) {
return ret.Bytes(), nil
}
func (h fsGeminiHandler) Handle(w geminiResponse, r geminiRequest) {
func (h fsGeminiHandler) Handle(w *geminiResponse, r *geminiRequest) {
// Clean, then join; can't escape the defined root
req := filepath.Join(h.root, filepath.Clean(r.GetURL().Path))
@ -135,10 +123,10 @@ func (h fsGeminiHandler) Handle(w geminiResponse, r geminiRequest) {
}
if sourceFileStat.IsDir() {
sourceFileStat, err = os.Stat(filepath.Join(req, "index.gemini"))
sourceFileStat, err = os.Stat(filepath.Join(req, "index.gmi"))
if err == nil && sourceFileStat.Mode().IsRegular() {
// if it's a directory, transparently insert the index.gemini check
req = filepath.Join(req, "index.gemini")
// if it's a directory, transparently insert the index.gmi check
req = filepath.Join(req, "index.gmi")
} else if h.DirectoryListing {
b, err := genIndex(req, filepath.Clean(r.GetURL().Path))
if err != nil {
@ -169,7 +157,7 @@ func (h fsGeminiHandler) Handle(w geminiResponse, r geminiRequest) {
}
func recoveryHandler(next geminiHandler) geminiHandler {
return geminiHandlerFunc(func(w geminiResponse, r geminiRequest) {
return geminiHandlerFunc(func(w *geminiResponse, r *geminiRequest) {
defer func() {
err := recover()
if err != nil {
@ -183,19 +171,6 @@ func recoveryHandler(next geminiHandler) geminiHandler {
})
}
// handler for general http queries (fallthrough for certmagic)
type genericHTTPHandler struct {
StaticString string
}
func (h *genericHTTPHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if h.StaticString != "" {
w.Write([]byte(h.StaticString))
return
}
w.Write([]byte("This is the default http response for the castor server. Try connecting over the gemini protocol instead.\n"))
}
func handleConnection(log Logger, conn net.Conn, h geminiHandler) {
defer conn.Close()
scanner := bufio.NewScanner(conn)
@ -206,27 +181,40 @@ func handleConnection(log Logger, conn net.Conn, h geminiHandler) {
if err != nil {
log.Info(err)
}
w := response{
w := &geminiResponse{
connection: conn,
}
r := request{
r := &geminiRequest{
url: u,
}
recoveryHandler(h).Handle(&w, r)
recoveryHandler(h).Handle(w, r)
}
func main() {
log := NewLogger(true)
err := mime.AddExtensionType(".gemini", "text/gemini")
err2 := mime.AddExtensionType(".gmi", "text/gemini")
if err != nil || err2 != nil {
log.Info("Could not add text/gemini to mime-type database;", err)
mime.AddExtensionType(".gemini", "text/gemini")
mime.AddExtensionType(".gmi", "text/gemini")
err := certificates.TestCertificateExists("./cert.pem", "./key.pem")
var cer tls.Certificate
if err != nil {
log.Info("Generating new certificate...")
key, cert, err := certificates.GenerateKeyPair("localhost")
if err != nil {
log.Info("error generating certificates", err)
return
}
err = certificates.WriteCertsToFile("./cert.pem", "./key.pem", cert, key)
if err != nil {
log.Info("error saving certificates", err)
return
}
}
cer, err := tls.LoadX509KeyPair("./cert.pem", "./key.pem")
cer, err = tls.LoadX509KeyPair("./cert.pem", "./key.pem")
if err != nil {
log.Info("", err)
log.Info("error loading certificates", err)
return
}

Loading…
Cancel
Save