generate certs as needed, remove unneeded interfaces

This commit is contained in:
David 2020-09-16 14:54:56 -04:00
parent 7d3999cfd3
commit da4e3ec935
2 changed files with 136 additions and 51 deletions

View File

@ -0,0 +1,97 @@
package certificates
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"fmt"
"math/big"
"net"
"os"
"strings"
"time"
)
func GenerateKeyPair(host string) (*rsa.PrivateKey, []byte, error) {
priv, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
return &rsa.PrivateKey{}, []byte{}, err
}
keyUsage := x509.KeyUsageDigitalSignature
notBefore := time.Now()
notAfter := notBefore.Add(time.Hour * 24 * 365 * 5) // five yearss
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil {
return &rsa.PrivateKey{}, []byte{}, err
}
template := x509.Certificate{
SerialNumber: serialNumber,
Subject: pkix.Name{
Organization: []string{"Castor Server"},
},
NotBefore: notBefore,
NotAfter: notAfter,
KeyUsage: keyUsage,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
}
hosts := strings.Split(host, ",")
for _, h := range hosts {
if ip := net.ParseIP(h); ip != nil {
template.IPAddresses = append(template.IPAddresses, ip)
} else {
template.DNSNames = append(template.DNSNames, h)
}
}
bytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
if err != nil {
return &rsa.PrivateKey{}, []byte{}, err
}
return priv, bytes, nil
}
func TestCertificateExists(certname, keyname string) error {
_, err := os.Stat(certname)
if err != nil {
return fmt.Errorf("Could not open %s; %w", certname, err)
}
_, err = os.Stat(keyname)
if err != nil {
return fmt.Errorf("Could not open %s; %w", keyname, err)
}
return nil
}
func WriteCertsToFile(certname, keyname string, cert []byte, privkey *rsa.PrivateKey) error {
certOut, err := os.Create(certname)
if err != nil {
return fmt.Errorf("Failed to open %s for writing: %w", certname, err)
}
if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: cert}); err != nil {
return fmt.Errorf("Failed to write data to %s: %w", certname, err)
}
if err := certOut.Close(); err != nil {
return fmt.Errorf("Error closing %s: %w", certname, err)
}
keyOut, err := os.OpenFile(keyname, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil {
return fmt.Errorf("Failed to open %s for writing: %w", keyname, err)
}
privBytes, err := x509.MarshalPKCS8PrivateKey(privkey)
if err != nil {
return fmt.Errorf("Unable to marshal private key: %v", err)
}
if err := pem.Encode(keyOut, &pem.Block{Type: "PRIVATE KEY", Bytes: privBytes}); err != nil {
return fmt.Errorf("Failed to write data to %s: %v", keyname, err)
}
if err := keyOut.Close(); err != nil {
return fmt.Errorf("Error closing %s: %v", keyname, err)
}
return nil
}

90
main.go
View File

@ -14,6 +14,8 @@ import (
"net/url" "net/url"
"os" "os"
"path/filepath" "path/filepath"
"git.yetaga.in/alazyreader/castor/certificates"
) )
var responseCodes = map[string]int{ var responseCodes = map[string]int{
@ -37,35 +39,22 @@ var responseCodes = map[string]int{
"CERTIFICATENOTVALID": 62, "CERTIFICATENOTVALID": 62,
} }
// interface type geminiRequest struct {
type geminiRequest interface {
GetURL() *url.URL
}
// implementation
type request struct {
url *url.URL url *url.URL
} }
func (r request) GetURL() *url.URL { func (r *geminiRequest) GetURL() *url.URL {
return r.url return r.url
} }
// interface type geminiResponse struct {
type geminiResponse interface {
WriteStatus(code int, meta string) (int, error)
Write([]byte) (int, error)
}
// implementation
type response struct {
statusSent bool statusSent bool
status int status int
meta string meta string
connection net.Conn connection net.Conn
} }
func (w *response) WriteStatus(code int, meta string) (int, error) { func (w *geminiResponse) WriteStatus(code int, meta string) (int, error) {
if w.statusSent { if w.statusSent {
return 0, fmt.Errorf("Cannot set status after start of response") return 0, fmt.Errorf("Cannot set status after start of response")
} }
@ -75,7 +64,7 @@ func (w *response) WriteStatus(code int, meta string) (int, error) {
return fmt.Fprintf(w.connection, "%d %s\r\n", code, meta) return fmt.Fprintf(w.connection, "%d %s\r\n", code, meta)
} }
func (w *response) Write(b []byte) (int, error) { func (w *geminiResponse) Write(b []byte) (int, error) {
if !w.statusSent { if !w.statusSent {
// this can't guess text/gemini, of course. // this can't guess text/gemini, of course.
guessedType := http.DetectContentType(b) guessedType := http.DetectContentType(b)
@ -84,24 +73,23 @@ func (w *response) Write(b []byte) (int, error) {
return w.connection.Write(b) return w.connection.Write(b)
} }
// interface
type geminiHandler interface { type geminiHandler interface {
Handle(geminiResponse, geminiRequest) Handle(*geminiResponse, *geminiRequest)
} }
type geminiHandlerFunc func(geminiResponse, geminiRequest) type geminiHandlerFunc func(*geminiResponse, *geminiRequest)
// Handle calls f(w, r). // Handle calls f(w, r).
func (f geminiHandlerFunc) Handle(w geminiResponse, r geminiRequest) { func (f geminiHandlerFunc) Handle(w *geminiResponse, r *geminiRequest) {
f(w, r) f(w, r)
} }
// implementations // handlers
type staticGeminiHandler struct { type staticGeminiHandler struct {
StaticString string StaticString string
} }
func (h staticGeminiHandler) Handle(w geminiResponse, r geminiRequest) { func (h staticGeminiHandler) Handle(w *geminiResponse, r *geminiRequest) {
w.Write([]byte(h.StaticString)) w.Write([]byte(h.StaticString))
} }
@ -124,7 +112,7 @@ func genIndex(folder, rel string) ([]byte, error) {
return ret.Bytes(), nil return ret.Bytes(), nil
} }
func (h fsGeminiHandler) Handle(w geminiResponse, r geminiRequest) { func (h fsGeminiHandler) Handle(w *geminiResponse, r *geminiRequest) {
// Clean, then join; can't escape the defined root // Clean, then join; can't escape the defined root
req := filepath.Join(h.root, filepath.Clean(r.GetURL().Path)) req := filepath.Join(h.root, filepath.Clean(r.GetURL().Path))
@ -135,10 +123,10 @@ func (h fsGeminiHandler) Handle(w geminiResponse, r geminiRequest) {
} }
if sourceFileStat.IsDir() { if sourceFileStat.IsDir() {
sourceFileStat, err = os.Stat(filepath.Join(req, "index.gemini")) sourceFileStat, err = os.Stat(filepath.Join(req, "index.gmi"))
if err == nil && sourceFileStat.Mode().IsRegular() { if err == nil && sourceFileStat.Mode().IsRegular() {
// if it's a directory, transparently insert the index.gemini check // if it's a directory, transparently insert the index.gmi check
req = filepath.Join(req, "index.gemini") req = filepath.Join(req, "index.gmi")
} else if h.DirectoryListing { } else if h.DirectoryListing {
b, err := genIndex(req, filepath.Clean(r.GetURL().Path)) b, err := genIndex(req, filepath.Clean(r.GetURL().Path))
if err != nil { if err != nil {
@ -169,7 +157,7 @@ func (h fsGeminiHandler) Handle(w geminiResponse, r geminiRequest) {
} }
func recoveryHandler(next geminiHandler) geminiHandler { func recoveryHandler(next geminiHandler) geminiHandler {
return geminiHandlerFunc(func(w geminiResponse, r geminiRequest) { return geminiHandlerFunc(func(w *geminiResponse, r *geminiRequest) {
defer func() { defer func() {
err := recover() err := recover()
if err != nil { if err != nil {
@ -183,19 +171,6 @@ func recoveryHandler(next geminiHandler) geminiHandler {
}) })
} }
// handler for general http queries (fallthrough for certmagic)
type genericHTTPHandler struct {
StaticString string
}
func (h *genericHTTPHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if h.StaticString != "" {
w.Write([]byte(h.StaticString))
return
}
w.Write([]byte("This is the default http response for the castor server. Try connecting over the gemini protocol instead.\n"))
}
func handleConnection(log Logger, conn net.Conn, h geminiHandler) { func handleConnection(log Logger, conn net.Conn, h geminiHandler) {
defer conn.Close() defer conn.Close()
scanner := bufio.NewScanner(conn) scanner := bufio.NewScanner(conn)
@ -206,27 +181,40 @@ func handleConnection(log Logger, conn net.Conn, h geminiHandler) {
if err != nil { if err != nil {
log.Info(err) log.Info(err)
} }
w := response{ w := &geminiResponse{
connection: conn, connection: conn,
} }
r := request{ r := &geminiRequest{
url: u, url: u,
} }
recoveryHandler(h).Handle(&w, r) recoveryHandler(h).Handle(w, r)
} }
func main() { func main() {
log := NewLogger(true) log := NewLogger(true)
err := mime.AddExtensionType(".gemini", "text/gemini") mime.AddExtensionType(".gemini", "text/gemini")
err2 := mime.AddExtensionType(".gmi", "text/gemini") mime.AddExtensionType(".gmi", "text/gemini")
if err != nil || err2 != nil {
log.Info("Could not add text/gemini to mime-type database;", err) err := certificates.TestCertificateExists("./cert.pem", "./key.pem")
var cer tls.Certificate
if err != nil {
log.Info("Generating new certificate...")
key, cert, err := certificates.GenerateKeyPair("localhost")
if err != nil {
log.Info("error generating certificates", err)
return
}
err = certificates.WriteCertsToFile("./cert.pem", "./key.pem", cert, key)
if err != nil {
log.Info("error saving certificates", err)
return
}
} }
cer, err := tls.LoadX509KeyPair("./cert.pem", "./key.pem") cer, err = tls.LoadX509KeyPair("./cert.pem", "./key.pem")
if err != nil { if err != nil {
log.Info("", err) log.Info("error loading certificates", err)
return return
} }