@@ -16,7 +16,6 @@ import (
1616 "crypto/x509/pkix"
1717 "encoding/pem"
1818 "fmt"
19- "io/ioutil"
2019 "math/big"
2120 "net"
2221 "os"
@@ -134,51 +133,57 @@ func generateSingleCertificate(isCa bool) (*x509.Certificate, error) {
134133 return & template , nil
135134}
136135
137- func generateCertificates (path * paths.Path ) {
138- path .Join ("ca.cert.pem" ).Remove ()
139- path .Join ("ca.key.pem" ).Remove ()
140- path .Join ("cert.pem" ).Remove ()
141- path .Join ("key.pem" ).Remove ()
136+ func generateCertificates (certsDir * paths.Path ) {
137+ certsDir .Join ("ca.cert.pem" ).Remove ()
138+ certsDir .Join ("ca.key.pem" ).Remove ()
139+ certsDir .Join ("cert.pem" ).Remove ()
140+ certsDir .Join ("key.pem" ).Remove ()
142141
143142 // Create the key for the certification authority
144143 caKey , err := generateKey ("P256" )
145144 if err != nil {
146145 log .Error (err .Error ())
147146 os .Exit (1 )
148147 }
149- keyOutPath := path .Join ("ca.key.pem" ).String ()
150- keyOut , err := os .OpenFile (keyOutPath , os .O_WRONLY | os .O_CREATE | os .O_TRUNC , 0600 )
151- if err != nil {
152- log .Error (err .Error ())
153- os .Exit (1 )
148+
149+ {
150+ keyOutPath := certsDir .Join ("ca.key.pem" ).String ()
151+ keyOut , err := os .OpenFile (keyOutPath , os .O_WRONLY | os .O_CREATE | os .O_TRUNC , 0600 ) // Save key with user-only permission 0600
152+ if err != nil {
153+ log .Error (err .Error ())
154+ os .Exit (1 )
155+ }
156+ pem .Encode (keyOut , pemBlockForKey (caKey ))
157+ keyOut .Close ()
158+ log .Printf ("written %s" , keyOutPath )
154159 }
155- pem .Encode (keyOut , pemBlockForKey (caKey ))
156- keyOut .Close ()
157- log .Printf ("written %s" , keyOutPath )
158160
159161 // Create the certification authority
160162 caTemplate , err := generateSingleCertificate (true )
161-
162163 if err != nil {
163164 log .Error (err .Error ())
164165 os .Exit (1 )
165166 }
166167
167168 derBytes , _ := x509 .CreateCertificate (rand .Reader , caTemplate , caTemplate , publicKey (caKey ), caKey )
168169
169- certOutPath := path .Join ("ca.cert.pem" ).String ()
170- certOut , err := os .Create (certOutPath )
171- if err != nil {
172- log .Error (err .Error ())
173- os .Exit (1 )
170+ {
171+ caCertOutPath := certsDir .Join ("ca.cert.pem" )
172+ caCertOut , err := caCertOutPath .Create ()
173+ if err != nil {
174+ log .Error (err .Error ())
175+ os .Exit (1 )
176+ }
177+ pem .Encode (caCertOut , & pem.Block {Type : "CERTIFICATE" , Bytes : derBytes })
178+ caCertOut .Close ()
179+ log .Printf ("written %s" , caCertOutPath )
174180 }
175- pem .Encode (certOut , & pem.Block {Type : "CERTIFICATE" , Bytes : derBytes })
176- certOut .Close ()
177- log .Printf ("written %s" , certOutPath )
178181
179- filePath := path .Join ("ca.cert.cer" ).String ()
180- ioutil .WriteFile (filePath , derBytes , 0644 )
181- log .Printf ("written %s" , filePath )
182+ {
183+ caCertPath := certsDir .Join ("ca.cert.cer" )
184+ caCertPath .WriteFile (derBytes )
185+ log .Printf ("written %s" , caCertPath )
186+ }
182187
183188 // Create the key for the final certificate
184189 key , err := generateKey ("P256" )
@@ -187,40 +192,44 @@ func generateCertificates(path *paths.Path) {
187192 os .Exit (1 )
188193 }
189194
190- keyOutPath = path .Join ("key.pem" ).String ()
191- keyOut , err = os .OpenFile (keyOutPath , os .O_WRONLY | os .O_CREATE | os .O_TRUNC , 0600 )
192- if err != nil {
193- log .Error (err .Error ())
194- os .Exit (1 )
195+ {
196+ keyOutPath := certsDir .Join ("key.pem" ).String ()
197+ keyOut , err := os .OpenFile (keyOutPath , os .O_WRONLY | os .O_CREATE | os .O_TRUNC , 0600 ) // Save key with user-only permission 0600
198+ if err != nil {
199+ log .Error (err .Error ())
200+ os .Exit (1 )
201+ }
202+ pem .Encode (keyOut , pemBlockForKey (key ))
203+ keyOut .Close ()
204+ log .Printf ("written %s" , keyOutPath )
195205 }
196- pem .Encode (keyOut , pemBlockForKey (key ))
197- keyOut .Close ()
198- log .Printf ("written %s" , keyOutPath )
199206
200207 // Create the final certificate
201208 template , err := generateSingleCertificate (false )
202-
203209 if err != nil {
204210 log .Error (err .Error ())
205211 os .Exit (1 )
206212 }
207213
208214 derBytes , _ = x509 .CreateCertificate (rand .Reader , template , caTemplate , publicKey (key ), caKey )
209215
210- certOutPath = path .Join ("cert.pem" ).String ()
211- certOut , err = os .Create (certOutPath )
212- if err != nil {
213- log .Error (err .Error ())
214- os .Exit (1 )
216+ {
217+ certOutPath := certsDir .Join ("cert.pem" ).String ()
218+ certOut , err := os .Create (certOutPath )
219+ if err != nil {
220+ log .Error (err .Error ())
221+ os .Exit (1 )
222+ }
223+ pem .Encode (certOut , & pem.Block {Type : "CERTIFICATE" , Bytes : derBytes })
224+ certOut .Close ()
225+ log .Printf ("written %s" , certOutPath )
215226 }
216- pem .Encode (certOut , & pem.Block {Type : "CERTIFICATE" , Bytes : derBytes })
217- certOut .Close ()
218- log .Printf ("written %s" , certOutPath )
219-
220- certPath := path .Join ("cert.cer" ).String ()
221- ioutil .WriteFile (certPath , derBytes , 0644 )
222- log .Printf ("written %s" , certPath )
223227
228+ {
229+ certPath := certsDir .Join ("cert.cer" )
230+ certPath .WriteFile (derBytes )
231+ log .Printf ("written %s" , certPath )
232+ }
224233}
225234
226235func certHandler (c * gin.Context ) {
@@ -239,10 +248,10 @@ func deleteCertHandler(c *gin.Context) {
239248}
240249
241250// DeleteCertificates will delete the certificates
242- func DeleteCertificates (path * paths.Path ) {
243- path .Join ("ca.cert.pem" ).Remove ()
244- path .Join ("ca.cert.cer" ).Remove ()
245- path .Join ("ca.key.pem" ).Remove ()
251+ func DeleteCertificates (certDir * paths.Path ) {
252+ certDir .Join ("ca.cert.pem" ).Remove ()
253+ certDir .Join ("ca.cert.cer" ).Remove ()
254+ certDir .Join ("ca.key.pem" ).Remove ()
246255}
247256
248257const noFirefoxTemplateHTML = `<!DOCTYPE html>
0 commit comments