Added gencerts command, fixed unreachable code, added missing argument, fixed few golint errors #944
Added gencerts command, fixed unreachable code, added missing argument, fixed few golint errors #944
Changes from 9 commits
2e181be
10e1ee7
0801273
36cb895
b26c614
9361456
3c84bfb
3e74449
a7a6eb0
1d9b0a1
629f99e
11541a7
f898633
aebb4b2
98cfe4b
68c296a
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,147 @@ | ||
package cmd | ||
|
||
import ( | ||
"crypto/rand" | ||
"crypto/rsa" | ||
"crypto/x509" | ||
"crypto/x509/pkix" | ||
"encoding/pem" | ||
"flag" | ||
"math/big" | ||
"net" | ||
"os" | ||
"path" | ||
"strings" | ||
"time" | ||
|
||
"github.com/OpenBazaar/openbazaar-go/repo" | ||
) | ||
|
||
//GenerateCertificates struct | ||
type GenerateCertificates struct { | ||
DataDir string `short:"d" long:"datadir" description:"specify the data directory to be used"` | ||
Testnet bool `short:"t" long:"testnet" description:"config file is for testnet node"` | ||
Host string `short:"h" long:"host" description:"comma-separated hostnames and IPs to generate a certificate for"` | ||
ValidFor time.Duration `long:"duration" description:"duration that certificate is valid for"` | ||
} | ||
|
||
//return PublicKey | ||
func publicKey(priv interface{}) interface{} { | ||
switch k := priv.(type) { | ||
case *rsa.PrivateKey: | ||
return &k.PublicKey | ||
default: | ||
return nil | ||
} | ||
} | ||
|
||
func pemBlockForKey(priv interface{}) *pem.Block { | ||
switch k := priv.(type) { | ||
case *rsa.PrivateKey: | ||
return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k)} | ||
default: | ||
return nil | ||
} | ||
} | ||
|
||
//Execute gencerts command | ||
func (x *GenerateCertificates) Execute(args []string) error { | ||
// Set repo path | ||
repoPath, err := repo.GetRepoPath(x.Testnet) | ||
if err != nil { | ||
return err | ||
} | ||
if x.DataDir != "" { | ||
repoPath = x.DataDir | ||
} | ||
|
||
flag.Parse() | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is this being called early enough? Seems |
||
|
||
//Check if host entered | ||
if len(x.Host) == 0 { | ||
log.Fatalf("Missing required --host parameter") | ||
} | ||
|
||
// Set default duration | ||
if x.ValidFor == 0 { | ||
x.ValidFor = 365 * 24 * time.Hour | ||
} | ||
|
||
var priv interface{} | ||
|
||
//Generate key | ||
priv, err = rsa.GenerateKey(rand.Reader, 2048) | ||
if err != nil { | ||
log.Fatalf("failed to generate private key: %s", err) | ||
} | ||
|
||
//Set creation date | ||
var notBefore = time.Now() | ||
notAfter := notBefore.Add(x.ValidFor) | ||
|
||
//Crate serial nmuber | ||
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) | ||
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) | ||
if err != nil { | ||
log.Fatalf("failed to generate serial number: %s", err) | ||
} | ||
|
||
template := x509.Certificate{ | ||
SerialNumber: serialNumber, | ||
Subject: pkix.Name{ | ||
Organization: []string{"OpenBazaar"}, | ||
}, | ||
NotBefore: notBefore, | ||
NotAfter: notAfter, | ||
|
||
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, | ||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, | ||
BasicConstraintsValid: true, | ||
} | ||
|
||
//Check if host ip or dns name and count their quantity | ||
hosts := strings.Split(x.Host, ",") | ||
for _, h := range hosts { | ||
if ip := net.ParseIP(h); ip != nil { | ||
template.IPAddresses = append(template.IPAddresses, ip) | ||
} else { | ||
template.DNSNames = append(template.DNSNames, h) | ||
} | ||
} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Build your |
||
|
||
template.IsCA = true | ||
template.KeyUsage |= x509.KeyUsageCertSign | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why are these floating down here like this? Why not add them to the |
||
|
||
//Create sertificate | ||
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv) | ||
if err != nil { | ||
log.Fatalf("Failed to create certificate: %s", err) | ||
} | ||
|
||
// Create ssl directory | ||
err = os.MkdirAll(path.Join(repoPath, "ssl"), os.ModePerm) | ||
if err != nil { | ||
log.Fatalf("Failed to create ssl directory: %s", err) | ||
} | ||
|
||
//Create and write cert.pem | ||
certOut, err := os.Create(path.Join(repoPath, "ssl", "cert.pem")) | ||
if err != nil { | ||
log.Fatalf("failed to open cert.pem for writing: %s", err) | ||
} | ||
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) | ||
certOut.Close() | ||
log.Noticef("written cert.pem\n") | ||
|
||
//Create and write key.pem | ||
keyOut, err := os.OpenFile(path.Join(repoPath, "ssl", "key.pem"), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) | ||
if err != nil { | ||
log.Noticef("failed to open key.pem for writing:", err) | ||
return err | ||
} | ||
pem.Encode(keyOut, pemBlockForKey(priv)) | ||
keyOut.Close() | ||
log.Noticef("written key.pem\n") | ||
|
||
return nil | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -47,6 +47,7 @@ import ( | |
"time" | ||
) | ||
|
||
//Restore struct | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Adding empty definitions merely to satisfy the linter defeats the purpose of the linter. Let's remove these or replace them w idiomatic go docs. https://blog.golang.org/godoc-documenting-go-code |
||
type Restore struct { | ||
Password string `short:"p" long:"password" description:"the encryption password if the database is encrypted"` | ||
DataDir string `short:"d" long:"datadir" description:"specify the data directory to be used"` | ||
|
@@ -57,6 +58,7 @@ type Restore struct { | |
WalletCreationDate string `short:"w" long:"walletcreationdate" description:"specify the date the seed was created. if omitted the wallet will sync from the oldest checkpoint."` | ||
} | ||
|
||
//Execute restore command | ||
func (x *Restore) Execute(args []string) error { | ||
reader := bufio.NewReader(os.Stdin) | ||
if x.Mnemonic == "" { | ||
|
@@ -332,6 +334,7 @@ func (x *Restore) Execute(args []string) error { | |
return nil | ||
} | ||
|
||
//RestoreFile restore the file | ||
func RestoreFile(repoPath, peerID, filename string, ctx commands.Context, wg *sync.WaitGroup) { | ||
defer wg.Done() | ||
b, err := ipfs.ResolveThenCat(ctx, ipfspath.FromString(path.Join(peerID, filename)), time.Minute) | ||
|
@@ -346,6 +349,7 @@ func RestoreFile(repoPath, peerID, filename string, ctx commands.Context, wg *sy | |
} | ||
} | ||
|
||
//RestoreDirectory restore the directory | ||
func RestoreDirectory(repoPath, directory string, nd *ipfscore.IpfsNode, id *cid.Cid, wg *sync.WaitGroup) { | ||
defer wg.Done() | ||
links, err := nd.DAG.GetLinks(context.Background(), id) | ||
|
@@ -375,6 +379,7 @@ func RestoreDirectory(repoPath, directory string, nd *ipfscore.IpfsNode, id *cid | |
|
||
} | ||
|
||
//PrintError print error | ||
func PrintError(e string) { | ||
os.Stderr.Write([]byte(e)) | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -15,11 +15,13 @@ import ( | |
"syscall" | ||
) | ||
|
||
//SetAPICreds struct | ||
type SetAPICreds struct { | ||
DataDir string `short:"d" long:"datadir" description:"specify the data directory to be used"` | ||
Testnet bool `short:"t" long:"testnet" description:"config file is for testnet node"` | ||
} | ||
|
||
//Execute setapicreds command | ||
func (x *SetAPICreds) Execute(args []string) error { | ||
// Set repo path | ||
repoPath, err := repo.GetRepoPath(x.Testnet) | ||
|
@@ -86,7 +88,7 @@ func (x *SetAPICreds) Execute(args []string) error { | |
apiCfg.AllowedIPs = []string{} | ||
} | ||
|
||
if err := r.SetConfigKey("JSON-API", apiCfg); err != nil { | ||
if r.SetConfigKey("JSON-API", apiCfg); err != nil { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This does not look right. Which I'm thinking the linter told you that you can't declare an |
||
return err | ||
} | ||
return nil | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The preamble
"RSA PRIVATE KEY"
should probably be a constant.