OLD | NEW |
1 // Copyright 2009 The Go Authors. All rights reserved. | 1 // Copyright 2009 The Go Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style | 2 // Use of this source code is governed by a BSD-style |
3 // license that can be found in the LICENSE file. | 3 // license that can be found in the LICENSE file. |
4 | 4 |
5 // Generate a self-signed X.509 certificate for a TLS server. Outputs to | 5 // Generate a self-signed X.509 certificate for a TLS server. Outputs to |
6 // 'cert.pem' and 'key.pem' and will overwrite existing files. | 6 // 'cert.pem' and 'key.pem' and will overwrite existing files. |
7 | 7 |
8 package main | 8 package main |
9 | 9 |
10 import ( | 10 import ( |
11 "crypto/rsa" | 11 "crypto/rsa" |
12 "crypto/x509" | 12 "crypto/x509" |
13 "encoding/pem" | 13 "encoding/pem" |
14 » "fmt" | 14 » "flag" |
15 "log" | 15 "log" |
16 "os" | 16 "os" |
17 "time" | 17 "time" |
18 ) | 18 ) |
19 | 19 |
| 20 var hostName *string = flag.String("host", "127.0.0.1", "Hostname to generate a
certificate for") |
| 21 |
20 func main() { | 22 func main() { |
21 » if len(os.Args) != 2 { | 23 » flag.Parse() |
22 » » fmt.Printf("Usage: %s <hostname of server>\n", os.Args[0]) | 24 |
| 25 » urandom, err := os.Open("/dev/urandom", os.O_RDONLY, 0) |
| 26 » if err != nil { |
| 27 » » log.Exitf("failed to open /dev/urandom: %s", err) |
23 return | 28 return |
24 } | 29 } |
25 | 30 |
26 » hostName := os.Args[1] | 31 » priv, err := rsa.GenerateKey(urandom, 1024) |
27 | |
28 » urandom, err := os.Open("/dev/urandom", os.O_RDONLY, 0) | |
29 if err != nil { | 32 if err != nil { |
30 » » log.Crashf("failed to open /dev/urandom: %s\n", err) | 33 » » log.Exitf("failed to generate private key: %s", err) |
31 return | 34 return |
32 } | 35 } |
33 | 36 |
34 log.Stdoutf("Generating RSA key\n") | |
35 priv, err := rsa.GenerateKey(urandom, 1024) | |
36 if err != nil { | |
37 log.Crashf("failed to generate private key: %s\n", err) | |
38 return | |
39 } | |
40 | |
41 now := time.Seconds() | 37 now := time.Seconds() |
42 | 38 |
43 template := x509.Certificate{ | 39 template := x509.Certificate{ |
44 SerialNumber: []byte{0}, | 40 SerialNumber: []byte{0}, |
45 Subject: x509.Name{ | 41 Subject: x509.Name{ |
46 » » » CommonName: hostName, | 42 » » » CommonName: *hostName, |
47 Organization: "Acme Co", | 43 Organization: "Acme Co", |
48 }, | 44 }, |
49 NotBefore: time.SecondsToUTC(now - 300), | 45 NotBefore: time.SecondsToUTC(now - 300), |
50 » » NotAfter: time.SecondsToUTC(now + 86400*365), // valid for 1 ye
ar. | 46 » » NotAfter: time.SecondsToUTC(now + 60*60*24*365), // valid for 1
year. |
51 | 47 |
52 SubjectKeyId: []byte{1, 2, 3, 4}, | 48 SubjectKeyId: []byte{1, 2, 3, 4}, |
53 KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigita
lSignature, | 49 KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigita
lSignature, |
54 } | 50 } |
55 | 51 |
56 derBytes, err := x509.CreateCertificate(urandom, &template, &template, &
priv.PublicKey, priv) | 52 derBytes, err := x509.CreateCertificate(urandom, &template, &template, &
priv.PublicKey, priv) |
57 if err != nil { | 53 if err != nil { |
58 » » log.Crashf("Failed to create certificate: %s", err) | 54 » » log.Exitf("Failed to create certificate: %s", err) |
59 return | 55 return |
60 } | 56 } |
61 | 57 |
62 certOut, err := os.Open("cert.pem", os.O_WRONLY|os.O_CREAT, 0644) | 58 certOut, err := os.Open("cert.pem", os.O_WRONLY|os.O_CREAT, 0644) |
63 if err != nil { | 59 if err != nil { |
64 » » log.Crashf("failed to open cert.pem for writing: %s\n", err) | 60 » » log.Exitf("failed to open cert.pem for writing: %s", err) |
65 return | 61 return |
66 } | 62 } |
67 pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) | 63 pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) |
68 certOut.Close() | 64 certOut.Close() |
69 log.Stdoutf("written cert.pem\n") | 65 log.Stdoutf("written cert.pem\n") |
70 | 66 |
71 keyOut, err := os.Open("key.pem", os.O_WRONLY|os.O_CREAT, 0600) | 67 keyOut, err := os.Open("key.pem", os.O_WRONLY|os.O_CREAT, 0600) |
72 if err != nil { | 68 if err != nil { |
73 » » log.Crashf("failed to open key.pem for writing: %s\n", err) | 69 » » log.Exitf("failed to open key.pem for writing: %s", err) |
74 return | 70 return |
75 } | 71 } |
76 pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.Marsh
alPKCS1PrivateKey(priv)}) | 72 pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.Marsh
alPKCS1PrivateKey(priv)}) |
77 keyOut.Close() | 73 keyOut.Close() |
78 log.Stdoutf("written key.pem\n") | 74 log.Stdoutf("written key.pem\n") |
79 } | 75 } |
OLD | NEW |