feat: generate self signed certs if no certs are detected

HilkopterBob · Aug 20, 2024 · 75ed0d4 · 75ed0d4
1 parent aab797e
commit 75ed0d4
Show file tree

Hide file tree

Showing 4 changed files with 92 additions and 1 deletion.
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
 certs/**
+!certs/*.go
diff --git a/certs/generate-certs.go b/certs/generate-certs.go
@@ -0,0 +1,80 @@
+package certs
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"fmt"
+	"math/big"
+	"os"
+	"time"
+)
+
+func CreateSelfSignedCert(certFile, keyFile string) error {
+	// Generate a private key
+	priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		return fmt.Errorf("failed to generate private key: %v", err)
+	}
+
+	// Create a certificate template
+	notBefore := time.Now()
+	notAfter := notBefore.Add(365 * 24 * time.Hour)
+
+	serialNumber, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
+	if err != nil {
+		return fmt.Errorf("failed to generate serial number: %v", err)
+	}
+
+	template := x509.Certificate{
+		SerialNumber: serialNumber,
+		Subject: pkix.Name{
+			Organization: []string{"Self-Signed Co"},
+		},
+		NotBefore: notBefore,
+		NotAfter:  notAfter,
+		KeyUsage:  x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+		ExtKeyUsage: []x509.ExtKeyUsage{
+			x509.ExtKeyUsageServerAuth,
+		},
+		BasicConstraintsValid: true,
+	}
+
+	// Generate a self-signed certificate
+	certDER, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
+	if err != nil {
+		return fmt.Errorf("failed to create certificate: %v", err)
+	}
+
+	// Save the certificate to certFile
+	certOut, err := os.Create(certFile)
+	if err != nil {
+		return fmt.Errorf("failed to open cert.pem for writing: %v", err)
+	}
+	defer certOut.Close()
+
+	if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: certDER}); err != nil {
+		return fmt.Errorf("failed to write data to cert.pem: %v", err)
+	}
+
+	// Save the private key to keyFile
+	keyOut, err := os.Create(keyFile)
+	if err != nil {
+		return fmt.Errorf("failed to open key.pem for writing: %v", err)
+	}
+	defer keyOut.Close()
+
+	privBytes, err := x509.MarshalECPrivateKey(priv)
+	if err != nil {
+		return fmt.Errorf("failed to marshal private key: %v", err)
+	}
+	if err := pem.Encode(keyOut, &pem.Block{Type: "EC PRIVATE KEY", Bytes: privBytes}); err != nil {
+		return fmt.Errorf("failed to write data to key.pem: %v", err)
+	}
+
+	fmt.Println("Successfully created self-signed certificate and private key.")
+	return nil
+}
diff --git a/config.yaml b/config.yaml
@@ -2,11 +2,11 @@ general:
   debug: true
   production: false
 network:
-  forcehttp: true
   fqdn: 0.0.0.0
   port: 8080
   ssl: true
   ssl-config:
+    redirecthttp: true
     allowselfsigned: true
     certificatepath: ./certs/testing.crt
     privatekeypath: ./certs/testing.key
diff --git a/main.go b/main.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"os"
 	"os/signal"
+	"packagelock/certs"
 	"packagelock/config"
 	"packagelock/server"
 	"syscall"
@@ -30,6 +31,15 @@ func main() {
 		config.Config.SetDefault("general.app-version", AppVersion)
 	}
 
+	if _, err := os.Stat(config.Config.GetString("network.ssl-config.certificatepath")); os.IsNotExist(err) {
+		fmt.Println("Certificate files missing, creating new self-signed.")
+		err := certs.CreateSelfSignedCert(config.Config.GetString("network.ssl-config.certificatepath"), config.Config.GetString("network.ssl-config.privatekeypath"))
+		if err != nil {
+			fmt.Printf("Error creating self-signed certificate: %v\n", err)
+			return
+		}
+	}
+
 	fmt.Println(config.Config.AllSettings())
 
 	// Channel to signal the restart