-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* add defaults * recursively make pki directory * updates tests for https
- Loading branch information
1 parent
52d3412
commit 77fe923
Showing
9 changed files
with
227 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
package main | ||
|
||
import ( | ||
"fmt" | ||
"log" | ||
"os" | ||
"path/filepath" | ||
"strings" | ||
) | ||
|
||
// initSSL creates a SSL certificate and key using system's openssl. | ||
// TODO: don't blow away PKI if it already exists and is valid. | ||
func initSSL(certPath, keyPath string) ([]byte, error) { | ||
if out, err := initRndFile(); err != nil { | ||
return out, err | ||
} | ||
|
||
fqdn, err := getFQDN() | ||
|
||
if err != nil { | ||
return []byte{}, err | ||
} | ||
if err := mkdirP(certPath); err != nil { | ||
return []byte{}, err | ||
} | ||
if err := mkdirP(keyPath); err != nil { | ||
return []byte{}, err | ||
} | ||
|
||
command := "openssl" | ||
args := []string{ | ||
"req", | ||
"-new", | ||
"-newkey", | ||
"rsa:4096", | ||
"-days", | ||
"3650", | ||
"-nodes", | ||
"-x509", | ||
"-subj", | ||
fmt.Sprintf("/C=US/ST=Somewhere/L=Unknown/O=Idk/CN=%s", fqdn), | ||
"-keyout", | ||
keyPath, | ||
"-out", | ||
certPath, | ||
} | ||
|
||
return runCommand(command + " " + strings.Join(args, " ")) | ||
} | ||
|
||
func initRndFile() ([]byte, error) { | ||
return runCommand(`openssl rand -out "$HOME/.rnd" -hex 256`) | ||
} | ||
|
||
func getFQDN() (fqdn string, err error) { | ||
out, err := runCommand("hostname --fqdn") | ||
|
||
if err != nil { | ||
return | ||
} | ||
|
||
fqdn = string(out) | ||
fqdn = fqdn[:len(fqdn)-1] // removing EOL | ||
|
||
return | ||
} | ||
|
||
func mkdirP(p string) error { | ||
absPath, _ := filepath.Abs(p) | ||
dir := filepath.Dir(absPath) | ||
_, err := os.Stat(absPath) | ||
|
||
if os.IsExist(err) { | ||
return nil | ||
} | ||
|
||
log.Println("# creating directory: ", dir) | ||
return os.MkdirAll(dir, 0700) | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
package main | ||
|
||
import ( | ||
"fmt" | ||
"os" | ||
"os/exec" | ||
"testing" | ||
|
||
. "github.com/binarymason/bashRPC/internal/testhelpers" | ||
"github.com/google/uuid" | ||
"github.com/pkg/errors" | ||
) | ||
|
||
func fileExists(filename string) bool { | ||
info, err := os.Stat(filename) | ||
if os.IsNotExist(err) { | ||
return false | ||
|
||
} | ||
return !info.IsDir() | ||
|
||
} | ||
func TestInitSSL(t *testing.T) { | ||
id, _ := uuid.NewUUID() | ||
|
||
var ( | ||
testDir = "/tmp/bashrpc-testing" | ||
pkiDir = fmt.Sprintf("%s/test-%v", testDir, id) | ||
keyPath = pkiDir + "/pki/test-host.key" | ||
certPath = pkiDir + "/pki/test-host.cert" | ||
) | ||
|
||
Given("openssl is available on the machine") | ||
if out, err := exec.Command("openssl", "version").CombinedOutput(); err != nil { | ||
t.Error(errors.Wrap(err, string(out))) | ||
} | ||
|
||
When("an output directory is specified") | ||
if _, err := initSSL(certPath, keyPath); err != nil { | ||
t.Error(err) | ||
} | ||
|
||
Then("a SSL private key is generated") | ||
Assert(fileExists(keyPath), true, t) | ||
if out, err := exec.Command("openssl", "rsa", "-in", keyPath, "-check").CombinedOutput(); err != nil { | ||
t.Error(errors.Wrap(err, string(out))) | ||
} | ||
|
||
And("a SSL certificate is generated") | ||
Assert(fileExists(certPath), true, t) | ||
if out, err := exec.Command("openssl", "x509", "-in", certPath, "-text").CombinedOutput(); err != nil { | ||
t.Error(errors.Wrap(err, string(out))) | ||
} | ||
|
||
os.RemoveAll("/tmp/bashrpc") | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters