From 467d976f0a5e466b5463d1fbeadb653afe52c908 Mon Sep 17 00:00:00 2001 From: Josh Rickmar Date: Fri, 10 Jan 2014 15:51:54 -0500 Subject: [PATCH] Switch to btcutil for certificate generation. --- sockets.go | 99 ++++++++---------------------------------------------- 1 file changed, 14 insertions(+), 85 deletions(-) diff --git a/sockets.go b/sockets.go index 0d23a01..1b45a83 100644 --- a/sockets.go +++ b/sockets.go @@ -18,26 +18,22 @@ package main import ( "code.google.com/p/go.net/websocket" - "crypto/ecdsa" - "crypto/elliptic" - "crypto/rand" "crypto/sha256" _ "crypto/sha512" // for cert generation "crypto/subtle" "crypto/tls" "crypto/x509" - "crypto/x509/pkix" "encoding/base64" "encoding/hex" "encoding/json" - "encoding/pem" "errors" "fmt" "github.com/conformal/btcjson" + "github.com/conformal/btcutil" "github.com/conformal/btcwallet/wallet" "github.com/conformal/btcws" "github.com/conformal/go-socks" - "math/big" + "io/ioutil" "net" "net/http" "os" @@ -124,7 +120,7 @@ func newServer(listenAddrs []string) (*server, error) { // Check for existence of cert file and key file if !fileExists(cfg.RPCKey) && !fileExists(cfg.RPCCert) { // if both files do not exist, we generate them. - err := genKey(cfg.RPCKey, cfg.RPCCert) + err := genCertPair(cfg.RPCKey, cfg.RPCCert) if err != nil { return nil, err } @@ -169,94 +165,27 @@ func newServer(listenAddrs []string) (*server, error) { return &s, nil } -// genkey generates a key/cert pair to the paths provided. -// TODO(oga) wrap errors with fmt.Errorf for more context? -func genKey(key, cert string) error { +// genCertPair generates a key/cert pair to the paths provided. +func genCertPair(certFile, keyFile string) error { log.Infof("Generating TLS certificates...") - priv, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader) + + org := "btcwallet autogenerated cert" + validUntil := time.Now().Add(10 * 365 * 24 * time.Hour) + cert, key, err := btcutil.NewTLSCertPair(org, validUntil, nil) if err != nil { return err } - notBefore := time.Now() - notAfter := notBefore.Add(10 * 365 * 24 * time.Hour) - - // end of ASN.1 time - endOfTime := time.Date(2049, 12, 31, 23, 59, 59, 0, time.UTC) - if notAfter.After(endOfTime) { - notAfter = endOfTime - } - - template := x509.Certificate{ - SerialNumber: new(big.Int).SetInt64(0), - Subject: pkix.Name{ - Organization: []string{"btcwallet autogenerated cert"}, - }, - NotBefore: notBefore, - NotAfter: notAfter, - - KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageCertSign, - ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, - IsCA: true, // so can sign self. - BasicConstraintsValid: true, - } - - host, err := os.Hostname() - if err != nil { + // Write cert and key files. + if err = ioutil.WriteFile(certFile, cert, 0666); err != nil { return err } - template.DNSNames = append(template.DNSNames, host, "localhost") - - needLocalhost := true - addrs, err := net.InterfaceAddrs() - if err != nil { + if err = ioutil.WriteFile(keyFile, key, 0600); err != nil { + os.Remove(certFile) return err } - for _, a := range addrs { - ip, _, err := net.ParseCIDR(a.String()) - if err == nil { - if ip.String() == "127.0.0.1" { - needLocalhost = false - } - template.IPAddresses = append(template.IPAddresses, ip) - } - } - if needLocalhost { - localHost := net.ParseIP("127.0.0.1") - template.IPAddresses = append(template.IPAddresses, localHost) - } - - derBytes, err := x509.CreateCertificate(rand.Reader, &template, - &template, &priv.PublicKey, priv) - if err != nil { - fmt.Fprintf(os.Stderr, "Failed to create certificate: %v\n", err) - os.Exit(-1) - } - - certOut, err := os.Create(cert) - if err != nil { - return err - } - pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) - certOut.Close() - - keyOut, err := os.OpenFile(key, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, - 0600) - if err != nil { - os.Remove(cert) - return err - } - keybytes, err := x509.MarshalECPrivateKey(priv) - if err != nil { - os.Remove(key) - os.Remove(cert) - return err - } - pem.Encode(keyOut, &pem.Block{Type: "EC PRIVATE KEY", Bytes: keybytes}) - keyOut.Close() - - log.Info("Done generating TLS certificates") + log.Infof("Done generating TLS certificates") return nil }