mirror of
https://github.com/mickael-kerjean/filestash.git
synced 2025-10-28 04:05:21 +08:00
74 lines
1.6 KiB
Go
74 lines
1.6 KiB
Go
package ssl
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"crypto/x509"
|
|
"encoding/pem"
|
|
"io"
|
|
"os"
|
|
)
|
|
|
|
func GetCertificate(key *rsa.PrivateKey, root *x509.Certificate) (*x509.Certificate, []byte, error) {
|
|
if cert, certPEM, err := pullCertificateFromFS(); err == nil {
|
|
return cert, certPEM, nil
|
|
}
|
|
cert, certPEM, err := generateNewCertificate(root, key)
|
|
if err != nil {
|
|
Clear()
|
|
return nil, nil, err
|
|
}
|
|
if err = saveCertificateToFS(certPEM); err != nil {
|
|
Clear()
|
|
return nil, nil, err
|
|
}
|
|
return cert, certPEM, nil
|
|
}
|
|
|
|
func generateNewCertificate(root *x509.Certificate, key *rsa.PrivateKey) (*x509.Certificate, []byte, error) {
|
|
certDER, err := x509.CreateCertificate(rand.Reader, root, root, &key.PublicKey, key)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
cert, err := x509.ParseCertificate(certDER)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
return cert, pem.EncodeToMemory(&pem.Block{
|
|
Type: "CERTIFICATE", Bytes: certDER,
|
|
}), nil
|
|
}
|
|
|
|
func pullCertificateFromFS() (*x509.Certificate, []byte, error) {
|
|
file, err := os.OpenFile(certPEMPath(), os.O_RDONLY, os.ModePerm)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
defer file.Close()
|
|
certPEM, err := io.ReadAll(file)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
block, _ := pem.Decode(certPEM)
|
|
cert, err := x509.ParseCertificate(block.Bytes)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
return cert, certPEM, nil
|
|
}
|
|
|
|
func saveCertificateToFS(certPEM []byte) error {
|
|
file, err := os.OpenFile(certPEMPath(), os.O_WRONLY|os.O_CREATE, 0600)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
_, err = file.Write(certPEM)
|
|
file.Close()
|
|
return err
|
|
|
|
}
|
|
|
|
func clearCert() {
|
|
os.Remove(certPEMPath())
|
|
}
|