.

2024-01-28 17:38:37 +03:30
parent b7e0bc0f4a
commit a5435e6101
20 changed files with 1145 additions and 0 deletions
--- a/utils/certificate_li.go
+++ b/utils/certificate_li.go
@@ -0,0 +1,91 @@
+//go:build !windows
+
+package utils
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/tls"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"io/ioutil"
+	"math/big"
+	"os"
+	"time"
+)
+
+func GenerateCertificate(certPath, keyPath string, isServer bool) {
+	priv, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
+	if err != nil {
+		panic(err)
+	}
+
+	notBefore := time.Now()
+	notAfter := notBefore.Add(365 * 24 * time.Hour)
+
+	var keyUsage x509.KeyUsage
+	var extKeyUsage []x509.ExtKeyUsage
+
+	if isServer {
+		keyUsage = x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature
+		extKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}
+	} else {
+		keyUsage = x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature
+		extKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}
+	}
+
+	template := x509.Certificate{
+		SerialNumber:          big.NewInt(1),
+		Subject:               pkix.Name{Organization: []string{"Secure data transfer"}},
+		NotBefore:             notBefore,
+		NotAfter:              notAfter,
+		KeyUsage:              keyUsage,
+		ExtKeyUsage:           extKeyUsage,
+		BasicConstraintsValid: true,
+	}
+
+	certDER, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
+	if err != nil {
+		panic(err)
+	}
+
+	certFile, err := os.Create(certPath)
+	if err != nil {
+		panic(err)
+	}
+	defer certFile.Close()
+	certFile.Chmod(600)
+	pem.Encode(certFile, &pem.Block{Type: "CERTIFICATE", Bytes: certDER})
+
+	keyFile, err := os.Create(keyPath)
+	if err != nil {
+		panic(err)
+	}
+	defer keyFile.Close()
+	privBytes, err := x509.MarshalECPrivateKey(priv)
+	if err != nil {
+		panic(err)
+	}
+	keyFile.Chmod(600)
+	pem.Encode(keyFile, &pem.Block{Type: "EC PRIVATE KEY", Bytes: privBytes})
+}
+
+func LoadCertificate(certPath, keyPath string) tls.Certificate {
+	cert, err := tls.LoadX509KeyPair(certPath, keyPath)
+	if err != nil {
+		panic(err)
+	}
+	return cert
+}
+
+func LoadClientCA(certPath string) *x509.CertPool {
+	pool := x509.NewCertPool()
+	certPEM, err := ioutil.ReadFile(certPath)
+	if err != nil {
+		panic(err)
+	}
+	pool.AppendCertsFromPEM(certPEM)
+	return pool
+}