Skip to content

Commit

Permalink
Implement creation of CA certificate and key
Browse files Browse the repository at this point in the history
  • Loading branch information
@dvob
dvob committed Jan 23, 2023
1 parent d189456 commit fd6e9d5
Show file tree
Hide file tree
Showing 3 changed files with 92 additions and 0 deletions.
2 changes: 2 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
@@ -1 +1,3 @@
/go-proxy
/proxy-ca.crt
/proxy-ca.key
71 changes: 71 additions & 0 deletions cert.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
package main

import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"math/big"
"os"
"time"
)

func createCA(caCertFile, caKeyFile string) error {
serial, err := getRandomSerialNumber()
if err != nil {
return err
}

caCert := &x509.Certificate{
SerialNumber: serial,
BasicConstraintsValid: true,
IsCA: true,
KeyUsage: x509.KeyUsageKeyEncipherment |
x509.KeyUsageDigitalSignature |
x509.KeyUsageCertSign |
x509.KeyUsageCRLSign,
NotBefore: time.Now(),
NotAfter: time.Now().Add(time.Hour * 24 * 365 * 10),
Subject: pkix.Name{
CommonName: "Proxy CA",
},
}

key, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
return err
}

caCertDER, err := x509.CreateCertificate(rand.Reader, caCert, caCert, key.Public(), key)
if err != nil {
return err
}
caCertPEM := &pem.Block{
Type: "CERTIFICATE",
Bytes: caCertDER,
}
err = os.WriteFile(caCertFile, pem.EncodeToMemory(caCertPEM), 0640)
if err != nil {
return err
}

caKeyDER, err := x509.MarshalPKCS8PrivateKey(key)
if err != nil {
return err
}
caKeyPEM := &pem.Block{
Type: "PRIVATE KEY",
Bytes: caKeyDER,
}
err = os.WriteFile(caKeyFile, pem.EncodeToMemory(caKeyPEM), 0600)
if err != nil {
return err
}
return nil
}

func getRandomSerialNumber() (*big.Int, error) {
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
return rand.Int(rand.Reader, serialNumberLimit)
}
19 changes: 19 additions & 0 deletions main.go
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package main

import (
"flag"
"io"
"log"
"net"
Expand Down Expand Up @@ -65,6 +66,24 @@ func forward(w http.ResponseWriter, r *http.Request) {
}

func main() {
var (
doCreateCA bool
caCertFile = "proxy-ca.crt"
caKeyFile = "proxy-ca.key"
)

flag.BoolVar(&doCreateCA, "create-ca", false, "create a CA for the proxy")
flag.Parse()

if doCreateCA {
err := createCA(caCertFile, caKeyFile)
if err != nil {
log.Print(err)
os.Exit(1)
}
return
}

handler := logRequest(func(w http.ResponseWriter, r *http.Request) {
if r.Method == "CONNECT" {
tunnel(w, r)
Expand Down

0 comments on commit fd6e9d5

Please sign in to comment.