pogpp/lego
1
0
Fork 0
forked from TrueCloudLab/lego
Code Pull requests Activity

fix: CLI and key type. (#790)

Browse source
This commit is contained in:
Ludovic Fernandez 2019-02-08 19:29:28 +01:00 committed by GitHub
parent 86d709a1c6
commit 9409b92ed5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 19 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
certcrypto/crypto.go
View file

@ -124,6 +124,10 @@ func GenerateCSR(privateKey crypto.PrivateKey, domain string, san []string, must
} }
func PEMEncode(data interface{}) []byte { func PEMEncode(data interface{}) []byte {
return pem.EncodeToMemory(PEMBlock(data))
}
func PEMBlock(data interface{}) *pem.Block {
var pemBlock *pem.Block var pemBlock *pem.Block
switch key := data.(type) { switch key := data.(type) {
case *ecdsa.PrivateKey: case *ecdsa.PrivateKey:
@ -137,7 +141,7 @@ func PEMEncode(data interface{}) []byte {
pemBlock = &pem.Block{Type: "CERTIFICATE", Bytes: []byte(data.(DERCertificateBytes))} pemBlock = &pem.Block{Type: "CERTIFICATE", Bytes: []byte(data.(DERCertificateBytes))}
} }
return pem.EncodeToMemory(pemBlock) return pemBlock
} }
func pemDecode(data []byte) (*pem.Block, error) { func pemDecode(data []byte) (*pem.Block, error) {

24
cmd/accounts_storage.go
View file

@ -2,9 +2,6 @@ package cmd
import ( import (
"crypto" "crypto"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/x509" "crypto/x509"
"encoding/json" "encoding/json"
"encoding/pem" "encoding/pem"
@ -17,6 +14,7 @@ import (
"strings" "strings"
"github.com/urfave/cli" "github.com/urfave/cli"
"github.com/xenolf/lego/certcrypto"
"github.com/xenolf/lego/lego" "github.com/xenolf/lego/lego"
"github.com/xenolf/lego/log" "github.com/xenolf/lego/log"
"github.com/xenolf/lego/registration" "github.com/xenolf/lego/registration"
@ -157,14 +155,14 @@ func (s *AccountsStorage) LoadAccount(privateKey crypto.PrivateKey) *Account {
return &account return &account
} }
func (s *AccountsStorage) GetPrivateKey() crypto.PrivateKey { func (s *AccountsStorage) GetPrivateKey(keyType certcrypto.KeyType) crypto.PrivateKey {
accKeyPath := filepath.Join(s.keysPath, s.userID+".key") accKeyPath := filepath.Join(s.keysPath, s.userID+".key")
if _, err := os.Stat(accKeyPath); os.IsNotExist(err) { if _, err := os.Stat(accKeyPath); os.IsNotExist(err) {
log.Printf("No key found for account %s. Generating a curve P384 EC key.", s.userID) log.Printf("No key found for account %s. Generating a %s key.", s.userID, keyType)
s.createKeysFolder() s.createKeysFolder()
privateKey, err := generatePrivateKey(accKeyPath) privateKey, err := generatePrivateKey(accKeyPath, keyType)
if err != nil { if err != nil {
log.Fatalf("Could not generate RSA private account key for account %s: %v", s.userID, err) log.Fatalf("Could not generate RSA private account key for account %s: %v", s.userID, err)
} }
@ -187,26 +185,20 @@ func (s *AccountsStorage) createKeysFolder() {
} }
} }
func generatePrivateKey(file string) (crypto.PrivateKey, error) { func generatePrivateKey(file string, keyType certcrypto.KeyType) (crypto.PrivateKey, error) {
privateKey, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) privateKey, err := certcrypto.GeneratePrivateKey(keyType)
if err != nil { if err != nil {
return nil, err return nil, err
} }
keyBytes, err := x509.MarshalECPrivateKey(privateKey)
if err != nil {
return nil, err
}
pemKey := pem.Block{Type: "EC PRIVATE KEY", Bytes: keyBytes}
certOut, err := os.Create(file) certOut, err := os.Create(file)
if err != nil { if err != nil {
return nil, err return nil, err
} }
defer certOut.Close() defer certOut.Close()
err = pem.Encode(certOut, &pemKey) pemKey := certcrypto.PEMBlock(privateKey)
err = pem.Encode(certOut, pemKey)
if err != nil { if err != nil {
return nil, err return nil, err
} }

2
cmd/flags.go
View file

@ -42,7 +42,7 @@ func CreateFlags(defaultPath string) []cli.Flag {
}, },
cli.StringFlag{ cli.StringFlag{
Name: "key-type, k", Name: "key-type, k",
Value: "rsa2048", Value: "ec384",
Usage: "Key type to use for private keys. Supported: rsa2048, rsa4096, rsa8192, ec256, ec384.", Usage: "Key type to use for private keys. Supported: rsa2048, rsa4096, rsa8192, ec256, ec384.",
}, },
cli.StringFlag{ cli.StringFlag{

9
cmd/setup.go
View file

@ -19,7 +19,8 @@ import (
const filePerm os.FileMode = 0600 const filePerm os.FileMode = 0600
func setup(ctx *cli.Context, accountsStorage *AccountsStorage) (*Account, *lego.Client) { func setup(ctx *cli.Context, accountsStorage *AccountsStorage) (*Account, *lego.Client) {
privateKey := accountsStorage.GetPrivateKey() keyType := getKeyType(ctx)
privateKey := accountsStorage.GetPrivateKey(keyType)
var account *Account var account *Account
if accountsStorage.ExistsAccountFilePath() { if accountsStorage.ExistsAccountFilePath() {
@ -28,17 +29,17 @@ func setup(ctx *cli.Context, accountsStorage *AccountsStorage) (*Account, *lego.
account = &Account{Email: accountsStorage.GetUserID(), key: privateKey} account = &Account{Email: accountsStorage.GetUserID(), key: privateKey}
} }
client := newClient(ctx, account) client := newClient(ctx, account, keyType)
return account, client return account, client
} }
func newClient(ctx *cli.Context, acc registration.User) *lego.Client { func newClient(ctx *cli.Context, acc registration.User, keyType certcrypto.KeyType) *lego.Client {
config := lego.NewConfig(acc) config := lego.NewConfig(acc)
config.CADirURL = ctx.GlobalString("server") config.CADirURL = ctx.GlobalString("server")
config.Certificate = lego.CertificateConfig{ config.Certificate = lego.CertificateConfig{
KeyType: getKeyType(ctx), KeyType: keyType,
Timeout: time.Duration(ctx.GlobalInt("cert.timeout")) * time.Second, Timeout: time.Duration(ctx.GlobalInt("cert.timeout")) * time.Second,
} }
config.UserAgent = fmt.Sprintf("lego-cli/%s", ctx.App.Version) config.UserAgent = fmt.Sprintf("lego-cli/%s", ctx.App.Version)