fic/server
Archived
1
0
Fork 0
Code Issues Pull requests 10 Releases Wiki Activity

pki: improve serial number generation + fix team association

Browse source 
Replace math/rand by crypto/rand.

Fix big when associating certificate with leading zero: nginx prepend 0 wherehas we don't.
This commit is contained in:
nemunaire 2018-02-02 20:29:16 +01:00
commit 68e5c4cd2b
5 changed files with 37 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

14
admin/pki/client.go
View file

@ -13,21 +13,23 @@ import (
"time"
)
func ClientCertificatePath(serial int64) string {
func ClientCertificatePath(serial uint64) string {
return path.Join(PKIDir, fmt.Sprintf("%d", serial), "cert.pem")
}
func ClientPrivkeyPath(serial int64) string {
func ClientPrivkeyPath(serial uint64) string {
return path.Join(PKIDir, fmt.Sprintf("%d", serial), "privkey.pem")
}
func ClientP12Path(serial int64) string {
func ClientP12Path(serial uint64) string {
return path.Join(PKIDir, fmt.Sprintf("%d", serial), "team.p12")
}
func GenerateClient(serial int64, notBefore time.Time, notAfter time.Time, parent_cert *x509.Certificate, parent_priv *ecdsa.PrivateKey) error {
func GenerateClient(serial uint64, notBefore time.Time, notAfter time.Time, parent_cert *x509.Certificate, parent_priv *ecdsa.PrivateKey) error {
var certid big.Int
certid.SetUint64(serial)
client := &x509.Certificate{
SerialNumber: big.NewInt(serial),
SerialNumber: &certid,
Subject: pkix.Name{
Organization: []string{"EPITA"},
OrganizationalUnit: []string{"SRS laboratory"},
@ -69,7 +71,7 @@ func GenerateClient(serial int64, notBefore time.Time, notAfter time.Time, paren
return nil
}
func WriteP12(serial int64, password string) error {
func WriteP12(serial uint64, password string) error {
cmd := exec.Command("/usr/bin/openssl", "pkcs12", "-export",
"-inkey", ClientPrivkeyPath(serial),
"-in", ClientCertificatePath(serial),