fic
/
server
2
0
Fork 0
Code Issues Pull Requests 10 Releases Wiki Activity

admin: always use normalized hexadecimal certificate ID

This commit is contained in:
nemunaire 2020-01-15 10:54:03 +01:00
parent 546cae869b
commit 9983542653
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
admin/pki/client.go
View File

@ -6,6 +6,7 @@ import (
"crypto/x509"
"crypto/x509/pkix"
"fmt"
"math"
"math/big"
"os"
"os/exec"
@ -14,15 +15,15 @@ import (
)
func ClientCertificatePath(serial uint64) string {
return path.Join(PKIDir, fmt.Sprintf("%d", serial), "cert.pem")
return path.Join(PKIDir, fmt.Sprintf("%0[2]*[1]X", serial, int(math.Ceil(math.Log2(float64(serial))/8)*2)), "cert.pem")
}
func ClientPrivkeyPath(serial uint64) string {
return path.Join(PKIDir, fmt.Sprintf("%d", serial), "privkey.pem")
return path.Join(PKIDir, fmt.Sprintf("%0[2]*[1]X", serial, int(math.Ceil(math.Log2(float64(serial))/8)*2)), "privkey.pem")
}
func ClientP12Path(serial uint64) string {
return path.Join(PKIDir, fmt.Sprintf("%d", serial), "team.p12")
return path.Join(PKIDir, fmt.Sprintf("%0[2]*[1]X", serial, int(math.Ceil(math.Log2(float64(serial))/8)*2)), "team.p12")
}
func GenerateClient(serial uint64, notBefore time.Time, notAfter time.Time, parent_cert *x509.Certificate, parent_priv *ecdsa.PrivateKey) error {
@ -35,7 +36,7 @@ func GenerateClient(serial uint64, notBefore time.Time, notAfter time.Time, pare
OrganizationalUnit: []string{"SRS laboratory"},
Country: []string{"FR"},
Locality: []string{"Paris"},
CommonName: fmt.Sprintf("TEAM-%o", serial),
CommonName: fmt.Sprintf("TEAM-%0[2]*[1]X", serial, int(math.Ceil(math.Log2(float64(serial))/8)*2)),
},
NotBefore: notBefore,
NotAfter: notAfter,
@ -56,7 +57,7 @@ func GenerateClient(serial uint64, notBefore time.Time, notAfter time.Time, pare
}
// Create intermediate directory
os.MkdirAll(path.Join(PKIDir, fmt.Sprintf("%d", serial)), 0777)
os.MkdirAll(path.Join(PKIDir, fmt.Sprintf("%0[2]*[1]X", serial, int(math.Ceil(math.Log2(float64(serial))/8)*2))), 0777)
// Save certificate to file
if err := saveCertificate(ClientCertificatePath(serial), client_b); err != nil {
@ -75,7 +76,7 @@ func WriteP12(serial uint64, password string) error {
cmd := exec.Command("/usr/bin/openssl", "pkcs12", "-export",
"-inkey", ClientPrivkeyPath(serial),
"-in", ClientCertificatePath(serial),
"-name", fmt.Sprintf("TEAM-%o", serial),
"-name", fmt.Sprintf("TEAM-%0[2]*[1]X", serial, int(math.Ceil(math.Log2(float64(serial))/8)*2)),
"-passout", "pass:" + password,
"-out", ClientP12Path(serial))