admin: always use normalized hexadecimal certificate ID
This commit is contained in:
parent
546cae869b
commit
9983542653
|
@ -6,6 +6,7 @@ import (
|
|||
"crypto/x509"
|
||||
"crypto/x509/pkix"
|
||||
"fmt"
|
||||
"math"
|
||||
"math/big"
|
||||
"os"
|
||||
"os/exec"
|
||||
|
@ -14,15 +15,15 @@ import (
|
|||
)
|
||||
|
||||
func ClientCertificatePath(serial uint64) string {
|
||||
return path.Join(PKIDir, fmt.Sprintf("%d", serial), "cert.pem")
|
||||
return path.Join(PKIDir, fmt.Sprintf("%0[2]*[1]X", serial, int(math.Ceil(math.Log2(float64(serial))/8)*2)), "cert.pem")
|
||||
}
|
||||
|
||||
func ClientPrivkeyPath(serial uint64) string {
|
||||
return path.Join(PKIDir, fmt.Sprintf("%d", serial), "privkey.pem")
|
||||
return path.Join(PKIDir, fmt.Sprintf("%0[2]*[1]X", serial, int(math.Ceil(math.Log2(float64(serial))/8)*2)), "privkey.pem")
|
||||
}
|
||||
|
||||
func ClientP12Path(serial uint64) string {
|
||||
return path.Join(PKIDir, fmt.Sprintf("%d", serial), "team.p12")
|
||||
return path.Join(PKIDir, fmt.Sprintf("%0[2]*[1]X", serial, int(math.Ceil(math.Log2(float64(serial))/8)*2)), "team.p12")
|
||||
}
|
||||
|
||||
func GenerateClient(serial uint64, notBefore time.Time, notAfter time.Time, parent_cert *x509.Certificate, parent_priv *ecdsa.PrivateKey) error {
|
||||
|
@ -35,7 +36,7 @@ func GenerateClient(serial uint64, notBefore time.Time, notAfter time.Time, pare
|
|||
OrganizationalUnit: []string{"SRS laboratory"},
|
||||
Country: []string{"FR"},
|
||||
Locality: []string{"Paris"},
|
||||
CommonName: fmt.Sprintf("TEAM-%o", serial),
|
||||
CommonName: fmt.Sprintf("TEAM-%0[2]*[1]X", serial, int(math.Ceil(math.Log2(float64(serial))/8)*2)),
|
||||
},
|
||||
NotBefore: notBefore,
|
||||
NotAfter: notAfter,
|
||||
|
@ -56,7 +57,7 @@ func GenerateClient(serial uint64, notBefore time.Time, notAfter time.Time, pare
|
|||
}
|
||||
|
||||
// Create intermediate directory
|
||||
os.MkdirAll(path.Join(PKIDir, fmt.Sprintf("%d", serial)), 0777)
|
||||
os.MkdirAll(path.Join(PKIDir, fmt.Sprintf("%0[2]*[1]X", serial, int(math.Ceil(math.Log2(float64(serial))/8)*2))), 0777)
|
||||
|
||||
// Save certificate to file
|
||||
if err := saveCertificate(ClientCertificatePath(serial), client_b); err != nil {
|
||||
|
@ -75,7 +76,7 @@ func WriteP12(serial uint64, password string) error {
|
|||
cmd := exec.Command("/usr/bin/openssl", "pkcs12", "-export",
|
||||
"-inkey", ClientPrivkeyPath(serial),
|
||||
"-in", ClientCertificatePath(serial),
|
||||
"-name", fmt.Sprintf("TEAM-%o", serial),
|
||||
"-name", fmt.Sprintf("TEAM-%0[2]*[1]X", serial, int(math.Ceil(math.Log2(float64(serial))/8)*2)),
|
||||
"-passout", "pass:" + password,
|
||||
"-out", ClientP12Path(serial))
|
||||
|
||||
|
|
Loading…
Reference in New Issue