admin: always use normalized hexadecimal certificate ID
This commit is contained in:
parent
546cae869b
commit
9983542653
1 changed files with 7 additions and 6 deletions
|
|
@ -6,6 +6,7 @@ import (
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"crypto/x509/pkix"
|
"crypto/x509/pkix"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"math"
|
||||||
"math/big"
|
"math/big"
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
|
|
@ -14,15 +15,15 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func ClientCertificatePath(serial uint64) string {
|
func ClientCertificatePath(serial uint64) string {
|
||||||
return path.Join(PKIDir, fmt.Sprintf("%d", serial), "cert.pem")
|
return path.Join(PKIDir, fmt.Sprintf("%0[2]*[1]X", serial, int(math.Ceil(math.Log2(float64(serial))/8)*2)), "cert.pem")
|
||||||
}
|
}
|
||||||
|
|
||||||
func ClientPrivkeyPath(serial uint64) string {
|
func ClientPrivkeyPath(serial uint64) string {
|
||||||
return path.Join(PKIDir, fmt.Sprintf("%d", serial), "privkey.pem")
|
return path.Join(PKIDir, fmt.Sprintf("%0[2]*[1]X", serial, int(math.Ceil(math.Log2(float64(serial))/8)*2)), "privkey.pem")
|
||||||
}
|
}
|
||||||
|
|
||||||
func ClientP12Path(serial uint64) string {
|
func ClientP12Path(serial uint64) string {
|
||||||
return path.Join(PKIDir, fmt.Sprintf("%d", serial), "team.p12")
|
return path.Join(PKIDir, fmt.Sprintf("%0[2]*[1]X", serial, int(math.Ceil(math.Log2(float64(serial))/8)*2)), "team.p12")
|
||||||
}
|
}
|
||||||
|
|
||||||
func GenerateClient(serial uint64, notBefore time.Time, notAfter time.Time, parent_cert *x509.Certificate, parent_priv *ecdsa.PrivateKey) error {
|
func GenerateClient(serial uint64, notBefore time.Time, notAfter time.Time, parent_cert *x509.Certificate, parent_priv *ecdsa.PrivateKey) error {
|
||||||
|
|
@ -35,7 +36,7 @@ func GenerateClient(serial uint64, notBefore time.Time, notAfter time.Time, pare
|
||||||
OrganizationalUnit: []string{"SRS laboratory"},
|
OrganizationalUnit: []string{"SRS laboratory"},
|
||||||
Country: []string{"FR"},
|
Country: []string{"FR"},
|
||||||
Locality: []string{"Paris"},
|
Locality: []string{"Paris"},
|
||||||
CommonName: fmt.Sprintf("TEAM-%o", serial),
|
CommonName: fmt.Sprintf("TEAM-%0[2]*[1]X", serial, int(math.Ceil(math.Log2(float64(serial))/8)*2)),
|
||||||
},
|
},
|
||||||
NotBefore: notBefore,
|
NotBefore: notBefore,
|
||||||
NotAfter: notAfter,
|
NotAfter: notAfter,
|
||||||
|
|
@ -56,7 +57,7 @@ func GenerateClient(serial uint64, notBefore time.Time, notAfter time.Time, pare
|
||||||
}
|
}
|
||||||
|
|
||||||
// Create intermediate directory
|
// Create intermediate directory
|
||||||
os.MkdirAll(path.Join(PKIDir, fmt.Sprintf("%d", serial)), 0777)
|
os.MkdirAll(path.Join(PKIDir, fmt.Sprintf("%0[2]*[1]X", serial, int(math.Ceil(math.Log2(float64(serial))/8)*2))), 0777)
|
||||||
|
|
||||||
// Save certificate to file
|
// Save certificate to file
|
||||||
if err := saveCertificate(ClientCertificatePath(serial), client_b); err != nil {
|
if err := saveCertificate(ClientCertificatePath(serial), client_b); err != nil {
|
||||||
|
|
@ -75,7 +76,7 @@ func WriteP12(serial uint64, password string) error {
|
||||||
cmd := exec.Command("/usr/bin/openssl", "pkcs12", "-export",
|
cmd := exec.Command("/usr/bin/openssl", "pkcs12", "-export",
|
||||||
"-inkey", ClientPrivkeyPath(serial),
|
"-inkey", ClientPrivkeyPath(serial),
|
||||||
"-in", ClientCertificatePath(serial),
|
"-in", ClientCertificatePath(serial),
|
||||||
"-name", fmt.Sprintf("TEAM-%o", serial),
|
"-name", fmt.Sprintf("TEAM-%0[2]*[1]X", serial, int(math.Ceil(math.Log2(float64(serial))/8)*2)),
|
||||||
"-passout", "pass:" + password,
|
"-passout", "pass:" + password,
|
||||||
"-out", ClientP12Path(serial))
|
"-out", ClientP12Path(serial))
|
||||||
|
|
||||||
|
|
|
||||||
Reference in a new issue