1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-26 13:29:12 -05:00
forgejo/cmd/cert.go

197 lines
4.9 KiB
Go
Raw Normal View History

// Copyright 2009 The Go Authors. All rights reserved.
// Copyright 2014 The Gogs Authors. All rights reserved.
// Copyright 2016 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package cmd
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"log"
"math/big"
"net"
"os"
"strings"
"time"
"github.com/urfave/cli/v2"
)
2016-11-04 07:42:18 -04:00
// CmdCert represents the available cert sub-command.
var CmdCert = &cli.Command{
Name: "cert",
Usage: "Generate self-signed certificate",
2016-11-04 07:42:18 -04:00
Description: `Generate a self-signed X.509 certificate for a TLS server.
Outputs to 'cert.pem' and 'key.pem' and will overwrite existing files.`,
Action: runCert,
Flags: []cli.Flag{
&cli.StringFlag{
Name: "host",
Value: "",
Usage: "Comma-separated hostnames and IPs to generate a certificate for",
},
&cli.StringFlag{
Name: "ecdsa-curve",
Value: "",
Usage: "ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521",
},
&cli.IntFlag{
Name: "rsa-bits",
Value: 3072,
Usage: "Size of RSA key to generate. Ignored if --ecdsa-curve is set",
},
&cli.StringFlag{
Name: "start-date",
Value: "",
Usage: "Creation date formatted as Jan 1 15:04:05 2011",
},
&cli.DurationFlag{
Name: "duration",
Value: 365 * 24 * time.Hour,
Usage: "Duration that certificate is valid for",
},
&cli.BoolFlag{
Name: "ca",
Usage: "whether this cert should be its own Certificate Authority",
},
},
}
func publicKey(priv any) any {
switch k := priv.(type) {
case *rsa.PrivateKey:
return &k.PublicKey
case *ecdsa.PrivateKey:
return &k.PublicKey
default:
return nil
}
}
func pemBlockForKey(priv any) *pem.Block {
switch k := priv.(type) {
case *rsa.PrivateKey:
return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k)}
case *ecdsa.PrivateKey:
b, err := x509.MarshalECPrivateKey(k)
if err != nil {
log.Fatalf("Unable to marshal ECDSA private key: %v", err)
}
return &pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
default:
return nil
}
}
func runCert(c *cli.Context) error {
if err := argsSet(c, "host"); err != nil {
return err
}
var priv any
var err error
switch c.String("ecdsa-curve") {
case "":
priv, err = rsa.GenerateKey(rand.Reader, c.Int("rsa-bits"))
case "P224":
priv, err = ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
case "P256":
priv, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
case "P384":
priv, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
case "P521":
priv, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
default:
log.Fatalf("Unrecognized elliptic curve: %q", c.String("ecdsa-curve"))
}
if err != nil {
log.Fatalf("Failed to generate private key: %v", err)
}
var notBefore time.Time
if startDate := c.String("start-date"); startDate != "" {
notBefore, err = time.Parse("Jan 2 15:04:05 2006", startDate)
if err != nil {
log.Fatalf("Failed to parse creation date: %v", err)
}
} else {
notBefore = time.Now()
}
notAfter := notBefore.Add(c.Duration("duration"))
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil {
log.Fatalf("Failed to generate serial number: %v", err)
}
template := x509.Certificate{
SerialNumber: serialNumber,
Subject: pkix.Name{
Organization: []string{"Acme Co"},
[BRANDING] cosmetic s/Gitea/Forgejo/ in logs, messages, etc. As the docs of codeberg refer to the strings printed by the Forgejo ssh servers, this is user-facing and is nice to update to the new product name. (cherry picked from commit 103991d73f0f78f31a5f1dae47824c2fe481bcc6) (cherry picked from commit 2a0d3f85f199d28a4180becdebcb90af0d6f3504) (cherry picked from commit eb2b4ce388810dc145dd90d3358d4d4373e31b80) (cherry picked from commit 0998b51716ef5d3c25e139886aa8b7bfde703b20) [BRANDING] forgejo log message (cherry picked from commit d51a046ebe774236f8b902c45486dc8cbd041e0e) (cherry picked from commit d66e1c7b6e2fbfefb976103805b18eb29b6406af) (cherry picked from commit b5bffe4ce8a8353c9e5529350a7932d4a2d9e53e) (cherry picked from commit 3fa776d8566c42ce31540024ce5bf5a6cb5cd4e4) (cherry picked from commit 18d064f47214327dc5b6c55c2d02a3da53358dbc) (cherry picked from commit c95094e355212d4baf607f3778152ceb455d4f82) (cherry picked from commit 5784290bc46afffca9b93e0faa3bd88944e54919) (cherry picked from commit aee336886b2606beaf8c27a2992c21aa2a574966) (cherry picked from commit ec2f60b516b1ee11b5e7c52ecb02fdf8e5bbcaec) (cherry picked from commit 7af742a28469d6725248d5519e69217b844ed792) (cherry picked from commit f279e2a264ae028ab511ba61a71e00739dc5020a) (cherry picked from commit fd38cfb14eebe34dc72b8358479e53d27fe01180) (cherry picked from commit 64c82266183943f062016479c2d1868ccdee2cec) (cherry picked from commit b546fb23042c6d231ce29241d1991c9cb1bf1bba) (cherry picked from commit ad102021776a8dd407ef19cbfadc42b3ca7fabd5) (cherry picked from commit c89cab9c2b019a592dffe4b6de29482feca1bb33) (cherry picked from commit 9579322ec2eec40cb8f113458c1d5669f5d4b818) (cherry picked from commit 16b44ad18de82b0429a8b0a05ed93445d1524241) (cherry picked from commit 2571ff703b77cc8527f37f82c36e9260a80ac673) (cherry picked from commit ad61d9ce9b93503b04deb9ecdb5f214566caf820) (cherry picked from commit 9b2c45d4d3b1c6401a3d7d0a5544213e1486ab9e) (cherry picked from commit ed01b79a598a0698324392dab66a2cd3d41c628c) (cherry picked from commit d040b664279292f9f7304f96db0d172672c1e904) (cherry picked from commit ffe0bbea48d036c26149d98856add938bb08a475) (cherry picked from commit 4c1b2c409bb90a0c2876f3a7323cf162a7e58765) (cherry picked from commit 3d8338ed106cb6260a4dae249ddef71489c47357) (cherry picked from commit a92f044ea96bbe9c47689455a417e4f1bc3cd648) [BRANDING] link to forgejo.org/docs instead of docs.gitea.io (cherry picked from commit 3efafd0e083eb331ce06681351a40c4f46d7c96f) (cherry picked from commit 148185e34b2be36fa46e8630928ee64a73768883) (cherry picked from commit 834e264698f710049f20491b91b3c39b853de867) (cherry picked from commit e72fa6eb1ef8f4355197ced3c619d8ff6d9c1c9f) [BRANDING] link to forgejo.org/docs instead of docs.gitea.io Fix the link that was 404. (cherry picked from commit ae515d7258602a0fe4bb4471f2017e4ccc7dd0e7) (cherry picked from commit facc2367f0e5fc1e1162cc2478a658f050c07718) (cherry picked from commit 25784b9f21a37d9161b050503b0d45d87cd8863d) (cherry picked from commit 2efc6138d92e958ee6a6091e579fa269aea45ce4) (cherry picked from commit b9d0871631ef70abe88de64ccbabcfc94a49274b) (cherry picked from commit f0446e51b9c2268f274a1c4b8c25abfcf417975c) (cherry picked from commit 1638aa67fb384bdcd97386861054447a8d53e832) (cherry picked from commit 290db6a018d4f82173446799b8726a320c209bb4) (cherry picked from commit 89b87cf5426b7407ba0e23912fbbd3c521a8bae4) (cherry picked from commit 656ed949625652a3a0e8d0b1381e76f75688e461) (cherry picked from commit 036f879f96d606af691326474cefe77441c8c4ed) (cherry picked from commit 69eea35f813d03f578ca143e45292289b0ad92a8) (cherry picked from commit b72e3f4a92a04ac065b5b72ca25f7eb0c96ba69d) (cherry picked from commit af606b8574d67c8c7a3699cf41d6a96fc3852547) (cherry picked from commit 7e47f8135c08be3f48ccad6b8d8a940bc5713e53) (cherry picked from commit 0e5218cc5374a0e16a273298f862dd3d6cebe020) (cherry picked from commit 7c2a20a528a6911412986ff8eb479f3a19d7f226) (cherry picked from commit 4e94006363227435b53769b92882b51a6109ba52) (cherry picked from commit e47cdfc43fb693dfd0507bb1fe943da41fd2ebb4) (cherry picked from commit 1dcb3e1da4ab4d8dbb659e87c4f542245b066409) (cherry picked from commit 67367c4e0f4b755879350e9311e44deff95c137c) (cherry picked from commit 252087d1ffcae00dfa7e8edc7face8775412d4cc) (cherry picked from commit f5977a43e5cb2c869af0cd8c993cd0d3eeccb622) Conflicts: templates/base/head_navbar.tmpl https://codeberg.org/forgejo/forgejo/pulls/1351 (cherry picked from commit 594938eb1505f6d81d8c0cce84a34c20a18b5c7a) (cherry picked from commit 0257d038a7416fd208571d8be0a14a9ea6ac4d95) (cherry picked from commit 72821dd14052505814df556e09a500981256f709) [BRANDING] s/gitea/forgejo/ in HTML placeholders Replaced Gitea branding with Forgejo for input placeholders Closes: #686 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/752 (cherry picked from commit 6160d37ca972566017aee46b2ef42f398f969dca) (cherry picked from commit df61138c7eaa25068fe0012644fd15b407a4816e) (cherry picked from commit 1f30566c3f63925ca56eaa21b4fa580b4bb1ffaf) (cherry picked from commit 539bb825f555585f0a52ea4c8747c5b589254633) (cherry picked from commit bee0f66c869d2632a1ad3cda731caaba74c3634c) (cherry picked from commit 60ad005c95a6d53f615a720445eef77e4bc499ef) (cherry picked from commit 282e26222ef4aea1720b4b121ac29264876069c7) (cherry picked from commit f9ca551f3dbc0f75250445b4e731396dc34fc041) (cherry picked from commit b2e04b04c381549557873b1956065dc5a5132a97) (cherry picked from commit c8f395a03c688bcc1413c6ed6b6f820aab7851d5) (cherry picked from commit 0d58ce49aeefd43b3316c0238dcd04e019b6be25) (cherry picked from commit c602ddf91efd95347de433cfad8ac20995d12283) (cherry picked from commit 029e37271ead5405daa11945bd64104f12c8ba77) (cherry picked from commit fdaa96b3ccca76cba877f8f5dafcf4cf9d160af8) (cherry picked from commit 515d99e27d5db12c5495e31e104ccb6b7ad0ce7a) (cherry picked from commit da73274ba1cb55d1c425b95890a55aecee2bb246) (cherry picked from commit ce90b696a01619d86ac7dac7b0cd78be8f06e4b1) (cherry picked from commit b6bf98763be1855b5613dc8db627fd889bff8308) (cherry picked from commit 5b380d22d78568c2c4f26a3e8aa90a42006969e9) [BRANDING] How to start a runner: URL to Actions admin documentation (cherry picked from commit da91799e6f06ac3c91c1cfc763f4ec0b5cc3cf21) (cherry picked from commit 28231663b634f6d877173ba4956f6c0a5d128b2b) (cherry picked from commit 533a90345bb0236c8fc088f2ab1b92535f8a4269) (cherry picked from commit 6a0e4e55dd02beff179b8503259d1cc774e8e81b) (cherry picked from commit f47cd611c68f9da2df9b0e5e0a8332f6fcc17932) (cherry picked from commit 001264b7840aaad6aa25e0b06a927300751ef20e) (cherry picked from commit e4099e9bb9f557e99bb0117eaf6ad88467684527) (cherry picked from commit 3a1885649ff1dcaf5acdb1bb237c477a92aeb01f) (cherry picked from commit c42802c710c0fce2eea06a93a7f4373557515616) (cherry picked from commit a611ce8d6d293573534d4ce1efde81d32129723a) (cherry picked from commit a3d7d10a80ba6104ee6f260290518936b210c16b) (cherry picked from commit 52adde671f8dcb309235506a3c39a38db87e9537) (cherry picked from commit c9a3820fef10ef0b20e52f5f70d7794dde0974b3) (cherry picked from commit dce40997c956244742325b5b10d13e8ec918082c) (cherry picked from commit 312a6b92f384fdb09fc26e5da5a4acf0680ff698) [BRANDING] package templates & links - Change Gitea to Forgejo where necessary. - Point all documentation to Forgejo's documentation. - Resolves #992 (cherry picked from commit d0b78a6edea0abba54ef537781234d8f778e0ad8) (cherry picked from commit e2382f30ba07586fd3ea4c8a535ab550ecc33408) (cherry picked from commit c41cf05a334944a66129425c4a9abb973fbb4687) (cherry picked from commit 797e598ae73441c66f25849bf643e0c11a737c41) (cherry picked from commit 970031a1c2974cf0c6ce057ad82afdd6380f6882) (cherry picked from commit 0c1180e2e142852248787185e2c01582413de8c3) Conflicts: templates/package/content/alpine.tmpl templates/package/content/cargo.tmpl templates/package/content/chef.tmpl templates/package/content/composer.tmpl templates/package/content/conan.tmpl templates/package/content/conda.tmpl templates/package/content/container.tmpl templates/package/content/cran.tmpl templates/package/content/debian.tmpl templates/package/content/generic.tmpl templates/package/content/go.tmpl templates/package/content/helm.tmpl templates/package/content/maven.tmpl templates/package/content/npm.tmpl templates/package/content/nuget.tmpl templates/package/content/pub.tmpl templates/package/content/pypi.tmpl templates/package/content/rpm.tmpl templates/package/content/rubygems.tmpl templates/package/content/swift.tmpl templates/package/content/vagrant.tmpl https://codeberg.org/forgejo/forgejo/pulls/1351 (cherry picked from commit 42ac9ff2abe55826047c36e041f1bcd70caf7581) (cherry picked from commit e390000bcee673c2d15c8777c2d2da316967ce62) (cherry picked from commit 56a437b29b71976b9b0816d0de2ce8169a84f288) Conflicts: templates/package/content/cargo.tmpl https://codeberg.org/forgejo/forgejo/pulls/1466 [BRANDING] s/Gitea/Forgejo/ in user visible help & comments - Modify the README of the docker directory to point to the relevant docker files and documentation for Forgejo. (cherry picked from commit aca6371215c1bf95b6c0b19b9fadb797544adc48) (cherry picked from commit 0ba96b1bc4c4df84ce3dca9875ad4a9ac8f1f759) (cherry picked from commit 5c8e6b53f164dd16b527c603a3089735ff16df89) Conflicts: docker/README.md https://codeberg.org/forgejo/forgejo/pulls/1351 (cherry picked from commit b3121c8004f675b31482cdbd564f9a830be48acd) (cherry picked from commit 607f8704163bd24bfc7ff1d6a812b5e887746797) (cherry picked from commit 191d96afe4198d3b6498aa21eaeb7686a59865bc) [BRANDING] healthcheck/check.go (cherry picked from commit d703a236cebadc0186b7b2431b3b42a54b3d1f09) (cherry picked from commit d84ce3ff2098e9ba3c7241605ea25951dcb57ca6) (cherry picked from commit 2dbb8446069c79017dcc4a9921dffcb73594d02c) (cherry picked from commit 14d3ae7e3ae67dff3443db17e4373e5947ed6c6c) [BRANDING] s/Gitea/Forgejo/g in CLI output (cherry picked from commit 7543c126bbb78d5d29c253a88b56ccd2dd394928) (cherry picked from commit b66f422fc3b9018aa948a869045cb3684e80f5f2) (cherry picked from commit a81e4e46f3b0e619cea959de5ffde2e811d6008e) [BRANDING] Gitea->Forgejo in mailer code (cherry picked from commit b91afea4ff5e092452b5848900fc426b1c7289d5) (cherry picked from commit 5d7428167c8ee5f25fb719f32a561472ef1aee68) (cherry picked from commit ed8101ba6cc87526554a69f58a49507a79eadb35) [BRANDING] use 'Forgejo' for Discord, Packagist, and Slack webhooks Refs: https://codeberg.org/forgejo/forgejo/issues/1387 (cherry picked from commit 7dc3a05f5b9013a0696f071ebea4d2403c1c36a8) (cherry picked from commit 133f2fc6cc2e977a5f7660ca4c214c92ac036421) [BRANDING] cmd/manager.go (cherry picked from commit d1dba2c79db63a6fc23e6bbab2b8dcbdaf43b679) [BRANDING] pyproject.toml (cherry picked from commit 7e8c868db2d5331778a87b5a1b493a81bf6863a4) (cherry picked from commit 2395995c8b61c0674278db4321aa7d79e4c0eb91) (cherry picked from commit dd6fbbf332f7833175634ef6d48eb5ad384aabb9) Conflicts: templates/package/content/cargo.tmpl https://codeberg.org/forgejo/forgejo/pulls/1548 (cherry picked from commit 6f9a5d5cabc9bf7b57dc199a332261b8fe53e52d) (cherry picked from commit d0635c4a07bb080e509f5578a995c7378b995691) (cherry picked from commit 5d3b4594df9af99c8962aa99f0b628e8fb2e89fe) (cherry picked from commit 6da3b43eff5b77ebc75cb5d38e4ddab6fa18a61b) (cherry picked from commit b60dfaba10158abaa279049fbb064354cd67baab) (cherry picked from commit bcb9bb4deea857ae8c7e888680423fdc89676077) (cherry picked from commit d5301b6a24011ea2826a79f834cda45290bb259a)
2023-01-09 08:01:00 -05:00
CommonName: "Forgejo",
},
NotBefore: notBefore,
NotAfter: notAfter,
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
}
hosts := strings.Split(c.String("host"), ",")
for _, h := range hosts {
if ip := net.ParseIP(h); ip != nil {
template.IPAddresses = append(template.IPAddresses, ip)
} else {
template.DNSNames = append(template.DNSNames, h)
}
}
if c.Bool("ca") {
template.IsCA = true
template.KeyUsage |= x509.KeyUsageCertSign
}
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv)
if err != nil {
log.Fatalf("Failed to create certificate: %v", err)
}
certOut, err := os.Create("cert.pem")
if err != nil {
log.Fatalf("Failed to open cert.pem for writing: %v", err)
}
2019-06-12 15:41:28 -04:00
err = pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
if err != nil {
log.Fatalf("Failed to encode certificate: %v", err)
}
err = certOut.Close()
if err != nil {
log.Fatalf("Failed to write cert: %v", err)
}
log.Println("Written cert.pem")
keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o600)
if err != nil {
log.Fatalf("Failed to open key.pem for writing: %v", err)
}
2019-06-12 15:41:28 -04:00
err = pem.Encode(keyOut, pemBlockForKey(priv))
if err != nil {
log.Fatalf("Failed to encode key: %v", err)
}
err = keyOut.Close()
if err != nil {
log.Fatalf("Failed to write key: %v", err)
}
log.Println("Written key.pem")
return nil
}