
23 changed files with 312 additions and 398 deletions
@ -1,172 +0,0 @@
|
||||
// Copyright 2009 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
//go:build ignore
|
||||
|
||||
// Generate a self-signed X.509 certificate for a TLS server. Outputs to
|
||||
// 'cert.pem' and 'key.pem' and will overwrite existing files.
|
||||
|
||||
package main |
||||
|
||||
import ( |
||||
"crypto/ecdsa" |
||||
"crypto/ed25519" |
||||
"crypto/elliptic" |
||||
"crypto/rand" |
||||
"crypto/rsa" |
||||
"crypto/x509" |
||||
"crypto/x509/pkix" |
||||
"encoding/pem" |
||||
"flag" |
||||
"log" |
||||
"math/big" |
||||
"net" |
||||
"os" |
||||
"strings" |
||||
"time" |
||||
) |
||||
|
||||
var ( |
||||
host = flag.String("host", "", "Comma-separated hostnames and IPs to generate a certificate for") |
||||
validFrom = flag.String("start-date", "", "Creation date formatted as Jan 1 15:04:05 2011") |
||||
validFor = flag.Duration("duration", 365*24*time.Hour, "Duration that certificate is valid for") |
||||
isCA = flag.Bool("ca", false, "whether this cert should be its own Certificate Authority") |
||||
rsaBits = flag.Int("rsa-bits", 2048, "Size of RSA key to generate. Ignored if --ecdsa-curve is set") |
||||
ecdsaCurve = flag.String("ecdsa-curve", "", "ECDSA curve to use to generate a key. Valid values are P224, P256 (recommended), P384, P521") |
||||
ed25519Key = flag.Bool("ed25519", false, "Generate an Ed25519 key") |
||||
) |
||||
|
||||
func publicKey(priv any) any { |
||||
switch k := priv.(type) { |
||||
case *rsa.PrivateKey: |
||||
return &k.PublicKey |
||||
case *ecdsa.PrivateKey: |
||||
return &k.PublicKey |
||||
case ed25519.PrivateKey: |
||||
return k.Public().(ed25519.PublicKey) |
||||
default: |
||||
return nil |
||||
} |
||||
} |
||||
|
||||
func main() { |
||||
flag.Parse() |
||||
|
||||
if len(*host) == 0 { |
||||
log.Fatalf("Missing required --host parameter") |
||||
} |
||||
|
||||
var priv any |
||||
var err error |
||||
switch *ecdsaCurve { |
||||
case "": |
||||
if *ed25519Key { |
||||
_, priv, err = ed25519.GenerateKey(rand.Reader) |
||||
} else { |
||||
priv, err = rsa.GenerateKey(rand.Reader, *rsaBits) |
||||
} |
||||
case "P224": |
||||
priv, err = ecdsa.GenerateKey(elliptic.P224(), rand.Reader) |
||||
case "P256": |
||||
priv, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader) |
||||
case "P384": |
||||
priv, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader) |
||||
case "P521": |
||||
priv, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader) |
||||
default: |
||||
log.Fatalf("Unrecognized elliptic curve: %q", *ecdsaCurve) |
||||
} |
||||
if err != nil { |
||||
log.Fatalf("Failed to generate private key: %v", err) |
||||
} |
||||
|
||||
// ECDSA, ED25519 and RSA subject keys should have the DigitalSignature
|
||||
// KeyUsage bits set in the x509.Certificate template
|
||||
keyUsage := x509.KeyUsageDigitalSignature |
||||
// Only RSA subject keys should have the KeyEncipherment KeyUsage bits set. In
|
||||
// the context of TLS this KeyUsage is particular to RSA key exchange and
|
||||
// authentication.
|
||||
if _, isRSA := priv.(*rsa.PrivateKey); isRSA { |
||||
keyUsage |= x509.KeyUsageKeyEncipherment |
||||
} |
||||
|
||||
var notBefore time.Time |
||||
if len(*validFrom) == 0 { |
||||
notBefore = time.Now() |
||||
} else { |
||||
notBefore, err = time.Parse("Jan 2 15:04:05 2006", *validFrom) |
||||
if err != nil { |
||||
log.Fatalf("Failed to parse creation date: %v", err) |
||||
} |
||||
} |
||||
|
||||
notAfter := notBefore.Add(*validFor) |
||||
|
||||
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) |
||||
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) |
||||
if err != nil { |
||||
log.Fatalf("Failed to generate serial number: %v", err) |
||||
} |
||||
|
||||
template := x509.Certificate{ |
||||
SerialNumber: serialNumber, |
||||
Subject: pkix.Name{ |
||||
Organization: []string{"Acme Co"}, |
||||
}, |
||||
NotBefore: notBefore, |
||||
NotAfter: notAfter, |
||||
|
||||
KeyUsage: keyUsage, |
||||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, |
||||
BasicConstraintsValid: true, |
||||
} |
||||
|
||||
hosts := strings.Split(*host, ",") |
||||
for _, h := range hosts { |
||||
if ip := net.ParseIP(h); ip != nil { |
||||
template.IPAddresses = append(template.IPAddresses, ip) |
||||
} else { |
||||
template.DNSNames = append(template.DNSNames, h) |
||||
} |
||||
} |
||||
|
||||
if *isCA { |
||||
template.IsCA = true |
||||
template.KeyUsage |= x509.KeyUsageCertSign |
||||
} |
||||
|
||||
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv) |
||||
if err != nil { |
||||
log.Fatalf("Failed to create certificate: %v", err) |
||||
} |
||||
|
||||
certOut, err := os.Create("cert.pem") |
||||
if err != nil { |
||||
log.Fatalf("Failed to open cert.pem for writing: %v", err) |
||||
} |
||||
if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}); err != nil { |
||||
log.Fatalf("Failed to write data to cert.pem: %v", err) |
||||
} |
||||
if err := certOut.Close(); err != nil { |
||||
log.Fatalf("Error closing cert.pem: %v", err) |
||||
} |
||||
log.Print("wrote cert.pem\n") |
||||
|
||||
keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) |
||||
if err != nil { |
||||
log.Fatalf("Failed to open key.pem for writing: %v", err) |
||||
return |
||||
} |
||||
privBytes, err := x509.MarshalPKCS8PrivateKey(priv) |
||||
if err != nil { |
||||
log.Fatalf("Unable to marshal private key: %v", err) |
||||
} |
||||
if err := pem.Encode(keyOut, &pem.Block{Type: "PRIVATE KEY", Bytes: privBytes}); err != nil { |
||||
log.Fatalf("Failed to write data to key.pem: %v", err) |
||||
} |
||||
if err := keyOut.Close(); err != nil { |
||||
log.Fatalf("Error closing key.pem: %v", err) |
||||
} |
||||
log.Print("wrote key.pem\n") |
||||
} |
@ -1,43 +0,0 @@
|
||||
// Copyright 2018 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
//go:build aix || (go1.12 && darwin)
|
||||
// +build aix go1.12,darwin
|
||||
|
||||
package socket |
||||
|
||||
import ( |
||||
"syscall" |
||||
"unsafe" |
||||
) |
||||
|
||||
//go:linkname syscall_getsockopt syscall.getsockopt
|
||||
func syscall_getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *uint32) error |
||||
|
||||
func getsockopt(s uintptr, level, name int, b []byte) (int, error) { |
||||
l := uint32(len(b)) |
||||
err := syscall_getsockopt(int(s), level, name, unsafe.Pointer(&b[0]), &l) |
||||
return int(l), err |
||||
} |
||||
|
||||
//go:linkname syscall_setsockopt syscall.setsockopt
|
||||
func syscall_setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) error |
||||
|
||||
func setsockopt(s uintptr, level, name int, b []byte) error { |
||||
return syscall_setsockopt(int(s), level, name, unsafe.Pointer(&b[0]), uintptr(len(b))) |
||||
} |
||||
|
||||
//go:linkname syscall_recvmsg syscall.recvmsg
|
||||
func syscall_recvmsg(s int, msg *syscall.Msghdr, flags int) (n int, err error) |
||||
|
||||
func recvmsg(s uintptr, h *msghdr, flags int) (int, error) { |
||||
return syscall_recvmsg(int(s), (*syscall.Msghdr)(unsafe.Pointer(h)), flags) |
||||
} |
||||
|
||||
//go:linkname syscall_sendmsg syscall.sendmsg
|
||||
func syscall_sendmsg(s int, msg *syscall.Msghdr, flags int) (n int, err error) |
||||
|
||||
func sendmsg(s uintptr, h *msghdr, flags int) (int, error) { |
||||
return syscall_sendmsg(int(s), (*syscall.Msghdr)(unsafe.Pointer(h)), flags) |
||||
} |
@ -0,0 +1,13 @@
|
||||
// Copyright 2021 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
//go:build loong64
|
||||
// +build loong64
|
||||
|
||||
package socket |
||||
|
||||
const ( |
||||
sysRECVMMSG = 0xf3 |
||||
sysSENDMMSG = 0x10d |
||||
) |
@ -1,59 +0,0 @@
|
||||
// Copyright 2017 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package socket |
||||
|
||||
import ( |
||||
"syscall" |
||||
"unsafe" |
||||
) |
||||
|
||||
//go:cgo_import_dynamic libc___xnet_getsockopt __xnet_getsockopt "libsocket.so"
|
||||
//go:cgo_import_dynamic libc_setsockopt setsockopt "libsocket.so"
|
||||
//go:cgo_import_dynamic libc___xnet_recvmsg __xnet_recvmsg "libsocket.so"
|
||||
//go:cgo_import_dynamic libc___xnet_sendmsg __xnet_sendmsg "libsocket.so"
|
||||
|
||||
//go:linkname procGetsockopt libc___xnet_getsockopt
|
||||
//go:linkname procSetsockopt libc_setsockopt
|
||||
//go:linkname procRecvmsg libc___xnet_recvmsg
|
||||
//go:linkname procSendmsg libc___xnet_sendmsg
|
||||
|
||||
var ( |
||||
procGetsockopt uintptr |
||||
procSetsockopt uintptr |
||||
procRecvmsg uintptr |
||||
procSendmsg uintptr |
||||
) |
||||
|
||||
func sysvicall6(trap, nargs, a1, a2, a3, a4, a5, a6 uintptr) (uintptr, uintptr, syscall.Errno) |
||||
func rawSysvicall6(trap, nargs, a1, a2, a3, a4, a5, a6 uintptr) (uintptr, uintptr, syscall.Errno) |
||||
|
||||
func getsockopt(s uintptr, level, name int, b []byte) (int, error) { |
||||
l := uint32(len(b)) |
||||
_, _, errno := sysvicall6(uintptr(unsafe.Pointer(&procGetsockopt)), 5, s, uintptr(level), uintptr(name), uintptr(unsafe.Pointer(&b[0])), uintptr(unsafe.Pointer(&l)), 0) |
||||
return int(l), errnoErr(errno) |
||||
} |
||||
|
||||
func setsockopt(s uintptr, level, name int, b []byte) error { |
||||
_, _, errno := sysvicall6(uintptr(unsafe.Pointer(&procSetsockopt)), 5, s, uintptr(level), uintptr(name), uintptr(unsafe.Pointer(&b[0])), uintptr(len(b)), 0) |
||||
return errnoErr(errno) |
||||
} |
||||
|
||||
func recvmsg(s uintptr, h *msghdr, flags int) (int, error) { |
||||
n, _, errno := sysvicall6(uintptr(unsafe.Pointer(&procRecvmsg)), 3, s, uintptr(unsafe.Pointer(h)), uintptr(flags), 0, 0, 0) |
||||
return int(n), errnoErr(errno) |
||||
} |
||||
|
||||
func sendmsg(s uintptr, h *msghdr, flags int) (int, error) { |
||||
n, _, errno := sysvicall6(uintptr(unsafe.Pointer(&procSendmsg)), 3, s, uintptr(unsafe.Pointer(h)), uintptr(flags), 0, 0, 0) |
||||
return int(n), errnoErr(errno) |
||||
} |
||||
|
||||
func recvmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) { |
||||
return 0, errNotImplemented |
||||
} |
||||
|
||||
func sendmmsg(s uintptr, hs []mmsghdr, flags int) (int, error) { |
||||
return 0, errNotImplemented |
||||
} |
@ -1,11 +0,0 @@
|
||||
// Copyright 2016 The Go Authors. All rights reserved. |
||||
// Use of this source code is governed by a BSD-style |
||||
// license that can be found in the LICENSE file. |
||||
|
||||
#include "textflag.h" |
||||
|
||||
TEXT ·sysvicall6(SB),NOSPLIT,$0-88 |
||||
JMP syscall·sysvicall6(SB) |
||||
|
||||
TEXT ·rawSysvicall6(SB),NOSPLIT,$0-88 |
||||
JMP syscall·rawSysvicall6(SB) |
@ -0,0 +1,40 @@
|
||||
// Code generated by cmd/cgo -godefs; DO NOT EDIT.
|
||||
// cgo -godefs defs_linux.go
|
||||
|
||||
//go:build loong64
|
||||
// +build loong64
|
||||
|
||||
package socket |
||||
|
||||
type iovec struct { |
||||
Base *byte |
||||
Len uint64 |
||||
} |
||||
|
||||
type msghdr struct { |
||||
Name *byte |
||||
Namelen uint32 |
||||
Iov *iovec |
||||
Iovlen uint64 |
||||
Control *byte |
||||
Controllen uint64 |
||||
Flags int32 |
||||
Pad_cgo_0 [4]byte |
||||
} |
||||
|
||||
type mmsghdr struct { |
||||
Hdr msghdr |
||||
Len uint32 |
||||
Pad_cgo_0 [4]byte |
||||
} |
||||
|
||||
type cmsghdr struct { |
||||
Len uint64 |
||||
Level int32 |
||||
Type int32 |
||||
} |
||||
|
||||
const ( |
||||
sizeofIovec = 0x10 |
||||
sizeofMsghdr = 0x38 |
||||
) |
@ -0,0 +1,77 @@
|
||||
// Code generated by cmd/cgo -godefs; DO NOT EDIT.
|
||||
// cgo -godefs defs_linux.go
|
||||
|
||||
//go:build loong64
|
||||
// +build loong64
|
||||
|
||||
package ipv4 |
||||
|
||||
const ( |
||||
sizeofKernelSockaddrStorage = 0x80 |
||||
sizeofSockaddrInet = 0x10 |
||||
sizeofInetPktinfo = 0xc |
||||
sizeofSockExtendedErr = 0x10 |
||||
|
||||
sizeofIPMreq = 0x8 |
||||
sizeofIPMreqSource = 0xc |
||||
sizeofGroupReq = 0x88 |
||||
sizeofGroupSourceReq = 0x108 |
||||
|
||||
sizeofICMPFilter = 0x4 |
||||
) |
||||
|
||||
type kernelSockaddrStorage struct { |
||||
Family uint16 |
||||
X__data [126]int8 |
||||
} |
||||
|
||||
type sockaddrInet struct { |
||||
Family uint16 |
||||
Port uint16 |
||||
Addr [4]byte /* in_addr */ |
||||
X__pad [8]uint8 |
||||
} |
||||
|
||||
type inetPktinfo struct { |
||||
Ifindex int32 |
||||
Spec_dst [4]byte /* in_addr */ |
||||
Addr [4]byte /* in_addr */ |
||||
} |
||||
|
||||
type sockExtendedErr struct { |
||||
Errno uint32 |
||||
Origin uint8 |
||||
Type uint8 |
||||
Code uint8 |
||||
Pad uint8 |
||||
Info uint32 |
||||
Data uint32 |
||||
} |
||||
|
||||
type ipMreq struct { |
||||
Multiaddr [4]byte /* in_addr */ |
||||
Interface [4]byte /* in_addr */ |
||||
} |
||||
|
||||
type ipMreqSource struct { |
||||
Multiaddr uint32 |
||||
Interface uint32 |
||||
Sourceaddr uint32 |
||||
} |
||||
|
||||
type groupReq struct { |
||||
Interface uint32 |
||||
Pad_cgo_0 [4]byte |
||||
Group kernelSockaddrStorage |
||||
} |
||||
|
||||
type groupSourceReq struct { |
||||
Interface uint32 |
||||
Pad_cgo_0 [4]byte |
||||
Group kernelSockaddrStorage |
||||
Source kernelSockaddrStorage |
||||
} |
||||
|
||||
type icmpFilter struct { |
||||
Data uint32 |
||||
} |
@ -0,0 +1,77 @@
|
||||
// Code generated by cmd/cgo -godefs; DO NOT EDIT.
|
||||
// cgo -godefs defs_linux.go
|
||||
|
||||
//go:build loong64
|
||||
// +build loong64
|
||||
|
||||
package ipv6 |
||||
|
||||
const ( |
||||
sizeofKernelSockaddrStorage = 0x80 |
||||
sizeofSockaddrInet6 = 0x1c |
||||
sizeofInet6Pktinfo = 0x14 |
||||
sizeofIPv6Mtuinfo = 0x20 |
||||
sizeofIPv6FlowlabelReq = 0x20 |
||||
|
||||
sizeofIPv6Mreq = 0x14 |
||||
sizeofGroupReq = 0x88 |
||||
sizeofGroupSourceReq = 0x108 |
||||
|
||||
sizeofICMPv6Filter = 0x20 |
||||
) |
||||
|
||||
type kernelSockaddrStorage struct { |
||||
Family uint16 |
||||
X__data [126]int8 |
||||
} |
||||
|
||||
type sockaddrInet6 struct { |
||||
Family uint16 |
||||
Port uint16 |
||||
Flowinfo uint32 |
||||
Addr [16]byte /* in6_addr */ |
||||
Scope_id uint32 |
||||
} |
||||
|
||||
type inet6Pktinfo struct { |
||||
Addr [16]byte /* in6_addr */ |
||||
Ifindex int32 |
||||
} |
||||
|
||||
type ipv6Mtuinfo struct { |
||||
Addr sockaddrInet6 |
||||
Mtu uint32 |
||||
} |
||||
|
||||
type ipv6FlowlabelReq struct { |
||||
Dst [16]byte /* in6_addr */ |
||||
Label uint32 |
||||
Action uint8 |
||||
Share uint8 |
||||
Flags uint16 |
||||
Expires uint16 |
||||
Linger uint16 |
||||
X__flr_pad uint32 |
||||
} |
||||
|
||||
type ipv6Mreq struct { |
||||
Multiaddr [16]byte /* in6_addr */ |
||||
Ifindex int32 |
||||
} |
||||
|
||||
type groupReq struct { |
||||
Interface uint32 |
||||
Pad_cgo_0 [4]byte |
||||
Group kernelSockaddrStorage |
||||
} |
||||
|
||||
type groupSourceReq struct { |
||||
Interface uint32 |
||||
Pad_cgo_0 [4]byte |
||||
Group kernelSockaddrStorage |
||||
Source kernelSockaddrStorage |
||||
} |
||||
|
||||
type icmpv6Filter struct { |
||||
Data [8]uint32 |
||||
} |
Loading…
Reference in new issue