From a87ba4538bf235485e2391aae6ed0a48a643537e Mon Sep 17 00:00:00 2001 From: Eduard Urbach Date: Sat, 23 Jun 2018 15:13:31 +0900 Subject: [PATCH] New default certificates --- main.go | 2 +- security.go | 41 +++++++++++++++++++++++++++++++++ security/default/root.crt | 11 +++++++++ security/default/rootCA.key | 30 ------------------------ security/default/rootCA.pem | 22 ------------------ security/default/rootCA.srl | 1 - security/default/server.crt | 30 ++++++++---------------- security/default/server.csr | 17 -------------- security/default/server.csr.cnf | 21 ----------------- security/default/server.key | 33 ++++---------------------- security/default/v3.ext | 7 ------ 11 files changed, 68 insertions(+), 147 deletions(-) create mode 100644 security.go create mode 100644 security/default/root.crt delete mode 100644 security/default/rootCA.key delete mode 100644 security/default/rootCA.pem delete mode 100644 security/default/rootCA.srl delete mode 100644 security/default/server.csr delete mode 100644 security/default/server.csr.cnf delete mode 100644 security/default/v3.ext diff --git a/main.go b/main.go index c27f1ca..67a3fa5 100644 --- a/main.go +++ b/main.go @@ -14,7 +14,7 @@ func main() { } func configure(app *aero.Application) *aero.Application { - app.Security.Load("security/server.crt", "security/server.key") + configureHTTPS(app) appCode := func(ctx *aero.Context) string { return ctx.HTML(components.Layout(ctx)) diff --git a/security.go b/security.go new file mode 100644 index 0000000..a81d384 --- /dev/null +++ b/security.go @@ -0,0 +1,41 @@ +package main + +import ( + "os" + "path" + + "github.com/aerogo/aero" + "github.com/fatih/color" +) + +func configureHTTPS(app *aero.Application) { + fullCertPath := path.Join("security", "server.crt") + fullKeyPath := path.Join("security", "server.key") + + if _, err := os.Stat(fullCertPath); os.IsNotExist(err) { + defaultCertPath := path.Join("security", "default", "server.crt") + err := os.Link(defaultCertPath, fullCertPath) + + if err != nil { + // Do not panic here, multiple tests could be running this in parallel. + // Therefore, races can occur (which test writes the link first). + // Simply log the error and continue as the file should be present. + color.Red(err.Error()) + } + } + + if _, err := os.Stat(fullKeyPath); os.IsNotExist(err) { + defaultKeyPath := path.Join("security", "default", "server.key") + err := os.Link(defaultKeyPath, fullKeyPath) + + if err != nil { + // Do not panic here, multiple tests could be running this in parallel. + // Therefore, races can occur (which test writes the link first). + // Simply log the error and continue as the file should be present. + color.Red(err.Error()) + } + } + + // HTTPS + app.Security.Load(fullCertPath, fullKeyPath) +} diff --git a/security/default/root.crt b/security/default/root.crt new file mode 100644 index 0000000..cbdf408 --- /dev/null +++ b/security/default/root.crt @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBfzCCASSgAwIBAgIQP+sEBqZLdNe8KLm5lGuSUjAKBggqhkjOPQQDAjAkMRAw +DgYDVQQKEwdBY21lIENvMRAwDgYDVQQDEwdSb290IENBMB4XDTE4MDYyMzA2MDYy +N1oXDTI4MDYyMDA2MDYyN1owJDEQMA4GA1UEChMHQWNtZSBDbzEQMA4GA1UEAxMH +Um9vdCBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGr/aqdLEYl1JBqP/P8e +R078sS4W4WXvyfievpluBDDOOMljBCyH4vP6SFKTdi2tO/871PYHPqVWrHMKXLzE +SMKjODA2MA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNV +HRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQC2bAYBX0HIORmHLV5p89vb +t+aajGmjWXPiNBuKxWJZmQIhAJYmz+njI9jzR4oYfGVowLWPVoKP+D+xvhgGAyuG +fDy/ +-----END CERTIFICATE----- diff --git a/security/default/rootCA.key b/security/default/rootCA.key deleted file mode 100644 index 72e9470..0000000 --- a/security/default/rootCA.key +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,E429DA2478AD160D - -AB4pjQfsI6yN9I/pG8m9ZYokS4qE+UuOjrap9EFOpSeSe9esXC5U7Dh15tmstam5 -kCO5S/e/+2iD1QxKMx6Ms8uPxCujmfpkjIekyoGrB5Wz8AkUYW76vE4rY0MSvpfs -YxSgiUe0780vyBzDBuOcAlRCckwFWoNHvLbbsuP6Fh/beybiPvv4ZtoNtzCav3UK -+0mvA8cr+2dLJ+a75pgYW1GBI5L2EFEkDWSzhVLFRX/Lh6DI/pMOa6PWMaLE2LXL -cSDgLl4S87vALMLnpUZGU2PaampV17Fh3m+UbmRmJJQMuueZKhIT3TWijl9nK9vP -D87LPN2I45rVhWmfXd0HC5+4ioH8oml/IAF/m//+TftY7n0zFMepUJzx3zYwTQhj -RrQfm0psmMw9AW1TKNhBHqxkpATDuAOyUO7hA3zVPLcnF6JYf3/Ra7IrWygkpaC6 -53NKirg1O9PZX7IPvY0n32vX6ZLNuGR7O8jahu0KnQ+T0d+1ji7PBnHglDCU4B9E -5wHyf3gZBXuK2YF9nA9z3tZX1PuJk4XXvmGdayniFvf4GmTE9jxsNNaqEnpDf8UB -bGMQ67JRl4QL0DB3fOvWipfEseg+EaelcFSi9U4IYk+CHpvxuofkYAkmWzYuIl3b -BLLqom2dAwGWVDtBFIkjwi4M2TWFfnqfSAerI/m8WZqPRfR9JiDAYwI4I35hWwa6 -qv7wQslzMnb9pzMcrZXnUNxusrzh4ywcjNhXNbUPMV+t/L56oNWqetheHuQevV2w -oU0iI6hO8/OIpPTYFfR9gSvYVgEimoJcxBLId8KynxsPneker9PhZ1SOoGbmrOFX -qphfZsuMWLAoNGk+JXAsBOyJPUfD+oq6rkQKXw4RwF9TWCdKX2OlkKXyZrwn8QVN -MsFVYJJ1p6q1hW8ClgJwslcdVMI+WI2qMSpu1P455VYfcxVoWAelY/7tsEaT1/3T -4mZM/ZLR0nKm0JqvDfol2yM6lvvijHJGt4eyj1j0wRGD3drDUsDjwOr8toei3L/B -F//dHJnzk0GpZSKNSq+tdigB4tUVW14rRvGFR7c5LAmCMB6b5NlbJfembufzHoRs -Q/RDrd4IbErd6Mo74UuxLfgVSrzYPdnx820PHtsEkL/HyptPakjlcbFQxUW5LO3l -Co5maXaWNou05Gt7qTOUINgaaLgiczPyl+XSlI5epfBsv2KmvH8NE48nY0ciAE1B -Pwner1y45DTgKPsUVQQwdFAsIj1bGaFXlmwAiH3cci6KPePeD1RcHcyI+8O2ehDT -iwjeQm6IEMZWdCUvuj+UBvSI9k3+dYcEgALqcILM1dSfPnCpMuMoG4KYcZVYJ+3l -YSfWkBWhbIKFxLJBPr98VLge9Pzy25h5PwW0dAeJgBn+tqnx7+UEDY5uNlGmZiiu -bPXj5fOGRRrY4iMy5CK8N9RUmCRRY9+OW+zX4DAU2Hp0mg8XM/KPsilfI6tSh5HU -281gwlUV7YEa+y4RmLGAKdVl5i+1KzgLLX0PCeBUy2710qd23C4OwU5U9z4T2ms6 -AUB8YpkhLgIfoBjNMVTdIGr64jC4SSJ/cOfun9racGntW4claiZiSwdTOzbaFZzC ------END RSA PRIVATE KEY----- diff --git a/security/default/rootCA.pem b/security/default/rootCA.pem deleted file mode 100644 index e91b966..0000000 --- a/security/default/rootCA.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDnDCCAoSgAwIBAgIJANmDyvD8iAtzMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNV -BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQxHDAaBgNVBAMME2JldGEua29ubmFrYW5qaS5hcHAwHhcN -MTgwNjA3MDk1NjUzWhcNMjEwMzI3MDk1NjUzWjBjMQswCQYDVQQGEwJBVTETMBEG -A1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkg -THRkMRwwGgYDVQQDDBNiZXRhLmtvbm5ha2FuamkuYXBwMIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEA69Nu59u58QC0eKrx+9Dt8bfw0Fz65g++eQGgDuDw -RS8BuaR8krrRhdHq5AWdibEvWcMxiMly5sYtf1RX+Otfbq9tSpbIh+6zEUjZFxQZ -HenpPWoTBzkIMoJDZK/lCXJH7m6YyvIMoJA5Dp0uvfl7WUycxK7JgiyCzEuJhOi3 -rwk/ybz3L71WcPfbp8/r8CJyUmTYn7TMmM4Dqvm3hKZiqGLDPorUhVaRmW46lgaD -dfBBMjqVSyPTNbrSWiDDzPN1IlYVwClQdXBAUWfEcIhsyvgvjMRw5wS0IkbM4eB/ -ULhT80w7fGTpNi9htcHainIb6rDREA9C2svtFaNyrUyMFwIDAQABo1MwUTAdBgNV -HQ4EFgQUG36SAhpW/qdd+jwE0wTEshrihbMwHwYDVR0jBBgwFoAUG36SAhpW/qdd -+jwE0wTEshrihbMwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEA -rsgdIkEv4JYGZcRU8QPRJ42B9VtxlxnKmnqdOCHiQFHNeKbm+Fgf/GT4aservBc9 -ktO9BuYhZomQuaPFR+jdxighBQZxBOtD0B196Q/CvE3an3KXuDh29tmg9e36vi6w -x+FPyVaD/YVfQ9KFb0UnDLLpECSLr6nEdbvuR9n1nh/Oy6yg47LuYyX7LEttxacp -2vpnKb5/cOujw1RV1aTKY1uvzDyM/I4cLoSgn/YKpteNQU5atYX//V2mEA/PMRqh -CczBmeHzZdj6nXq/enDpnnyLca+ZeAgTBrlCw/kxqRDtTgM4qHVZZBqbeyMUe+VG -ykDWjVVZBx/CMzQhSiCCcw== ------END CERTIFICATE----- diff --git a/security/default/rootCA.srl b/security/default/rootCA.srl deleted file mode 100644 index 58f4815..0000000 --- a/security/default/rootCA.srl +++ /dev/null @@ -1 +0,0 @@ -CC6C3F4AE747CB89 diff --git a/security/default/server.crt b/security/default/server.crt index b1949c2..46dcf9b 100644 --- a/security/default/server.crt +++ b/security/default/server.crt @@ -1,22 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIDpDCCAoygAwIBAgIJAMxsP0rnR8uJMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNV -BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQxHDAaBgNVBAMME2JldGEua29ubmFrYW5qaS5hcHAwHhcN -MTgwNjA3MDk1ODE3WhcNMTkxMDIwMDk1ODE3WjBjMQswCQYDVQQGEwJBVTETMBEG -A1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkg -THRkMRwwGgYDVQQDDBNiZXRhLmtvbm5ha2FuamkuYXBwMIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEAtOkHqYkCxh6t0Gsx/VhnlYx8iwDbgbfSaSAAVwPZ -UUqHI3lbKSShCEcegy/FU+X8hd3j+wz+egcWLAQ1O3S1goITolAmEwiSEOGL1q7r -Dtmq7oLDDdcL+cP0qjbhTnp2VO0UJzThOhqWKAkYLh1WdQYtG0RjBBzwGqcVhRhL -pFvbq086YHXUBQQIfibBZ6CYlyzqBCZmjAB0zlPmtn06slfSIAr1EAkB0UO82fDP -RL5L62Ac00RppD92HL7fzgWVEFkPZUq89hI5qzlr2qeqD8lPfpaTtuNRCR1GhyrB -UnSxnVUZ1oqBvAG2PohlS0FX4dfFLK8t+66WuHhWOrje9QIDAQABo1swWTAfBgNV -HSMEGDAWgBQbfpICGlb+p136PATTBMSyGuKFszAJBgNVHRMEAjAAMAsGA1UdDwQE -AwIE8DAeBgNVHREEFzAVghNiZXRhLmtvbm5ha2FuamkuYXBwMA0GCSqGSIb3DQEB -CwUAA4IBAQB4yM9vByimHatIvscOAMuhUubs1CQ1Z58vXQmjqN9W67CpHSWeKLHv -w8RuHG5J6MRxGLe/cmK9vz6HqHrulrRQUGXhu0NZUwrI883HoWKHKxYxClaByypq -AM0CUlH0wflQoRLH5W1WkhS6nBoj2oIuK7a0IG74m5ePhKFEkXQpF3Ztze2Qd6Pi -8fNSDI75L8ejq4ZakOcRo+3nXdaq/lib8nGmHlwyVpehxBTqKlTQZVnYX5Bp4tyP -2JxXpEeCr1BzF2cXsalae7VUEq4HzVXXEENAUhi31Bz6oyCbBTzzEY17/ss0DrDt -+tVqWkWum8b3eWcsmnD6Nb3k2eaqz37b +MIIBuzCCAWCgAwIBAgIQUkIuqKImFnBDcBfarJ2SIDAKBggqhkjOPQQDAjAkMRAw +DgYDVQQKEwdBY21lIENvMRAwDgYDVQQDEwdSb290IENBMB4XDTE4MDYyMzA2MDYy +N1oXDTI4MDYyMDA2MDYyN1owMjEQMA4GA1UEChMHQWNtZSBDbzEeMBwGA1UEAxMV +TG9jYWxob3N0IENlcnRpZmljYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE +O8I+jhU3KLIvtvpsxOoH70kP42kC+KyfszJ4j3QCiyRgg+pkKUv6p8G0d5AnIVVN +jL/91U+ffIQjRUs+X+K+C6NmMGQwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoG +CCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwLwYDVR0RBCgwJoITYmV0YS5rb25uYWth +bmppLmFwcIIJbG9jYWxob3N0hwR/AAABMAoGCCqGSM49BAMCA0kAMEYCIQCxJdPG +WtWMMrytTGFCK4M5f/SSSRSZ9AYtH8xDug7qTQIhALlD3+WV2i+Uh1VKasXjRKTM +35WXISubEy0W0auA/y4i -----END CERTIFICATE----- diff --git a/security/default/server.csr b/security/default/server.csr deleted file mode 100644 index 405e155..0000000 --- a/security/default/server.csr +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICvjCCAaYCAQAwYzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx -ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEcMBoGA1UEAwwTYmV0 -YS5rb25uYWthbmppLmFwcDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -ALTpB6mJAsYerdBrMf1YZ5WMfIsA24G30mkgAFcD2VFKhyN5WykkoQhHHoMvxVPl -/IXd4/sM/noHFiwENTt0tYKCE6JQJhMIkhDhi9au6w7Zqu6Cww3XC/nD9Ko24U56 -dlTtFCc04ToaligJGC4dVnUGLRtEYwQc8BqnFYUYS6Rb26tPOmB11AUECH4mwWeg -mJcs6gQmZowAdM5T5rZ9OrJX0iAK9RAJAdFDvNnwz0S+S+tgHNNEaaQ/dhy+384F -lRBZD2VKvPYSOas5a9qnqg/JT36Wk7bjUQkdRocqwVJ0sZ1VGdaKgbwBtj6IZUtB -V+HXxSyvLfuulrh4Vjq43vUCAwEAAaAWMBQGCSqGSIb3DQEJBzEHDAVrb25uYTAN -BgkqhkiG9w0BAQsFAAOCAQEACWfcye/n494wjq2P0QwqT+0Au2YVCHpNQP49Wbca -+3kGMLXVDxyiEOf2/P+qtiEwwx+gBKvxVaZJfrjAAho7W82DNeJRMDAmhNVqsACm -5rcQbfDXNjmwwYqM9NrrXHA51K3BhzaPiChiaK+zoOhvlI/imPHEQf3n2yYAXMhC -hUJ4cYtSiWrrykDf8b6h8YvE/28VF9puGdsYqZnDWQmqjsmOS/QPD26qgJJSO0MY -oH3mWIfliArXOjSpGn9gcyEWC3m5qBSvALllWEoRr0b+d6ojSiiT8YcF3qqKe8Bm -OZdCe4cp47op/5xRXBV65tOBwwl4kKPZxEOxBStSzgNCIg== ------END CERTIFICATE REQUEST----- diff --git a/security/default/server.csr.cnf b/security/default/server.csr.cnf deleted file mode 100644 index 0b23d71..0000000 --- a/security/default/server.csr.cnf +++ /dev/null @@ -1,21 +0,0 @@ -[req] -default_bits = 2048 -prompt = no -default_md = sha256 -req_extensions = req_ext -distinguished_name = dn - -[dn] -C=US -ST=RandomState -L=RandomCity -O=RandomOrganization -OU=RandomOrganizationUnit -emailAddress=email@example.com -CN = beta.konnakanji.app - -[req_ext] -subjectAltName = @alt_names - -[alt_names] -DNS.1 = beta.konnakanji.app diff --git a/security/default/server.key b/security/default/server.key index d22cd3d..df074b0 100644 --- a/security/default/server.key +++ b/security/default/server.key @@ -1,28 +1,5 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC06QepiQLGHq3Q -azH9WGeVjHyLANuBt9JpIABXA9lRSocjeVspJKEIRx6DL8VT5fyF3eP7DP56BxYs -BDU7dLWCghOiUCYTCJIQ4YvWrusO2arugsMN1wv5w/SqNuFOenZU7RQnNOE6GpYo -CRguHVZ1Bi0bRGMEHPAapxWFGEukW9urTzpgddQFBAh+JsFnoJiXLOoEJmaMAHTO -U+a2fTqyV9IgCvUQCQHRQ7zZ8M9EvkvrYBzTRGmkP3Ycvt/OBZUQWQ9lSrz2Ejmr -OWvap6oPyU9+lpO241EJHUaHKsFSdLGdVRnWioG8AbY+iGVLQVfh18Usry37rpa4 -eFY6uN71AgMBAAECggEAHL6N7h0L6MjFG0F8/uEGDFf3DesD9ZdsgjGIfErrQ6RQ -1o0Ys+/S+kq6iWOUueDn/6ki6SfGY0Mu/a1pe9nuYR8j2X1cn1eURcRggKroRELH -iwAR1+gcSgIdpNH1eI+yr4m/0v7u7ll9FD1lryYQL6XckuGJzgR/De0QWUZj9mgx -kg8+V2LBK3KGo/lga+c2tXhme5oL0zBsQJ9Ve++GaxKK+t+W5Jo8KIwS4SQ87sBZ -xwkf1H4PyZ1kTigDa3J6rkkE4GVnqKw2th2sNYuRg6KMnlbywKd6J917n7+b5dyE -XuMqU+wB86bNlUo8g1d/8JJRvh6OgFOSNpuTTKhUHQKBgQDeG+GY+CzgE/AFTOXr -ttpswJQ9kSOedb7khqsTSn4bfgdM/r9ryxjXuswCNHBxM14zJ2Y1iXFuVgsTFppV -PixaE1iXcP2lpp75btgSoXFJKWlPZpzOQYGDfPs8h0/DYGNXk/MQhChtneo7GgTb -UFN7+5MGMYiFHYkoJArR+yUyUwKBgQDQg9QwFMsKjfwje/181a9ElAS5bg5smgYV -HBS/+AGFwcBBiV9bcFOwX98ruwjiW7AVCzNJkApjeoa/U23WqigYR9H/5bDg+fKp -6syHlbSR8PgsUv1PKrzFU+Rkr8C+h7qcgOzJcuAzcl+6w/MiMbQT//pLxD8B/XDR -33DWenEQlwKBgQDByHuk9epZOqvwQ+5aILgjqEXuDWKRT1PUmLZL53NtUyDViXHD -f3hWSBDUX6I28cVfRiHD1f3UcVfKOK9AbjVOBZEG2DtFOsF7CL2WS6rGVU4fS3zF -65su+G1OmxP5d3BVKa0pHNUVBnElTYctPcEI7C6TecYNtf5DumaCW+dRJwKBgHwF -LPu8IlgQw1tHsCnD3w9nCrhP4Xxu0BdWMHFNzXoFF5jjYDg+w0gwfcjA4jPgXQbn -NoYWildI1USPFtGLO3XVoe4Wa/IkOFUgNq6eOFxlevbCFbA0tzqW/01zy6yHhlL3 -y9612OxApveq/L3l2jnbEsBl5SQF3ki2IaMwCHfZAoGBAMviPev3uVjhQhBE9+76 -qqaEaQnPkp+xBDnTo3CMxKuWlZum1Y97kRy4N3ooJGAnYu94UKyvOQd3OnPKeXSu -38SkolXF8SmIAWYavAIeW/cjFySAu8bFtosSfM/lsXy+C1X2Bn2fEayzzsa/tsPt -nd+gSjsPxBNUwZUoMc7k2bhG ------END PRIVATE KEY----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIOcII2sCkqFtx1GmdKwu+d4rZAFwvrq/tbZKdTiWiQgIoAoGCCqGSM49 +AwEHoUQDQgAEO8I+jhU3KLIvtvpsxOoH70kP42kC+KyfszJ4j3QCiyRgg+pkKUv6 +p8G0d5AnIVVNjL/91U+ffIQjRUs+X+K+Cw== +-----END EC PRIVATE KEY----- diff --git a/security/default/v3.ext b/security/default/v3.ext deleted file mode 100644 index 6d300a4..0000000 --- a/security/default/v3.ext +++ /dev/null @@ -1,7 +0,0 @@ -authorityKeyIdentifier=keyid,issuer -basicConstraints=CA:FALSE -keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment -subjectAltName = @alt_names - -[alt_names] -DNS.1 = beta.konnakanji.app