From 1fb4007fa7734d180cd41e444ad44e813b523096 Mon Sep 17 00:00:00 2001 From: JeremyRand Date: Sat, 4 Nov 2017 07:59:13 +0000 Subject: [PATCH] gofmt -s generate_nmc_cert/main.go --- generate_nmc_cert/main.go | 64 +++++++++++++++++++-------------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/generate_nmc_cert/main.go b/generate_nmc_cert/main.go index 5665815..3db2284 100644 --- a/generate_nmc_cert/main.go +++ b/generate_nmc_cert/main.go @@ -5,7 +5,7 @@ // Generate a self-signed X.509 certificate for a TLS server. Outputs to // 'cert.pem' and 'key.pem' and will overwrite existing files. -// This code has been modified from the stock Go code to generate +// This code has been modified from the stock Go code to generate // "dehydrated certificates", suitable for inclusion in a Namecoin name. package main @@ -22,12 +22,12 @@ import ( "encoding/pem" "flag" "fmt" + "github.com/namecoin/ncdns/certdehydrate" + "github.com/namecoin/ncdns/x509" "log" "math/big" "os" "time" - "github.com/namecoin/ncdns/certdehydrate" - "github.com/namecoin/ncdns/x509" ) var ( @@ -106,19 +106,19 @@ func main() { fmt.Fprintf(os.Stderr, "Failed to parse creation date: %s\n", err) os.Exit(1) } - + var notAfter time.Time notAfter, err = time.Parse("Jan 2 15:04:05 2006", *validTo) if err != nil { fmt.Fprintf(os.Stderr, "Failed to parse expiry date: %s\n", err) os.Exit(1) } - + timestampPrecision := int64(5 * 60) - - notBeforeFloored := time.Unix( ( notBefore.Unix() / timestampPrecision ) * timestampPrecision, 0 ) - notAfterFloored := time.Unix( ( notAfter.Unix() / timestampPrecision ) * timestampPrecision, 0 ) - + + notBeforeFloored := time.Unix((notBefore.Unix()/timestampPrecision)*timestampPrecision, 0) + notAfterFloored := time.Unix((notAfter.Unix()/timestampPrecision)*timestampPrecision, 0) + // Serial components pubkeyBytes, err := x509.MarshalPKIXPublicKey(publicKey(priv)) if err != nil { @@ -127,12 +127,12 @@ func main() { pubkeyB64 := base64.StdEncoding.EncodeToString(pubkeyBytes) notBeforeScaled := notBeforeFloored.Unix() / timestampPrecision notAfterScaled := notAfterFloored.Unix() / timestampPrecision - + // Calculate serial - serialDehydrated := certdehydrate.DehydratedCertificate { - PubkeyB64: pubkeyB64, + serialDehydrated := certdehydrate.DehydratedCertificate{ + PubkeyB64: pubkeyB64, NotBeforeScaled: notBeforeScaled, - NotAfterScaled: notAfterScaled, + NotAfterScaled: notAfterScaled, } serialNumber := big.NewInt(1) serialNumberBytes, err := serialDehydrated.SerialNumber(*host) @@ -144,7 +144,7 @@ func main() { template := x509.Certificate{ SerialNumber: serialNumber, Subject: pkix.Name{ - CommonName: *host, + CommonName: *host, SerialNumber: "Namecoin TLS Certificate", }, NotBefore: notBeforeFloored, @@ -152,7 +152,7 @@ func main() { // x509.KeyUsageKeyEncipherment is used for RSA key exchange, but not DHE/ECDHE key exchange. Since everyone should be using ECDHE (due to forward secrecy), we disallow x509.KeyUsageKeyEncipherment in our template. //KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, - KeyUsage: x509.KeyUsageDigitalSignature, + KeyUsage: x509.KeyUsageDigitalSignature, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, BasicConstraintsValid: true, } @@ -180,38 +180,38 @@ func main() { pem.Encode(keyOut, pemBlockForKey(priv)) keyOut.Close() log.Print("written key.pem\n") - + parsedResult, err := x509.ParseCertificate(derBytes) if err != nil { log.Fatal("failed to parse output cert: ", err) } - + dehydrated, err := certdehydrate.DehydrateCert(parsedResult) if err != nil { log.Fatal("failed to dehydrate result cert: ", err) } - + rehydrated, err := certdehydrate.RehydrateCert(dehydrated) if err != nil { log.Fatal("failed to rehydrate result cert: ", err) } - + rehydratedDerBytes, err := certdehydrate.FillRehydratedCertTemplate(*rehydrated, *host) if err != nil { log.Fatal("failed to fill rehydrated result cert: ", err) } - - if ! bytes.Equal(derBytes, rehydratedDerBytes) { + + if !bytes.Equal(derBytes, rehydratedDerBytes) { log.Fatal("ERROR: The cert did not rehydrate to an identical form. This is a bug; do not use the generated certificate.") } - + log.Print("Your Namecoin cert is: {\"d8\":", dehydrated, "}") - log.Print("SUCCESS: The cert rehydrated to an identical form. Place the generated files in your HTTPS server, and place the above JSON in the \"tls\" field for your Namecoin name."); + log.Print("SUCCESS: The cert rehydrated to an identical form. Place the generated files in your HTTPS server, and place the above JSON in the \"tls\" field for your Namecoin name.") if len(*falseHost) > 0 { var falsePriv interface{} - + switch *ecdsaCurve { case "P224": falsePriv, err = ecdsa.GenerateKey(elliptic.P224(), rand.Reader) @@ -228,32 +228,32 @@ func main() { if err != nil { log.Fatalf("failed to generate false private key: %s", err) } - + falseSerialNumber := big.NewInt(2) falseTemplate := x509.Certificate{ SerialNumber: falseSerialNumber, Subject: pkix.Name{ - CommonName: *falseHost, + CommonName: *falseHost, SerialNumber: "Namecoin TLS Certificate", }, NotBefore: notBefore, NotAfter: notAfter, - + // x509.KeyUsageKeyEncipherment is used for RSA key exchange, but not DHE/ECDHE key exchange. Since everyone should be using ECDHE (due to forward secrecy), we disallow x509.KeyUsageKeyEncipherment in our template. //KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, - KeyUsage: x509.KeyUsageDigitalSignature, + KeyUsage: x509.KeyUsageDigitalSignature, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, BasicConstraintsValid: true, } - + falseTemplate.DNSNames = append(falseTemplate.DNSNames, *falseHost) - + falseDerBytes, err := x509.CreateCertificate(rand.Reader, &falseTemplate, &template, publicKey(falsePriv), priv) if err != nil { log.Fatalf("Failed to create false certificate: %s", err) } - + falseCertOut, err := os.Create("falseCert.pem") if err != nil { log.Fatalf("failed to open falseCert.pem for writing: %s", err) @@ -261,7 +261,7 @@ func main() { pem.Encode(falseCertOut, &pem.Block{Type: "CERTIFICATE", Bytes: falseDerBytes}) falseCertOut.Close() log.Print("written falseCert.pem\n") - + falseKeyOut, err := os.OpenFile("falseKey.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) if err != nil { log.Print("failed to open falseKey.pem for writing:", err)