2 tofuproxy -- flexible HTTP/WARC proxy with TLS certificates management
3 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
5 This program is free software: you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation, version 3 of the License.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <http://www.gnu.org/licenses/>.
36 cn := flag.String("cn", "tofuproxy.localhost", "CommonName")
38 log.SetFlags(log.Lshortfile)
40 prv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
45 notBefore := time.Now()
46 notAfter := notBefore.Add(365 * 24 * time.Hour)
48 serialRaw := make([]byte, 16)
49 if _, err = io.ReadFull(rand.Reader, serialRaw); err != nil {
52 serial := big.NewInt(0)
53 serial = serial.SetBytes(serialRaw)
55 template := x509.Certificate{
57 Subject: pkix.Name{CommonName: *cn},
58 DNSNames: []string{*cn},
61 BasicConstraintsValid: true,
64 certRaw, err := x509.CreateCertificate(
65 rand.Reader, &template, &template, pub, prv,
70 if _, err = x509.ParseCertificate(certRaw); err != nil {
73 pkcs8, err := x509.MarshalPKCS8PrivateKey(prv)
78 err = pem.Encode(os.Stdout, &pem.Block{Type: "PRIVATE KEY", Bytes: pkcs8})
82 err = pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: certRaw})