1 // tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
2 // manager, WARC/geminispace browser
3 // Copyright (C) 2021-2024 Sergey Matveev <stargrave@stargrave.org>
5 // This program is free software: you can redistribute it and/or modify
6 // it under the terms of the GNU General Public License as published by
7 // the Free Software Foundation, version 3 of the License.
9 // This program is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
14 // You should have received a copy of the GNU General Public License
15 // along with this program. If not, see <http://www.gnu.org/licenses/>.
31 "go.stargrave.org/tofuproxy"
35 cn := flag.String("cn", "tofuproxy.localhost", "CommonName")
36 ai := flag.String("ai", "eddsa", "ecdsa|eddsa (ECDSA-256 or EdDSA algorithm)")
38 log.SetFlags(log.Lshortfile)
40 pub, prv := tofuproxy.NewKeypair(*ai)
41 notBefore := time.Now()
42 notAfter := notBefore.Add(365 * 24 * time.Hour)
44 serialRaw := make([]byte, 16)
45 if _, err := io.ReadFull(rand.Reader, serialRaw); err != nil {
48 serial := big.NewInt(0)
49 serial = serial.SetBytes(serialRaw)
51 template := x509.Certificate{
53 Subject: pkix.Name{CommonName: *cn},
54 DNSNames: []string{*cn},
57 BasicConstraintsValid: true,
60 certRaw, err := x509.CreateCertificate(
61 rand.Reader, &template, &template, pub, prv,
66 if _, err = x509.ParseCertificate(certRaw); err != nil {
69 pkcs8, err := x509.MarshalPKCS8PrivateKey(prv)
74 err = pem.Encode(os.Stdout, &pem.Block{Type: "PRIVATE KEY", Bytes: pkcs8})
78 err = pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: certRaw})