/*
-tofuproxy -- HTTP proxy with TLS certificates management
-Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+ manager, WARC/geminispace browser
+Copyright (C) 2021-2023 Sergey Matveev <stargrave@stargrave.org>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
package main
import (
- "crypto/ecdsa"
- "crypto/elliptic"
"crypto/rand"
"crypto/x509"
"crypto/x509/pkix"
"math/big"
"os"
"time"
+
+ "go.stargrave.org/tofuproxy"
)
func main() {
cn := flag.String("cn", "tofuproxy.localhost", "CommonName")
- crtPath := flag.String("cert", "cert.pem", "Path to server X.509 certificate")
- prvPath := flag.String("key", "prv.pem", "Path to server PKCS#8 private key")
+ ai := flag.String("ai", "eddsa", "ecdsa|eddsa (ECDSA-256 or EdDSA algorithm)")
flag.Parse()
log.SetFlags(log.Lshortfile)
- prv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
- if err != nil {
- log.Fatalln(err)
- }
- pub := prv.Public()
+ pub, prv := tofuproxy.NewKeypair(*ai)
notBefore := time.Now()
notAfter := notBefore.Add(365 * 24 * time.Hour)
serialRaw := make([]byte, 16)
- if _, err = io.ReadFull(rand.Reader, serialRaw); err != nil {
+ if _, err := io.ReadFull(rand.Reader, serialRaw); err != nil {
log.Fatalln(err)
}
serial := big.NewInt(0)
log.Fatalln(err)
}
- fd, err := os.OpenFile(*prvPath, os.O_WRONLY|os.O_CREATE, 0600)
+ err = pem.Encode(os.Stdout, &pem.Block{Type: "PRIVATE KEY", Bytes: pkcs8})
if err != nil {
log.Fatalln(err)
}
- err = pem.Encode(fd, &pem.Block{Type: "PRIVATE KEY", Bytes: pkcs8})
- if err != nil {
- log.Fatalln(err)
- }
- fd.Close()
-
- fd, err = os.OpenFile(*crtPath, os.O_WRONLY|os.O_CREATE, 0600)
- err = pem.Encode(fd, &pem.Block{Type: "CERTIFICATE", Bytes: certRaw})
+ err = pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: certRaw})
if err != nil {
log.Fatalln(err)
}