From b6e90e4a8e1eea534d315d8a4e14c93a0a0063a5 Mon Sep 17 00:00:00 2001 From: izuku-sds Date: Fri, 24 May 2024 15:25:42 +0530 Subject: [PATCH 1/2] shift from openssl to GOLang based cert creation --- go.mod | 31 ++-- go.sum | 40 +++++ lib/utils/crypto.go | 227 +++++++++++++++++++++++------ services/infrasetservice/helper.go | 2 +- 4 files changed, 245 insertions(+), 55 deletions(-) diff --git a/go.mod b/go.mod index 13ded23..ad7a551 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,8 @@ module github.com/sdslabs/katana -go 1.19 +go 1.21.0 + +toolchain go1.21.3 require ( github.com/BurntSushi/toml v1.3.2 @@ -16,7 +18,7 @@ require ( github.com/stretchr/testify v1.8.4 github.com/xdg-go/pbkdf2 v1.0.0 go.mongodb.org/mongo-driver v1.12.1 - golang.org/x/crypto v0.12.0 + golang.org/x/crypto v0.23.0 k8s.io/api v0.28.1 k8s.io/apimachinery v0.28.1 k8s.io/client-go v0.28.1 @@ -31,6 +33,8 @@ require ( github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect github.com/acomagu/bufpipe v1.0.4 // indirect github.com/andybalholm/brotli v1.0.5 // indirect + github.com/caddyserver/certmagic v0.21.2 // indirect + github.com/caddyserver/zerossl v0.1.3 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect github.com/cloudflare/circl v1.3.3 // indirect github.com/davecgh/go-spew v1.1.1 // indirect @@ -55,7 +59,7 @@ require ( github.com/golang/snappy v0.0.4 // indirect github.com/google/btree v1.0.1 // indirect github.com/google/gnostic-models v0.6.8 // indirect - github.com/google/go-cmp v0.5.9 // indirect + github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.3.0 // indirect @@ -67,12 +71,16 @@ require ( github.com/json-iterator/go v1.1.12 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/klauspost/compress v1.16.7 // indirect + github.com/klauspost/cpuid/v2 v2.2.7 // indirect github.com/klauspost/pgzip v1.2.6 // indirect + github.com/libdns/libdns v0.2.2 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.19 // indirect github.com/mattn/go-runewidth v0.0.15 // indirect + github.com/mholt/acmez/v2 v2.0.1 // indirect + github.com/miekg/dns v1.1.59 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/moby/spdystream v0.2.0 // indirect github.com/moby/term v0.5.0 // indirect @@ -105,16 +113,19 @@ require ( github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect github.com/xlab/treeprint v1.2.0 // indirect github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a // indirect + github.com/zeebo/blake3 v0.2.3 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect - golang.org/x/mod v0.12.0 // indirect - golang.org/x/net v0.14.0 // indirect + go.uber.org/multierr v1.11.0 // indirect + go.uber.org/zap v1.27.0 // indirect + golang.org/x/mod v0.17.0 // indirect + golang.org/x/net v0.25.0 // indirect golang.org/x/oauth2 v0.11.0 // indirect - golang.org/x/sync v0.3.0 // indirect - golang.org/x/sys v0.11.0 // indirect - golang.org/x/term v0.11.0 // indirect - golang.org/x/text v0.12.0 // indirect + golang.org/x/sync v0.7.0 // indirect + golang.org/x/sys v0.20.0 // indirect + golang.org/x/term v0.20.0 // indirect + golang.org/x/text v0.15.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.12.0 // indirect + golang.org/x/tools v0.21.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/protobuf v1.31.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index 96b5b9c..4b238c6 100644 --- a/go.sum +++ b/go.sum @@ -21,6 +21,10 @@ github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHG github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= +github.com/caddyserver/certmagic v0.21.2 h1:O18LtaYBGDooyy257cYePnhp4lPfz6TaJELil6Q1fDg= +github.com/caddyserver/certmagic v0.21.2/go.mod h1:Zq6pklO9nVRl3DIFUw9gVUfXKdpc/0qwTUAQMBlfgtI= +github.com/caddyserver/zerossl v0.1.3 h1:onS+pxp3M8HnHpN5MMbOMyNjmTheJyWRaZYwn+YTAyA= +github.com/caddyserver/zerossl v0.1.3/go.mod h1:CxA0acn7oEGO6//4rtrRjYgEoa4MFw/XofZnrYwGqG4= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk= github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= @@ -122,6 +126,8 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -152,7 +158,11 @@ github.com/klauspost/compress v1.11.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYs github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I= github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/cpuid v1.2.0 h1:NMpwD2G9JSFOE1/TJjGSo5zG7Yb2bTe7eq1jH+irmeE= github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= +github.com/klauspost/cpuid/v2 v2.0.12/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c= +github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM= +github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU= github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= @@ -163,6 +173,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/libdns/libdns v0.2.2 h1:O6ws7bAfRPaBsgAYt8MDe2HcNBGC29hkZ9MX2eUSX3s= +github.com/libdns/libdns v0.2.2/go.mod h1:4Bj9+5CQiNMVGf87wjX4CY3HQJypUHRuLvlsfsZqLWQ= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= @@ -176,8 +188,12 @@ github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APP github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= +github.com/mholt/acmez/v2 v2.0.1 h1:3/3N0u1pLjMK4sNEAFSI+bcvzbPhRpY383sy1kLHJ6k= +github.com/mholt/acmez/v2 v2.0.1/go.mod h1:fX4c9r5jYwMyMsC+7tkYRxHibkOTgta5DIFGoe67e1U= github.com/mholt/archiver/v3 v3.5.1 h1:rDjOBX9JSF5BvoJGvjqK479aL70qh9DIpZCl+k7Clwo= github.com/mholt/archiver/v3 v3.5.1/go.mod h1:e3dqJ7H78uzsRSEACH1joayhuSyhnonssnDhppzS1L4= +github.com/miekg/dns v1.1.59 h1:C9EXc/UToRwKLhK5wKU/I4QVsBUc8kE6MkHBkeypWZs= +github.com/miekg/dns v1.1.59/go.mod h1:nZpewl5p6IvctfgrckopVx2OlSEHPRO/U4SYkRklrEk= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= @@ -280,10 +296,18 @@ github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a/go.mod h1:ul22v+Nro/ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +github.com/zeebo/assert v1.1.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0= +github.com/zeebo/blake3 v0.2.3 h1:TFoLXsjeXqRNFxSbk35Dk4YtszE/MQQGK10BH4ptoTg= +github.com/zeebo/blake3 v0.2.3/go.mod h1:mjJjZpnsyIVtVgTOSpJ9vmRE4wgDeyt2HU3qXvvKCaQ= +github.com/zeebo/pcg v1.0.1/go.mod h1:09F0S9iiKrwn9rlI5yjLkmrug154/YRW6KnnXVDM/l4= go.mongodb.org/mongo-driver v1.12.1 h1:nLkghSU8fQNaK7oUmDhQFsnrtcoNy7Z6LVFKsEecqgE= go.mongodb.org/mongo-driver v1.12.1/go.mod h1:/rGBTebI3XYboVmgz+Wv3Bcbl3aD0QF9zl6kDDw18rQ= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= +go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= +go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -294,6 +318,8 @@ golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2Uz golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= +golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= +golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -304,6 +330,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -321,6 +349,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= +golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU= golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk= @@ -333,6 +363,8 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -353,6 +385,8 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -361,6 +395,8 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0= golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= +golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -372,6 +408,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc= golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -386,6 +424,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.12.0 h1:YW6HUoUmYBpwSgyaGaZq1fHjrBjX1rlpZ54T6mu2kss= golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= +golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= +golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/lib/utils/crypto.go b/lib/utils/crypto.go index 12e3b77..e37e112 100644 --- a/lib/utils/crypto.go +++ b/lib/utils/crypto.go @@ -6,10 +6,20 @@ import ( "encoding/base64" "encoding/hex" "fmt" - "log" "github.com/xdg-go/pbkdf2" "golang.org/x/crypto/bcrypt" + + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "math/big" + "os" + + "strings" + "time" ) // MD5 encodes string to hexadecimal of MD5 checksum. @@ -24,80 +34,209 @@ func Base64Encode(str string) string { return base64.StdEncoding.EncodeToString([]byte(str)) } +// V3Ext represents a v3.ext file +type V3Ext struct { + AuthorityKeyIdentifier string + BasicConstraintsValid bool + IsCA bool + KeyUsage string + ExtKeyUsage string + DNSNames []string +} + func GenerateCerts(domain string, basePath string) error { - // Generate ca.key in harbor directory - log.Println("cert 1") - cmd := "openssl genrsa -out " + basePath + "/ca.key 4096" - if err := RunCommand(cmd); err != nil { + basePath += "/" + // Generate a new private key for the CA + caPrivateKey, err := rsa.GenerateKey(rand.Reader, 4096) + if err != nil { + return err + } + + // Set up the certificate template for the CA + caTemplate := &x509.Certificate{ + SerialNumber: big.NewInt(1), + Subject: pkix.Name{ + Organization: []string{"SDSLabs"}, + Country: []string{"IN"}, + Province: []string{"Delhi"}, + Locality: []string{"Delhi"}, + StreetAddress: []string{"smoking jawahar"}, + PostalCode: []string{"110080"}, + }, + NotBefore: time.Now(), + NotAfter: time.Now().Add(365 * 24 * time.Hour), // 1 year validity + IsCA: true, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, + KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, + BasicConstraintsValid: true, + } + + // Create the CA certificate + caBytes, err := x509.CreateCertificate(rand.Reader, caTemplate, caTemplate, &caPrivateKey.PublicKey, caPrivateKey) + if err != nil { + return err + } + + // Save the CA private key + keyFile, err := os.Create(basePath + "ca.key") + if err != nil { + return err + } + defer keyFile.Close() + + privBytes := x509.MarshalPKCS1PrivateKey(caPrivateKey) + privPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: privBytes}) + _, err = keyFile.Write(privPEM) + if err != nil { + return err + } + + // Save the CA certificate + certFile, err := os.Create(basePath + "ca.crt") + if err != nil { + return err + } + defer certFile.Close() + + certPEM := pem.EncodeToMemory(&pem.Block{ + Type: "CERTIFICATE", + Bytes: caBytes, + }) + + _, err = certFile.Write(certPEM) + if err != nil { return err } - log.Println("cert 2") - // using -traditional flag to get PKCS#1 [different header], otherwise 500 Internal Error - cmd = "openssl rsa -in "+basePath+"/ca.key -out "+basePath+"/ca.key -traditional" - if err := RunCommand(cmd); err != nil { + + // Generate a new private key for the server + serverPrivateKey, err := rsa.GenerateKey(rand.Reader, 4096) + if err != nil { return err } - log.Println("cert 3") - // using -traditional flag to get PKCS#1 [different header], otherwise 500 Internal Error - cmd = "openssl rsa -in "+basePath+"/ca.key -out "+basePath+"/ca.key -traditional" - if err := RunCommand(cmd); err != nil { + // Set up the CSR template for the server + csrTemplate := &x509.CertificateRequest{ + Subject: pkix.Name{ + CommonName: domain, + }, + SignatureAlgorithm: x509.SHA256WithRSA, + DNSNames: []string{domain}, + } + + // Create the CSR + csrBytes, err := x509.CreateCertificateRequest(rand.Reader, csrTemplate, serverPrivateKey) + if err != nil { return err } - log.Println("cert 4") - // Generate ca.crt - cmd = "openssl req -x509 -new -nodes -sha512 -days 3650 -subj '/C=IN/ST=Delhi/L=Delhi/O=Katana/CN=" + domain + "' -key " + basePath + "/ca.key -out " + basePath + "/ca.crt" - if err := RunCommand(cmd); err != nil { + // Save the CSR + csrFile, err := os.Create(basePath + domain + ".csr") + if err != nil { return err } + defer csrFile.Close() - log.Println("cert 5") - // using -traditional flag to get PKCS#1 [different header], otherwise 500 Internal Error - // cmd = "openssl rsa -in " + basePath + "/" + domain + ".key -out " + basePath + "/" + domain + ".key -traditional" - // if err := RunCommand(cmd); err != nil { - // return err - // } + csrPEM := pem.EncodeToMemory(&pem.Block{ + Type: "CERTIFICATE REQUEST", + Bytes: csrBytes, + }) - log.Println("cert 6") - // Generate private key - cmd = "openssl genrsa -out " + basePath + "/" + domain + ".key 4096" - if err := RunCommand(cmd); err != nil { + _, err = csrFile.Write(csrPEM) + if err != nil { return err } - log.Println("cert 7") - // using -traditional flag to get PKCS#1 [different header], otherwise 500 Internal Error - cmd="openssl rsa -in "+basePath+"/"+domain+".key -out "+basePath+"/"+domain+".key -traditional" - if err := RunCommand(cmd); err != nil { + // Save the server private key + serverKeyFile, err := os.Create(basePath + domain + ".key") + if err != nil { return err } + defer serverKeyFile.Close() - log.Println("cert 8") - // Generate certificate signing request - cmd = "openssl req -sha512 -new -subj '/C=IN/ST=Delhi/L=Delhi/O=Katana/CN=" + domain + "' -key " + basePath + "/" + domain + ".key -out " + basePath + "/" + domain + ".csr" - if err := RunCommand(cmd); err != nil { + serverPrivBytes := x509.MarshalPKCS1PrivateKey(serverPrivateKey) + serverPrivPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: serverPrivBytes}) + _, err = serverKeyFile.Write(serverPrivPEM) + if err != nil { return err } - log.Println("cert 9") - // Generate v3.ext file - cmd = "echo 'authorityKeyIdentifier=keyid,issuer\nbasicConstraints=CA:FALSE\nkeyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment\nextendedKeyUsage = serverAuth\nsubjectAltName = @alt_names\n[alt_names]\nDNS.1=" + domain + "' > " + basePath + "/v3.ext" - if err := RunCommand(cmd); err != nil { + // Define your v3.ext + v3ext := V3Ext{ + AuthorityKeyIdentifier: "keyid,issuer", + BasicConstraintsValid: true, + IsCA: false, + KeyUsage: "digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment", + ExtKeyUsage: "serverAuth", + DNSNames: []string{"harbor.katana.local"}, + } + + // Set up the certificate template for the server + serverTemplate := &x509.Certificate{ + SerialNumber: big.NewInt(2), + Subject: pkix.Name{ + CommonName: domain, + }, + NotBefore: time.Now(), + NotAfter: time.Now().Add(365 * 24 * time.Hour), // 1 year validity + KeyUsage: keyUsage(v3ext.KeyUsage), + ExtKeyUsage: []x509.ExtKeyUsage{ + extKeyUsage(v3ext.ExtKeyUsage), + }, + DNSNames: v3ext.DNSNames, + BasicConstraintsValid: v3ext.BasicConstraintsValid, + IsCA: v3ext.IsCA, + } + + // Create the server certificate + serverBytes, err := x509.CreateCertificate(rand.Reader, serverTemplate, caTemplate, &serverPrivateKey.PublicKey, caPrivateKey) + if err != nil { return err } - log.Println("cert 10") - // Generate certificate - cmd = "openssl x509 -req -sha512 -days 3650 -extfile " + basePath + "/v3.ext -CA " + basePath + "/ca.crt -CAkey " + basePath + "/ca.key -CAcreateserial -in " + basePath + "/" + domain + ".csr -out " + basePath + "/" + domain + ".crt" - if err := RunCommand(cmd); err != nil { + // Save the server certificate + serverCertFile, err := os.Create(basePath + domain + ".crt") + if err != nil { return err } + defer serverCertFile.Close() + + serverCertPEM := pem.EncodeToMemory(&pem.Block{ + Type: "CERTIFICATE", + Bytes: serverBytes, + }) - log.Println("cert 11") + _, err = serverCertFile.Write(serverCertPEM) + if err != nil { + return err + } return nil } +func keyUsage(s string) x509.KeyUsage { + var ku x509.KeyUsage + if strings.Contains(s, "digitalSignature") { + ku |= x509.KeyUsageDigitalSignature + } + if strings.Contains(s, "nonRepudiation") { + ku |= x509.KeyUsageContentCommitment + } + if strings.Contains(s, "keyEncipherment") { + ku |= x509.KeyUsageKeyEncipherment + } + if strings.Contains(s, "dataEncipherment") { + ku |= x509.KeyUsageDataEncipherment + } + return ku +} + +func extKeyUsage(s string) x509.ExtKeyUsage { + var eku x509.ExtKeyUsage + if strings.Contains(s, "serverAuth") { + eku = x509.ExtKeyUsageServerAuth + } + return eku +} + func HashPassword(password string) (string, error) { pass := []byte(password) hash, err := bcrypt.GenerateFromPassword(pass, bcrypt.MinCost) diff --git a/services/infrasetservice/helper.go b/services/infrasetservice/helper.go index 71b344c..8daed5d 100644 --- a/services/infrasetservice/helper.go +++ b/services/infrasetservice/helper.go @@ -21,7 +21,7 @@ func generateCertsforHarbor() { log.Println("CHECK 1") // Delete the directory if it already exists - if _, err := os.Stat(path); os.IsExist(err) { + if _, err := os.Stat(path); err==nil { errDir := os.RemoveAll(path) if errDir != nil { log.Fatal(err) From de09341f96dd46f2eb259868bef74a2acc37690b Mon Sep 17 00:00:00 2001 From: izuku-sds Date: Sat, 25 May 2024 03:44:35 +0530 Subject: [PATCH 2/2] creates config and type for certs, resolved possible error in generateCertsforHarbor --- config.sample.toml | 8 ++++++ configs/types.go | 9 +++++++ lib/utils/crypto.go | 42 +++++++++++++++--------------- services/infrasetservice/helper.go | 16 +++++++++--- types/deployment.go | 10 +++++++ 5 files changed, 60 insertions(+), 25 deletions(-) diff --git a/config.sample.toml b/config.sample.toml index da21148..3be9604 100644 --- a/config.sample.toml +++ b/config.sample.toml @@ -53,3 +53,11 @@ password = "sdslabs" [harbor] username = "admin" # cannot be changed password = "Password12345" # NOTE: Password should be 8-128 characters long with at least 1 uppercase, 1 lowercase and 1 number + +[certificate] +organization = "SDSLabs" +country = "IN" +province = "Delhi" +locality = "Delhi" +street_address = "smoking jawahar" +postal_code = "110080" \ No newline at end of file diff --git a/configs/types.go b/configs/types.go index 9870e91..f7948a4 100644 --- a/configs/types.go +++ b/configs/types.go @@ -72,3 +72,12 @@ type HarborCfg struct { Username string `toml:"username"` Password string `toml:"password"` } + +type Certificate struct { + Organization string `toml:"organization"` + Country string `toml:"country"` + Province string `toml:"province"` + Locality string `toml:"locality"` + StreetAddress string `toml:"street_address"` + PostalCode string `toml:"postal_code"` +} \ No newline at end of file diff --git a/lib/utils/crypto.go b/lib/utils/crypto.go index e37e112..0b03326 100644 --- a/lib/utils/crypto.go +++ b/lib/utils/crypto.go @@ -7,6 +7,7 @@ import ( "encoding/hex" "fmt" + "github.com/BurntSushi/toml" "github.com/xdg-go/pbkdf2" "golang.org/x/crypto/bcrypt" @@ -20,6 +21,9 @@ import ( "strings" "time" + + configs "github.com/sdslabs/katana/configs" + types "github.com/sdslabs/katana/types" ) // MD5 encodes string to hexadecimal of MD5 checksum. @@ -34,18 +38,14 @@ func Base64Encode(str string) string { return base64.StdEncoding.EncodeToString([]byte(str)) } -// V3Ext represents a v3.ext file -type V3Ext struct { - AuthorityKeyIdentifier string - BasicConstraintsValid bool - IsCA bool - KeyUsage string - ExtKeyUsage string - DNSNames []string -} - func GenerateCerts(domain string, basePath string) error { basePath += "/" + cert_config := &configs.Certificate{} + _, err := toml.DecodeFile("config.toml", &cert_config) + if err != nil { + return err + } + // Generate a new private key for the CA caPrivateKey, err := rsa.GenerateKey(rand.Reader, 4096) if err != nil { @@ -56,12 +56,12 @@ func GenerateCerts(domain string, basePath string) error { caTemplate := &x509.Certificate{ SerialNumber: big.NewInt(1), Subject: pkix.Name{ - Organization: []string{"SDSLabs"}, - Country: []string{"IN"}, - Province: []string{"Delhi"}, - Locality: []string{"Delhi"}, - StreetAddress: []string{"smoking jawahar"}, - PostalCode: []string{"110080"}, + Organization: []string{cert_config.Organization}, + Country: []string{cert_config.Country}, + Province: []string{cert_config.Province}, + Locality: []string{cert_config.Locality}, + StreetAddress: []string{cert_config.StreetAddress}, + PostalCode: []string{cert_config.PostalCode}, }, NotBefore: time.Now(), NotAfter: time.Now().Add(365 * 24 * time.Hour), // 1 year validity @@ -161,10 +161,10 @@ func GenerateCerts(domain string, basePath string) error { } // Define your v3.ext - v3ext := V3Ext{ + v3ext := types.V3Ext{ AuthorityKeyIdentifier: "keyid,issuer", - BasicConstraintsValid: true, - IsCA: false, + BasicConstraintsValid: true, + IsCA: false, KeyUsage: "digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment", ExtKeyUsage: "serverAuth", DNSNames: []string{"harbor.katana.local"}, @@ -182,9 +182,9 @@ func GenerateCerts(domain string, basePath string) error { ExtKeyUsage: []x509.ExtKeyUsage{ extKeyUsage(v3ext.ExtKeyUsage), }, - DNSNames: v3ext.DNSNames, + DNSNames: v3ext.DNSNames, BasicConstraintsValid: v3ext.BasicConstraintsValid, - IsCA: v3ext.IsCA, + IsCA: v3ext.IsCA, } // Create the server certificate diff --git a/services/infrasetservice/helper.go b/services/infrasetservice/helper.go index 8daed5d..ea76a70 100644 --- a/services/infrasetservice/helper.go +++ b/services/infrasetservice/helper.go @@ -2,6 +2,7 @@ package infrasetservice import ( "context" + "errors" "fmt" "log" "os" @@ -21,19 +22,26 @@ func generateCertsforHarbor() { log.Println("CHECK 1") // Delete the directory if it already exists - if _, err := os.Stat(path); err==nil { + _,err:=os.Stat(path) + if err==nil{ + //If it exists, delete it errDir := os.RemoveAll(path) if errDir != nil { - log.Fatal(err) + log.Fatalf("Failed to remove directory: %v", errDir) } + }else if !errors.Is(err, os.ErrNotExist){ + // If there is an error other than "does not exist", log it and exit + log.Fatalf("Failed to access directory: %v", err) } log.Println("CHECK 2") - if _, err := os.Stat(path); os.IsNotExist(err) { + if _, err := os.Stat(path); errors.Is(err, os.ErrNotExist) { + //creating directory errDir := os.Mkdir(path, 0755) if errDir != nil { - log.Fatal(err) + log.Fatalf("Failed to create directory: %v",errDir) } } + log.Println("CHECK 3") // Generate the certificates if err := utils.GenerateCerts("harbor.katana.local", path); err != nil { diff --git a/types/deployment.go b/types/deployment.go index 3ec3392..ad3938e 100644 --- a/types/deployment.go +++ b/types/deployment.go @@ -47,3 +47,13 @@ type GogsRequest struct { Before string `json:"before"` Repository Repo `json:"repository"` } + +// V3Ext represents a v3.ext file +type V3Ext struct { + AuthorityKeyIdentifier string + BasicConstraintsValid bool + IsCA bool + KeyUsage string + ExtKeyUsage string + DNSNames []string +} \ No newline at end of file