opensource

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2015-present Cloud <[email protected]> https://www.txthinking.com
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

ca.go

@@ -0,0 +1,112 @@
+package mad
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha1"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/asn1"
+	"encoding/pem"
+	"math/big"
+	"os"
+	"time"
+)
+
+type Ca struct {
+	C      *x509.Certificate
+	CaPEM  []byte
+	KeyPEM []byte
+}
+
+func NewCa(Organization, OrganizationalUnit, CommonName string) *Ca {
+	c := &x509.Certificate{
+		Subject: pkix.Name{
+			Organization:       []string{Organization},
+			OrganizationalUnit: []string{OrganizationalUnit},
+			CommonName:         CommonName,
+		},
+		NotBefore:             time.Now(),
+		NotAfter:              time.Now().AddDate(10, 0, 0),
+		IsCA:                  true,
+		KeyUsage:              x509.KeyUsageCertSign,
+		BasicConstraintsValid: true,
+		MaxPathLenZero:        true,
+	}
+	return &Ca{
+		C: c,
+	}
+}
+
+func (c *Ca) Create() error {
+	p, err := rsa.GenerateKey(rand.Reader, 4096)
+	if err != nil {
+		return err
+	}
+	pub := p.Public()
+
+	b, err := x509.MarshalPKIXPublicKey(pub)
+	if err != nil {
+		return err
+	}
+	var spki struct {
+		Algorithm        pkix.AlgorithmIdentifier
+		SubjectPublicKey asn1.BitString
+	}
+	if _, err := asn1.Unmarshal(b, &spki); err != nil {
+		return err
+	}
+	skid := sha1.Sum(spki.SubjectPublicKey.Bytes)
+	c.C.SubjectKeyId = skid[:]
+
+	sn, err := rand.Int(rand.Reader, big.NewInt(0).Lsh(big.NewInt(1), 128))
+	if err != nil {
+		return err
+	}
+	c.C.SerialNumber = sn
+
+	b, err = x509.CreateCertificate(rand.Reader, c.C, c.C, pub, p)
+	if err != nil {
+		return err
+	}
+	c.CaPEM = pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: b})
+	// c.KeyPEM = pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(p)})
+	b, err = x509.MarshalPKCS8PrivateKey(p)
+	if err != nil {
+		return err
+	}
+	c.KeyPEM = pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: b})
+	return nil
+}
+
+func (c *Ca) Ca() []byte {
+	return c.CaPEM
+}
+
+func (c *Ca) Key() []byte {
+	return c.KeyPEM
+}
+
+func (c *Ca) SaveToFile(ca, key string) error {
+	f, err := os.Create(ca)
+	if err != nil {
+		return err
+	}
+	if _, err := f.Write(c.CaPEM); err != nil {
+		return err
+	}
+	if err := f.Close(); err != nil {
+		return err
+	}
+	f, err = os.Create(key)
+	if err != nil {
+		return err
+	}
+	if _, err := f.Write(c.KeyPEM); err != nil {
+		return err
+	}
+	if err := f.Close(); err != nil {
+		return err
+	}
+	return nil
+}

cert.go

@@ -0,0 +1,139 @@
+package mad
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha1"
+	"crypto/tls"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/asn1"
+	"encoding/pem"
+	"math/big"
+	"net"
+	"os"
+	"time"
+)
+
+type Cert struct {
+	CaPEM    []byte
+	CaKeyPEM []byte
+	C        *x509.Certificate
+	CertPEM  []byte
+	KeyPEM   []byte
+}
+
+func NewCert(caPEM, caKeyPEM []byte, Organization, OrganizationalUnit string) *Cert {
+	c := &x509.Certificate{
+		Subject: pkix.Name{
+			Organization:       []string{Organization},
+			OrganizationalUnit: []string{OrganizationalUnit},
+		},
+		NotBefore:             time.Date(2019, time.June, 1, 0, 0, 0, 0, time.UTC),
+		NotAfter:              time.Now().AddDate(10, 0, 0),
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
+		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+		BasicConstraintsValid: true,
+	}
+	return &Cert{
+		CaPEM:    caPEM,
+		CaKeyPEM: caKeyPEM,
+		C:        c,
+	}
+}
+
+func (c *Cert) SetIPAddresses(ips []net.IP) {
+	c.C.IPAddresses = ips
+	if len(ips) > 0 {
+		c.C.Subject.CommonName = ips[0].String()
+	}
+}
+
+func (c *Cert) SetDNSNames(domains []string) {
+	c.C.DNSNames = domains
+	if len(domains) > 0 {
+		c.C.Subject.CommonName = domains[0]
+	}
+}
+
+func (c *Cert) Create() error {
+	tc, err := tls.X509KeyPair(c.CaPEM, c.CaKeyPEM)
+	if err != nil {
+		return err
+	}
+	ca, err := x509.ParseCertificate(tc.Certificate[0])
+	if err != nil {
+		return err
+	}
+
+	p, err := rsa.GenerateKey(rand.Reader, 4096)
+	if err != nil {
+		return err
+	}
+	pub := p.Public()
+
+	b, err := x509.MarshalPKIXPublicKey(pub)
+	if err != nil {
+		return err
+	}
+	var spki struct {
+		Algorithm        pkix.AlgorithmIdentifier
+		SubjectPublicKey asn1.BitString
+	}
+	if _, err := asn1.Unmarshal(b, &spki); err != nil {
+		return err
+	}
+	skid := sha1.Sum(spki.SubjectPublicKey.Bytes)
+	c.C.SubjectKeyId = skid[:]
+
+	sn, err := rand.Int(rand.Reader, big.NewInt(0).Lsh(big.NewInt(1), 128))
+	if err != nil {
+		return err
+	}
+	c.C.SerialNumber = sn
+
+	b, err = x509.CreateCertificate(rand.Reader, c.C, ca, pub, tc.PrivateKey)
+	if err != nil {
+		return err
+	}
+	c.CertPEM = pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: b})
+	// c.KeyPEM = pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(p)})
+	b, err = x509.MarshalPKCS8PrivateKey(p)
+	if err != nil {
+		return err
+	}
+	c.KeyPEM = pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: b})
+	return nil
+}
+
+func (c *Cert) Cert() []byte {
+	return c.CertPEM
+}
+
+func (c *Cert) Key() []byte {
+	return c.KeyPEM
+}
+
+func (c *Cert) SaveToFile(cert, key string) error {
+	f, err := os.Create(cert)
+	if err != nil {
+		return err
+	}
+	if _, err := f.Write(c.CertPEM); err != nil {
+		return err
+	}
+	if err := f.Close(); err != nil {
+		return err
+	}
+	f, err = os.Create(key)
+	if err != nil {
+		return err
+	}
+	if _, err := f.Write(c.KeyPEM); err != nil {
+		return err
+	}
+	if err := f.Close(); err != nil {
+		return err
+	}
+	return nil
+}

cli/mad/build.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+if [ $# -ne 1 ]; then
+    echo "./build.sh version"
+    exit
+fi
+
+mkdir _
+
+CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -ldflags="-w -s" -o _/mad_darwin_amd64
+CGO_ENABLED=0 GOOS=freebsd GOARCH=386 go build -ldflags="-w -s" -o _/mad_freebsd_386
+CGO_ENABLED=0 GOOS=freebsd GOARCH=amd64 go build -ldflags="-w -s" -o _/mad_freebsd_amd64
+CGO_ENABLED=0 GOOS=linux GOARCH=386 go build -ldflags="-w -s" -o _/mad_linux_386
+CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o _/mad_linux_amd64
+CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags="-w -s" -o _/mad_linux_arm64
+CGO_ENABLED=0 GOOS=netbsd GOARCH=386 go build -ldflags="-w -s" -o _/mad_netbsd_386
+CGO_ENABLED=0 GOOS=netbsd GOARCH=amd64 go build -ldflags="-w -s" -o _/mad_netbsd_amd64
+CGO_ENABLED=0 GOOS=openbsd GOARCH=386 go build -ldflags="-w -s" -o _/mad_openbsd_386
+CGO_ENABLED=0 GOOS=openbsd GOARCH=amd64 go build -ldflags="-w -s" -o _/mad_openbsd_amd64
+CGO_ENABLED=0 GOOS=openbsd GOARCH=arm64 go build -ldflags="-w -s" -o _/mad_openbsd_arm64
+CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -ldflags="-w -s" -o _/mad_windows_amd64.exe
+CGO_ENABLED=0 GOOS=windows GOARCH=386 go build -ldflags="-w -s" -o _/mad_windows_386.exe
+
+mad release github.com/txthinking/mad $1 _
+
+rm -rf _