sovonegr/TorrServerJellyfin
1
0
Fork 0
mirror of https://github.com/Ernous/TorrServerJellyfin.git synced 2025-12-19 21:46:11 +05:00
Code Issues Packages Projects Releases Wiki Activity
Files
a91e6eb11bc53aa63e08d146142d225a26cf2f1f
TorrServerJellyfin/server/web/sslcerts/sslcerts.go
Evgeni a91e6eb11b Added Https service. Fix for #188 How enable https? (#312) 
* https service added on port 8091 default

* https port check

* format

* readme

* readme

* readme

* readme

---------

Co-authored-by: evfedoto <evfedoto@cisco.com>
Co-authored-by: nikk <tsynik@gmail.com>
2023-11-13 02:50:11 +03:00

145 lines
3.4 KiB
Go
Raw Blame History

package sslcerts
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"errors"
"math/big"
"net"
"os"
"path/filepath"
"server/log"
"time"
)
func generateSelfSignedCert(ips []string) ([]byte, []byte, error) {
priv, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
if err != nil {
return nil, nil, err
}
notBefore := time.Now()
notAfter := notBefore.Add(365 * 24 * time.Hour) // Valid for 1 year
serialNumber, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
if err != nil {
return nil, nil, err
}
netIps := make([]net.IP, 0)
if len(ips) != 0 {
for _, ip := range ips {
netIps = append(netIps, net.ParseIP(ip))
}
}
template := x509.Certificate{
SerialNumber: serialNumber,
Subject: pkix.Name{
Organization: []string{"Torrserver"},
},
NotBefore: notBefore,
NotAfter: notAfter,
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
DNSNames: []string{"localhost"},
IPAddresses: netIps,
}
certDER, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
if err != nil {
return nil, nil, err
}
certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certDER})
privBytes, err := x509.MarshalECPrivateKey(priv)
if err != nil {
return nil, nil, err
}
privPEM := pem.EncodeToMemory(&pem.Block{Type: "EC PRIVATE KEY", Bytes: privBytes})
return certPEM, privPEM, nil
}
func MakeCertKeyFiles(ips []string) (string, string) {
certPEM, privPEM, err := generateSelfSignedCert(ips)
if err != nil {
log.TLogln("Error generating certificate:", err)
os.Exit(1)
}
certFile, err := os.Create("server.pem")
if err != nil {
log.TLogln("Error creating certificate file:", err)
os.Exit(1)
}
defer certFile.Close()
privFile, err := os.Create("server.key")
if err != nil {
log.TLogln("Error creating private key file:", err)
os.Exit(1)
}
defer privFile.Close()
_, err = certFile.Write(certPEM)
if err != nil {
log.TLogln("Error writing certificate file:", err)
os.Exit(1)
}
_, err = privFile.Write(privPEM)
if err != nil {
log.TLogln("Error writing private key file:", err)
os.Exit(1)
}
log.TLogln("Self-signed certificate and private key generated successfully.")
return getAbsPath("server.pem"), getAbsPath("server.key")
}
func getAbsPath(fileName string) string {
filePath, err := filepath.Abs(fileName)
if err != nil {
log.TLogln("Error getting absolute path:", err)
os.Exit(1)
}
return filePath
}
func VerifyCertKeyFiles(certFile, keyFile, port string) error {
// Load the certificate and key
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
return err
}
// Check if the certificate chain is expired
for _, cert := range cert.Certificate {
x509Cert, err := x509.ParseCertificate(cert)
if err != nil {
return err
}
if x509Cert.NotAfter.Before(time.Now()) {
return errors.New("certificate has expired")
}
}
// Create a TLS configuration
config := tls.Config{
Certificates: []tls.Certificate{cert},
}
// Create a listener to check the certificate and key
ln, err := tls.Listen("tcp", ":"+port, &config)
if err != nil {
return err
}
defer ln.Close()
log.TLogln("Certificate and key are valid.")
return nil
}
Reference in New Issue View Git Blame Copy Permalink