pages-server/certificates.go

package main

import (
	"crypto/rand"
	"crypto/rsa"
	"crypto/tls"
	"crypto/x509"
	"crypto/x509/pkix"
	"encoding/pem"
	"math/big"
	"strings"
	"time"
)

var fallbackCertKey, _ = rsa.GenerateKey(rand.Reader, 1024)
var fallbackCertSpecification = &x509.Certificate{
	Subject: pkix.Name{
		CommonName: strings.TrimPrefix(string(MainDomainSuffix), "."),
	},
	SerialNumber: big.NewInt(0),
	NotBefore: time.Now(),
	NotAfter: time.Now().AddDate(100, 0, 0),
}
var fallbackCertBytes, _ = x509.CreateCertificate(
	rand.Reader,
	fallbackCertSpecification,
	fallbackCertSpecification,
	fallbackCertKey.Public(),
	fallbackCertKey,
)
var fallbackCert, _ = tls.X509KeyPair(pem.EncodeToMemory(&pem.Block{
	Bytes: fallbackCertBytes,
	Type: "CERTIFICATE",
}), pem.EncodeToMemory(&pem.Block{
	Bytes: x509.MarshalPKCS1PrivateKey(fallbackCertKey),
	Type: "RSA PRIVATE KEY",
}))

// tlsConfig contains the configuration for generating, serving and cleaning up Let's Encrypt certificates.
var tlsConfig = &tls.Config{
	GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
		// TODO: check DNS name & get certificate from Let's Encrypt
		return &fallbackCert, nil
	},
	PreferServerCipherSuites: true,
	// TODO: optimize cipher suites, minimum TLS version, etc.
}

// TODO: HSTS header with includeSubdomains & preload for MainDomainSuffix and RawDomain
Split code into multiple files 2021-03-16 23:34:31 +00:00			`package main`

			`import (`
Switch to HTTPS using a self-signed certificate 2021-07-08 23:15:42 +00:00			`"crypto/rand"`
			`"crypto/rsa"`
Split code into multiple files 2021-03-16 23:34:31 +00:00			`"crypto/tls"`
Switch to HTTPS using a self-signed certificate 2021-07-08 23:15:42 +00:00			`"crypto/x509"`
			`"crypto/x509/pkix"`
			`"encoding/pem"`
			`"math/big"`
			`"strings"`
			`"time"`
Split code into multiple files 2021-03-16 23:34:31 +00:00			`)`

Switch to HTTPS using a self-signed certificate 2021-07-08 23:15:42 +00:00			`var fallbackCertKey, _ = rsa.GenerateKey(rand.Reader, 1024)`
			`var fallbackCertSpecification = &x509.Certificate{`
			`Subject: pkix.Name{`
			`CommonName: strings.TrimPrefix(string(MainDomainSuffix), "."),`
			`},`
			`SerialNumber: big.NewInt(0),`
			`NotBefore: time.Now(),`
			`NotAfter: time.Now().AddDate(100, 0, 0),`
			`}`
			`var fallbackCertBytes, _ = x509.CreateCertificate(`
			`rand.Reader,`
			`fallbackCertSpecification,`
			`fallbackCertSpecification,`
			`fallbackCertKey.Public(),`
			`fallbackCertKey,`
			`)`
			`var fallbackCert, _ = tls.X509KeyPair(pem.EncodeToMemory(&pem.Block{`
			`Bytes: fallbackCertBytes,`
			`Type: "CERTIFICATE",`
			`}), pem.EncodeToMemory(&pem.Block{`
			`Bytes: x509.MarshalPKCS1PrivateKey(fallbackCertKey),`
			`Type: "RSA PRIVATE KEY",`
			`}))`

Split code into multiple files 2021-03-16 23:34:31 +00:00			`// tlsConfig contains the configuration for generating, serving and cleaning up Let's Encrypt certificates.`
			`var tlsConfig = &tls.Config{`
			`GetCertificate: func(info tls.ClientHelloInfo) (tls.Certificate, error) {`
			`// TODO: check DNS name & get certificate from Let's Encrypt`
Switch to HTTPS using a self-signed certificate 2021-07-08 23:15:42 +00:00			`return &fallbackCert, nil`
Split code into multiple files 2021-03-16 23:34:31 +00:00			`},`
			`PreferServerCipherSuites: true,`
			`// TODO: optimize cipher suites, minimum TLS version, etc.`
			`}`
Fix error page not rendering & make it more beautiful 2021-03-17 00:16:57 +00:00
			`// TODO: HSTS header with includeSubdomains & preload for MainDomainSuffix and RawDomain`