Let clients list and revoke certs

2021-12-06 19:14:39 +01:00
parent 79b80772c7
commit be564f9a3e
12 changed files with 684 additions and 122 deletions
--- a/certs/certservice.go
+++ b/certs/certservice.go
@@ -66,11 +66,10 @@ func (cs *CertService) NewClient(id string) ([]byte, []byte, error) {
 			Country:      []string{"No"},
 			Locality:     []string{"Oslo"},
 		},
-		NotBefore:    time.Now(),
-		NotAfter:     time.Now().AddDate(10, 0, 0),
-		SubjectKeyId: []byte{1, 2, 3, 4, 6},
-		ExtKeyUsage:  []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
-		KeyUsage:     x509.KeyUsageDigitalSignature,
+		NotBefore:   time.Now(),
+		NotAfter:    time.Now().AddDate(0, 0, 30),
+		ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
+		KeyUsage:    x509.KeyUsageDigitalSignature,
 	}

 	certPrivKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
@@ -102,6 +101,15 @@ func (cs *CertService) NewClient(id string) ([]byte, []byte, error) {
 		return nil, nil, fmt.Errorf("unable to encode client private key: %w", err)
 	}

+	signed, err := x509.ParseCertificate(certBytes)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	if err := cs.store.StoreCertificate(signed); err != nil {
+		return nil, nil, err
+	}
+
 	return certPEM.Bytes(), keyPEM.Bytes(), nil
 }