From 4de32274075b7ff2f7f463e7179d5f076819c5d3 Mon Sep 17 00:00:00 2001
From: kaiyou <dev@kaiyou.fr>
Date: Wed, 14 Sep 2022 23:32:18 +0200
Subject: [PATCH] Add ip SAN and temporary storage

---
 pkg/pki/cert.go      | 14 ++++++++++++++
 pkg/pki/templates.go | 18 +++++++++++++-----
 2 files changed, 27 insertions(+), 5 deletions(-)

diff --git a/pkg/pki/cert.go b/pkg/pki/cert.go
index fbd1847..da7a6cd 100644
--- a/pkg/pki/cert.go
+++ b/pkg/pki/cert.go
@@ -7,6 +7,7 @@ import (
 	"crypto/rand"
 	"crypto/x509"
 	"errors"
+	"io/ioutil"
 )
 
 type Cert struct {
@@ -90,13 +91,26 @@ func (c *Certificate) Save() error {
 	return nil
 }
 
+// Ensure that the certificate has IO available
+// Certificates without explicit IO will get a
+// temporary directory
+func (c *Certificate) ensureIO() {
+	if c.IO == nil {
+		dir, _ := ioutil.TempDir("/tmp", "cert-")
+		c.IO = FileIO{dir}
+		c.Save()
+	}
+}
+
 // Get the key file path
 func (c *Certificate) KeyPath() string {
+	c.ensureIO()
 	return c.IO.Path(KeyType)
 }
 
 // Get the certificate file path
 func (c *Certificate) CertPath() string {
+	c.ensureIO()
 	return c.IO.Path(CertType)
 }
 
diff --git a/pkg/pki/templates.go b/pkg/pki/templates.go
index e82ad26..48e7a7a 100644
--- a/pkg/pki/templates.go
+++ b/pkg/pki/templates.go
@@ -5,6 +5,7 @@ import (
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"math/big"
+	"net"
 	"time"
 )
 
@@ -30,18 +31,23 @@ func newTemplate() *x509.Certificate {
 func NewCATemplate() *x509.Certificate {
 	template := newTemplate()
 	template.Subject = pkix.Name{}
-	template.KeyUsage = x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign
-	template.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}
+	template.KeyUsage = x509.KeyUsageCertSign | x509.KeyUsageCRLSign
 	template.IsCA = true
 	return template
 }
 
-func NewServerTemplate(names []string) *x509.Certificate {
+func NewServerTemplate(names []string, ips []net.IP) *x509.Certificate {
 	template := newTemplate()
-	template.Subject = pkix.Name{
-		CommonName: names[0],
+	template.Subject = pkix.Name{}
+	if len(names) > 0 {
+		template.Subject.CommonName = names[0]
+	} else if len(ips) > 0 {
+		template.Subject.CommonName = ips[0].String()
 	}
+	template.KeyUsage = x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment
+	template.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}
 	template.DNSNames = names
+	template.IPAddresses = ips
 	return template
 }
 
@@ -51,5 +57,7 @@ func NewClientTemplate(cn string, org string) *x509.Certificate {
 		CommonName:   cn,
 		Organization: []string{org},
 	}
+	template.KeyUsage = x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment
+	template.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}
 	return template
 }
-- 
GitLab