Add command to generate test keys/certs (#204)
Add `generate-keys` command, which can be used to generate TLS keys/certs, and, more usefully, matrix signing keys.
This commit is contained in:
parent
fc51f72bf9
commit
8c2e6273e3
3 changed files with 73 additions and 15 deletions
11
INSTALL.md
11
INSTALL.md
|
@ -71,21 +71,14 @@ Dendrite requires a postgres database engine, version 9.5 or later.
|
|||
|
||||
### Crypto key generation
|
||||
|
||||
Generate the keys (unlike synapse, dendrite doesn't autogen yet):
|
||||
Generate the keys:
|
||||
|
||||
```bash
|
||||
# Generate a self-signed SSL cert for federation:
|
||||
test -f server.key || openssl req -x509 -newkey rsa:4096 -keyout server.key -out server.crt -days 3650 -nodes -subj /CN=localhost
|
||||
|
||||
# generate ed25519 signing key
|
||||
test -f matrix_key.pem || python3 > matrix_key.pem <<EOF
|
||||
import base64;
|
||||
r = lambda n: base64.b64encode(open("/dev/urandom", "rb").read(n)).decode("utf8");
|
||||
print("-----BEGIN MATRIX PRIVATE KEY-----")
|
||||
print("Key-ID:", "ed25519:" + r(3).rstrip("="))
|
||||
print(r(32))
|
||||
print("-----END MATRIX PRIVATE KEY-----")
|
||||
EOF
|
||||
test -f matrix_key.pem || ./bin/generate-keys -private-key matrix_key.pem
|
||||
```
|
||||
|
||||
### Configuration
|
||||
|
|
65
src/github.com/matrix-org/dendrite/cmd/generate-keys/main.go
Normal file
65
src/github.com/matrix-org/dendrite/cmd/generate-keys/main.go
Normal file
|
@ -0,0 +1,65 @@
|
|||
// Copyright 2017 Vector Creations Ltd
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
"flag"
|
||||
"fmt"
|
||||
"log"
|
||||
"os"
|
||||
|
||||
"github.com/matrix-org/dendrite/common/test"
|
||||
)
|
||||
|
||||
const usage = `Usage: %s
|
||||
|
||||
Generate key files which are required by dendrite.
|
||||
|
||||
Arguments:
|
||||
|
||||
`
|
||||
|
||||
var (
|
||||
tlsCertFile = flag.String("tls-cert", "", "An X509 certificate file to generate for use for TLS")
|
||||
tlsKeyFile = flag.String("tls-key", "", "An RSA private key file to generate for use for TLS")
|
||||
privateKeyFile = flag.String("private-key", "", "An Ed25519 private key to generate for use for object signing")
|
||||
)
|
||||
|
||||
func main() {
|
||||
flag.Usage = func() {
|
||||
fmt.Fprintf(os.Stderr, usage, os.Args[0])
|
||||
flag.PrintDefaults()
|
||||
}
|
||||
|
||||
flag.Parse()
|
||||
|
||||
if *tlsCertFile != "" || *tlsKeyFile != "" {
|
||||
if *tlsCertFile == "" || *tlsKeyFile == "" {
|
||||
log.Fatal("Zero or both of --tls-key and --tls-cert must be supplied")
|
||||
}
|
||||
if err := test.NewTLSKey(*tlsKeyFile, *tlsCertFile); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
fmt.Printf("Created TLS cert file: %s\n", *tlsCertFile)
|
||||
fmt.Printf("Created TLS key file: %s\n", *tlsKeyFile)
|
||||
}
|
||||
|
||||
if *privateKeyFile != "" {
|
||||
if err := test.NewMatrixKey(*privateKeyFile); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
fmt.Printf("Created private key file: %s\n", *privateKeyFile)
|
||||
}
|
||||
}
|
|
@ -62,11 +62,11 @@ func MakeConfig(configDir, kafkaURI, database, host string, startPort int) (*con
|
|||
tlsKeyPath := filepath.Join(configDir, TLSCertFile)
|
||||
mediaBasePath := filepath.Join(configDir, MediaDir)
|
||||
|
||||
if err := newMatrixKey(serverKeyPath); err != nil {
|
||||
if err := NewMatrixKey(serverKeyPath); err != nil {
|
||||
return nil, 0, err
|
||||
}
|
||||
|
||||
if err := newTLSKey(tlsKeyPath, tlsCertPath); err != nil {
|
||||
if err := NewTLSKey(tlsKeyPath, tlsCertPath); err != nil {
|
||||
return nil, 0, err
|
||||
}
|
||||
|
||||
|
@ -119,8 +119,8 @@ func WriteConfig(cfg *config.Dendrite, configDir string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// newMatrixKey generates a new ed25519 matrix server key and writes it to a file.
|
||||
func newMatrixKey(matrixKeyPath string) error {
|
||||
// NewMatrixKey generates a new ed25519 matrix server key and writes it to a file.
|
||||
func NewMatrixKey(matrixKeyPath string) error {
|
||||
var data [35]byte
|
||||
if _, err := rand.Read(data[:]); err != nil {
|
||||
return err
|
||||
|
@ -145,8 +145,8 @@ func newMatrixKey(matrixKeyPath string) error {
|
|||
|
||||
const certificateDuration = time.Hour * 24 * 365 * 10
|
||||
|
||||
// newTLSKey generates a new RSA TLS key and certificate and writes it to a file.
|
||||
func newTLSKey(tlsKeyPath, tlsCertPath string) error {
|
||||
// NewTLSKey generates a new RSA TLS key and certificate and writes it to a file.
|
||||
func NewTLSKey(tlsKeyPath, tlsCertPath string) error {
|
||||
priv, err := rsa.GenerateKey(rand.Reader, 4096)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
Loading…
Reference in a new issue