root: add more common utils

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-16 17:29:01 +02:00
parent 6dc38b0132
commit b98895ac2c
6 changed files with 44 additions and 92 deletions
--- a/internal/common/global.go
+++ b/internal/common/global.go
@ -0,0 +1,22 @@
+package common
+
+import (
+	"math/rand"
+	"os"
+	"os/signal"
+	"time"
+
+	"github.com/getsentry/sentry-go"
+)
+
+func Init() chan os.Signal {
+	rand.Seed(time.Now().UnixNano())
+	interrupt := make(chan os.Signal, 1)
+	signal.Notify(interrupt, os.Interrupt)
+	return interrupt
+}
+
+func Defer() {
+	defer sentry.Flush(time.Second * 5)
+	defer sentry.Recover()
+}
--- a/internal/outpost/ak/cert.go
+++ b/internal/outpost/ak/cert.go
@ -1,63 +0,0 @@
-package ak
-
-import (
-	"crypto/rand"
-	"crypto/rsa"
-	"crypto/tls"
-	"crypto/x509"
-	"crypto/x509/pkix"
-	"encoding/pem"
-	"math/big"
-	"time"
-
-	log "github.com/sirupsen/logrus"
-)
-
-// GenerateSelfSignedCert Generate a self-signed TLS Certificate, to be used as fallback
-func GenerateSelfSignedCert() (tls.Certificate, error) {
-	priv, err := rsa.GenerateKey(rand.Reader, 2048)
-	if err != nil {
-		log.Fatalf("Failed to generate private key: %v", err)
-		return tls.Certificate{}, err
-	}
-
-	keyUsage := x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment
-
-	notBefore := time.Now()
-	notAfter := notBefore.Add(365 * 24 * time.Hour)
-
-	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
-	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
-	if err != nil {
-		log.Fatalf("Failed to generate serial number: %v", err)
-		return tls.Certificate{}, err
-	}
-
-	template := x509.Certificate{
-		SerialNumber: serialNumber,
-		Subject: pkix.Name{
-			Organization: []string{"authentik"},
-			CommonName:   "authentik Proxy default certificate",
-		},
-		NotBefore: notBefore,
-		NotAfter:  notAfter,
-
-		KeyUsage:              keyUsage,
-		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
-		BasicConstraintsValid: true,
-	}
-
-	template.DNSNames = []string{"*"}
-
-	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
-	if err != nil {
-		log.Warning(err)
-	}
-	pemBytes := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
-	privBytes, err := x509.MarshalPKCS8PrivateKey(priv)
-	if err != nil {
-		log.Warning(err)
-	}
-	privPemByes := pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: privBytes})
-	return tls.X509KeyPair(pemBytes, privPemByes)
-}
--- a/internal/outpost/proxy/server.go
+++ b/internal/outpost/proxy/server.go
@ -10,6 +10,7 @@ import (
 	"time"

 	log "github.com/sirupsen/logrus"
+	"goauthentik.io/internal/crypto"
 	"goauthentik.io/internal/outpost/ak"
 )

@ -25,7 +26,7 @@ type Server struct {

 // NewServer initialise a new HTTP Server
 func NewServer(ac *ak.APIController) *Server {
-	defaultCert, err := ak.GenerateSelfSignedCert()
+	defaultCert, err := crypto.GenerateSelfSignedCert()
 	if err != nil {
 		log.Warning(err)
 	}