Forráskód Böngészése

Add user@hostname to the OU, and set NotBefore to now

This will help figuring out where and when a certificate was created.

Fixes #31
Filippo Valsorda 6 éve
szülő
commit
bf4af2d977
2 módosított fájl, 20 hozzáadás és 7 törlés
  1. 19 6
      cert.go
  2. 1 1
      truststore_darwin.go

+ 19 - 6
cert.go

@@ -11,6 +11,8 @@ import (
 	"math/big"
 	"net"
 	"os"
+	"os/exec"
+	"os/user"
 	"path/filepath"
 	"regexp"
 	"strconv"
@@ -18,8 +20,15 @@ import (
 	"time"
 )
 
-var rootSubject = pkix.Name{
-	Organization: []string{"mkcert development CA"},
+var userAndHostname string
+
+func init() {
+	u, _ := user.Current()
+	if u != nil {
+		userAndHostname = u.Username + "@"
+	}
+	out, _ := exec.Command("hostname").Output()
+	userAndHostname += strings.TrimSpace(string(out))
 }
 
 func (m *mkcert) makeCert(hosts []string) {
@@ -37,11 +46,12 @@ func (m *mkcert) makeCert(hosts []string) {
 	tpl := &x509.Certificate{
 		SerialNumber: serialNumber,
 		Subject: pkix.Name{
-			Organization: []string{"mkcert development certificate"},
+			Organization:       []string{"mkcert development certificate"},
+			OrganizationalUnit: []string{userAndHostname},
 		},
 
 		NotAfter:  time.Now().AddDate(10, 0, 0),
-		NotBefore: time.Now().AddDate(0, 0, -1),
+		NotBefore: time.Now(),
 
 		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
@@ -127,10 +137,13 @@ func (m *mkcert) newCA() {
 
 	tpl := &x509.Certificate{
 		SerialNumber: serialNumber,
-		Subject:      rootSubject,
+		Subject: pkix.Name{
+			Organization:       []string{"mkcert development CA"},
+			OrganizationalUnit: []string{userAndHostname},
+		},
 
 		NotAfter:  time.Now().AddDate(10, 0, 0),
-		NotBefore: time.Now().AddDate(0, 0, -1),
+		NotBefore: time.Now(),
 
 		KeyUsage: x509.KeyUsageCertSign,
 

+ 1 - 1
truststore_darwin.go

@@ -72,7 +72,7 @@ func (m *mkcert) installPlatform() {
 	_, err = plist.Unmarshal(plistData, &plistRoot)
 	fatalIfErr(err, "failed to parse trust settings")
 
-	rootSubjectASN1, _ := asn1.Marshal(rootSubject.ToRDNSequence())
+	rootSubjectASN1, _ := asn1.Marshal(m.caCert.Subject.ToRDNSequence())
 
 	if plistRoot["trustVersion"].(uint64) != 1 {
 		log.Fatalln("ERROR: unsupported trust settings version:", plistRoot["trustVersion"])