certs are now created in .arduino-create folder

Author: umbynos

certificates.go

@@ -24,6 +24,7 @@ import (
 	"text/template"
 	"time"
 
+	"github.com/arduino/go-paths-helper"
 	"github.com/gin-gonic/gin"
 	log "github.com/sirupsen/logrus"
 )
@@ -133,28 +134,27 @@ func generateSingleCertificate(isCa bool) (*x509.Certificate, error) {
 	return &template, nil
 }
 
-func generateCertificates() {
-
-	os.Remove("ca.cert.pem")
-	os.Remove("ca.key.pem")
-	os.Remove("cert.pem")
-	os.Remove("key.pem")
+func generateCertificates(path *paths.Path) {
+	path.Join("ca.cert.pem").Remove()
+	path.Join("ca.key.pem").Remove()
+	path.Join("cert.pem").Remove()
+	path.Join("key.pem").Remove()
 
 	// Create the key for the certification authority
 	caKey, err := generateKey("P256")
 	if err != nil {
 		log.Error(err.Error())
 		os.Exit(1)
 	}
-
-	keyOut, err := os.OpenFile("ca.key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+	keyOutPath := path.Join("ca.key.pem").String()
+	keyOut, err := os.OpenFile(keyOutPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
 		log.Error(err.Error())
 		os.Exit(1)
 	}
 	pem.Encode(keyOut, pemBlockForKey(caKey))
 	keyOut.Close()
-	log.Println("written ca.key.pem")
+	log.Printf("written %s", keyOutPath)
 
 	// Create the certification authority
 	caTemplate, err := generateSingleCertificate(true)
@@ -166,17 +166,19 @@ func generateCertificates() {
 
 	derBytes, _ := x509.CreateCertificate(rand.Reader, caTemplate, caTemplate, publicKey(caKey), caKey)
 
-	certOut, err := os.Create("ca.cert.pem")
+	certOutPath := path.Join("ca.cert.pem").String()
+	certOut, err := os.Create(certOutPath)
 	if err != nil {
 		log.Error(err.Error())
 		os.Exit(1)
 	}
 	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
 	certOut.Close()
-	log.Print("written ca.cert.pem")
+	log.Printf("written %s", certOutPath)
 
-	ioutil.WriteFile("ca.cert.cer", derBytes, 0644)
-	log.Print("written ca.cert.cer")
+	filePath := path.Join("ca.cert.cer").String()
+	ioutil.WriteFile(filePath, derBytes, 0644)
+	log.Printf("written %s", filePath)
 
 	// Create the key for the final certificate
 	key, err := generateKey("P256")
@@ -185,14 +187,15 @@ func generateCertificates() {
 		os.Exit(1)
 	}
 
-	keyOut, err = os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+	keyOutPath = path.Join("key.pem").String()
+	keyOut, err = os.OpenFile(keyOutPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
 		log.Error(err.Error())
 		os.Exit(1)
 	}
 	pem.Encode(keyOut, pemBlockForKey(key))
 	keyOut.Close()
-	log.Println("written key.pem")
+	log.Printf("written %s", keyOutPath)
 
 	// Create the final certificate
 	template, err := generateSingleCertificate(false)
@@ -204,17 +207,19 @@ func generateCertificates() {
 
 	derBytes, _ = x509.CreateCertificate(rand.Reader, template, caTemplate, publicKey(key), caKey)
 
-	certOut, err = os.Create("cert.pem")
+	certOutPath = path.Join("cert.pem").String()
+	certOut, err = os.Create(certOutPath)
 	if err != nil {
 		log.Error(err.Error())
 		os.Exit(1)
 	}
 	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
 	certOut.Close()
-	log.Print("written cert.pem")
+	log.Printf("written %s", certOutPath)
 
-	ioutil.WriteFile("cert.cer", derBytes, 0644)
-	log.Print("written cert.cer")
+	certPath := path.Join("cert.cer").String()
+	ioutil.WriteFile(certPath, derBytes, 0644)
+	log.Printf("written %s", certPath)
 
 }
 
@@ -230,14 +235,14 @@ func certHandler(c *gin.Context) {
 }
 
 func deleteCertHandler(c *gin.Context) {
-	DeleteCertificates()
+	DeleteCertificates(agentDir)
 }
 
 // DeleteCertificates will delete the certificates
-func DeleteCertificates() {
-	os.Remove("ca.cert.pem")
-	os.Remove("ca.cert.cer")
-	os.Remove("ca.key.pem")
+func DeleteCertificates(path *paths.Path) {
+	path.Join("ca.cert.pem").Remove()
+	path.Join("ca.cert.cer").Remove()
+	path.Join("ca.key.pem").Remove()
 }
 
 const noFirefoxTemplateHTML = `<!DOCTYPE html>

hub.go

@@ -182,7 +182,7 @@ func checkCmd(m []byte) {
 	} else if strings.HasPrefix(sl, "downloadtool") {
 		// Always delete root certificates when we receive a downloadtool command
 		// Useful if the install procedure was not followed strictly (eg. manually)
-		DeleteCertificates()
+		DeleteCertificates(agentDir)
 		go func() {
 			args := strings.Split(s, " ")
 			var tool, toolVersion, pack, behaviour string

main.go

@@ -154,7 +154,7 @@ func main() {
 
 	// Generate certificates
 	if *genCert {
-		generateCertificates()
+		generateCertificates(agentDir)
 		os.Exit(0)
 	}
 
@@ -419,7 +419,7 @@ func loop() {
 
 	go func() {
 		// check if certificates exist; if not, use plain http
-		if srcDir.Join("cert.pem").NotExist() {
+		if agentDir.Join("cert.pem").NotExist() {
 			log.Error("Could not find HTTPS certificate. Using plain HTTP only.")
 			return
 		}
@@ -430,7 +430,7 @@ func loop() {
 		for i < end {
 			i = i + 1
 			portSSL = ":" + strconv.Itoa(i)
-			if err := r.RunTLS(*address+portSSL, srcDir.Join("cert.pem").String(), srcDir.Join("key.pem").String()); err != nil {
+			if err := r.RunTLS(*address+portSSL, agentDir.Join("cert.pem").String(), agentDir.Join("key.pem").String()); err != nil {
 				log.Printf("Error trying to bind to port: %v, so exiting...", err)
 				continue
 			} else {