update cert gen

Author: rsdmike

cmd/app/main.go

@@ -28,6 +28,12 @@ func main() {
 		log.Fatalf("App init error: %s", err)
 	}
 
+	// root, privateKey, err := certificates.GenerateRootCertificate(true, cfg.CommonName, "US", "open-amt-cloud-toolkit", true)
+	// if err != nil {
+	// 	log.Fatalf("Error generating root certificate: %s", err)
+	// }
+	// certificates.IssueWebServerCertificate(certificates.CertAndKeyType{Cert: root, Key: privateKey}, false, cfg.CommonName, "US", "open-amt-cloud-toolkit", true)
+
 	if os.Getenv("GIN_MODE") != "debug" {
 		go func() {
 			browserError := openBrowser("http://localhost:"+cfg.HTTP.Port, runtime.GOOS)

config/config.go

@@ -15,9 +15,10 @@ type (
 
 	// App -.
 	App struct {
-		Name    string `env-required:"false" yaml:"name" env:"APP_NAME"`
-		Repo    string `env-required:"false" yaml:"repo" env:"APP_REPO"`
-		Version string `env-required:"false"`
+		Name       string `env-required:"false" yaml:"name" env:"APP_NAME"`
+		Repo       string `env-required:"false" yaml:"repo" env:"APP_REPO"`
+		Version    string `env-required:"false"`
+		CommonName string `env-required:"false" yaml:"common_name" env:"APP_COMMON_NAME"`
 	}
 
 	// HTTP -.
@@ -45,9 +46,10 @@ func NewConfig() (*Config, error) {
 	// set defaults
 	cfg := &Config{
 		App: App{
-			Name:    "console",
-			Repo:    "open-amt-cloud-toolkit/console",
-			Version: "DEVELOPMENT",
+			Name:       "console",
+			Repo:       "open-amt-cloud-toolkit/console",
+			Version:    "DEVELOPMENT",
+			CommonName: "localhost",
 		},
 		HTTP: HTTP{
 			Host:           "localhost",

go.mod

@@ -4,7 +4,7 @@ go 1.22.0
 
 toolchain go1.23.1
 
-//replace github.com/open-amt-cloud-toolkit/go-wsman-messages/v2 => ../go-wsman-messages
+replace github.com/open-amt-cloud-toolkit/go-wsman-messages/v2 => ../go-wsman-messages
 
 require (
 	github.com/Masterminds/squirrel v1.5.4

internal/certificates/generate.go

@@ -7,6 +7,7 @@ import (
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/pem"
+	"fmt"
 	"math/big"
 	"net/url"
 	"os"
@@ -38,7 +39,7 @@ func GenerateRootCertificate(addThumbPrintToName bool, commonName, country, orga
 	if addThumbPrintToName {
 		hash := sha256.New()
 		hash.Write(privateKey.PublicKey.N.Bytes()) // Simplified approach to get a thumbprint-like result
-		commonName += "-" + string(hash.Sum(nil)[:3])
+		commonName += "-" + fmt.Sprintf("%x", hash.Sum(nil)[:3])
 	}
 
 	if country == "" {
@@ -107,7 +108,7 @@ type CertAndKeyType struct {
 	Key  *rsa.PrivateKey
 }
 
-func IssueWebServerCertificate(rootCert CertAndKeyType, addThumbPrintToName bool, commonName, country, organization string, extKeyUsage x509.ExtKeyUsage, strong bool) (*x509.Certificate, *rsa.PrivateKey, error) {
+func IssueWebServerCertificate(rootCert CertAndKeyType, addThumbPrintToName bool, commonName, country, organization string, strong bool) (*x509.Certificate, *rsa.PrivateKey, error) {
 	keyLength := 2048
 	if strong {
 		keyLength = 3072
@@ -148,16 +149,18 @@ func IssueWebServerCertificate(rootCert CertAndKeyType, addThumbPrintToName bool
 		subject.CommonName += "-" + string(hash.Sum(nil)[:3])
 	}
 
-	template := x509.Certificate{
-		SerialNumber: serialNumber,
-		Subject:      subject,
-		NotBefore:    notBefore,
-		NotAfter:     notAfter,
-		KeyUsage:     x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
-		ExtKeyUsage:  []x509.ExtKeyUsage{extKeyUsage},
+	hash := sha256.Sum256(keys.PublicKey.N.Bytes())
 
+	template := x509.Certificate{
+		SerialNumber:          serialNumber,
+		Subject:               subject,
+		NotBefore:             notBefore,
+		NotAfter:              notAfter,
+		KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment | x509.KeyUsageCertSign | x509.KeyUsageDataEncipherment,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
 		BasicConstraintsValid: true,
 		IsCA:                  false,
+		SubjectKeyId:          hash[:],
 	}
 
 	// Subject Alternative Name