mirror of https://github.com/docker/docs.git
75 lines
2.1 KiB
Go
75 lines
2.1 KiB
Go
package cert
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"os"
|
|
|
|
"github.com/docker/machine/libmachine/auth"
|
|
"github.com/docker/machine/libmachine/log"
|
|
"github.com/docker/machine/libmachine/mcnutils"
|
|
)
|
|
|
|
func BootstrapCertificates(authOptions *auth.AuthOptions) error {
|
|
certDir := authOptions.CertDir
|
|
caCertPath := authOptions.CaCertPath
|
|
caPrivateKeyPath := authOptions.CaPrivateKeyPath
|
|
clientCertPath := authOptions.ClientCertPath
|
|
clientKeyPath := authOptions.ClientKeyPath
|
|
|
|
// TODO: I'm not super happy about this use of "org", the user should
|
|
// have to specify it explicitly instead of implicitly basing it on
|
|
// $USER.
|
|
org := mcnutils.GetUsername()
|
|
|
|
bits := 2048
|
|
|
|
if _, err := os.Stat(certDir); err != nil {
|
|
if os.IsNotExist(err) {
|
|
if err := os.MkdirAll(certDir, 0700); err != nil {
|
|
return fmt.Errorf("Creating machine certificate dir failed: %s", err)
|
|
}
|
|
} else {
|
|
return err
|
|
}
|
|
}
|
|
|
|
if _, err := os.Stat(caCertPath); os.IsNotExist(err) {
|
|
log.Infof("Creating CA: %s", caCertPath)
|
|
|
|
// check if the key path exists; if so, error
|
|
if _, err := os.Stat(caPrivateKeyPath); err == nil {
|
|
return errors.New("The CA key already exists. Please remove it or specify a different key/cert.")
|
|
}
|
|
|
|
if err := GenerateCACertificate(caCertPath, caPrivateKeyPath, org, bits); err != nil {
|
|
return fmt.Errorf("Generating CA certificate failed: %s", err)
|
|
}
|
|
}
|
|
|
|
if _, err := os.Stat(clientCertPath); os.IsNotExist(err) {
|
|
log.Infof("Creating client certificate: %s", clientCertPath)
|
|
|
|
if _, err := os.Stat(certDir); err != nil {
|
|
if os.IsNotExist(err) {
|
|
if err := os.Mkdir(certDir, 0700); err != nil {
|
|
return fmt.Errorf("Creating machine client cert dir failed: %s", err)
|
|
}
|
|
} else {
|
|
return err
|
|
}
|
|
}
|
|
|
|
// check if the key path exists; if so, error
|
|
if _, err := os.Stat(clientKeyPath); err == nil {
|
|
return errors.New("The client key already exists. Please remove it or specify a different key/cert.")
|
|
}
|
|
|
|
if err := GenerateCert([]string{""}, clientCertPath, clientKeyPath, caCertPath, caPrivateKeyPath, org, bits); err != nil {
|
|
return fmt.Errorf("Generating client certificate failed: %s", err)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|