mirror of
https://github.com/NginxProxyManager/nginx-proxy-manager.git
synced 2025-10-31 15:53:33 +00:00
112 lines
2.6 KiB
Go
112 lines
2.6 KiB
Go
package config
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"crypto/x509"
|
|
"encoding/asn1"
|
|
"encoding/pem"
|
|
"fmt"
|
|
"os"
|
|
|
|
"npm/internal/logger"
|
|
)
|
|
|
|
var keysFolder string
|
|
var publicKeyFile string
|
|
var privateKeyFile string
|
|
|
|
func loadKeys() {
|
|
// check if keys folder exists in data folder
|
|
keysFolder = fmt.Sprintf("%s/keys", Configuration.DataFolder)
|
|
publicKeyFile = fmt.Sprintf("%s/public.key", keysFolder)
|
|
privateKeyFile = fmt.Sprintf("%s/private.key", keysFolder)
|
|
|
|
if _, err := os.Stat(keysFolder); os.IsNotExist(err) {
|
|
// nolint:errcheck,gosec
|
|
os.Mkdir(keysFolder, 0700)
|
|
}
|
|
|
|
// check if keys exist on disk
|
|
_, publicKeyErr := os.Stat(publicKeyFile)
|
|
_, privateKeyErr := os.Stat(privateKeyFile)
|
|
|
|
// generate keys if either one doesn't exist
|
|
if os.IsNotExist(publicKeyErr) || os.IsNotExist(privateKeyErr) {
|
|
generateKeys()
|
|
saveKeys()
|
|
}
|
|
|
|
// Load keys from disk
|
|
// nolint:gosec
|
|
publicKeyBytes, publicKeyBytesErr := os.ReadFile(publicKeyFile)
|
|
// nolint:gosec
|
|
privateKeyBytes, privateKeyBytesErr := os.ReadFile(privateKeyFile)
|
|
PublicKey = string(publicKeyBytes)
|
|
PrivateKey = string(privateKeyBytes)
|
|
|
|
if isError("PublicKeyReadError", publicKeyBytesErr) || isError("PrivateKeyReadError", privateKeyBytesErr) || PublicKey == "" || PrivateKey == "" {
|
|
logger.Warn("There was an error loading keys, proceeding to generate new RSA keys")
|
|
generateKeys()
|
|
saveKeys()
|
|
}
|
|
}
|
|
|
|
func generateKeys() {
|
|
reader := rand.Reader
|
|
bitSize := 4096
|
|
|
|
key, err := rsa.GenerateKey(reader, bitSize)
|
|
if isError("RSAGenerateError", err) {
|
|
return
|
|
}
|
|
|
|
privateKey := &pem.Block{
|
|
Type: "PRIVATE KEY",
|
|
Bytes: x509.MarshalPKCS1PrivateKey(key),
|
|
}
|
|
|
|
privateKeyBuffer := new(bytes.Buffer)
|
|
err = pem.Encode(privateKeyBuffer, privateKey)
|
|
if isError("PrivatePEMEncodeError", err) {
|
|
return
|
|
}
|
|
|
|
asn1Bytes, err2 := asn1.Marshal(key.PublicKey)
|
|
if isError("RSAMarshalError", err2) {
|
|
return
|
|
}
|
|
|
|
publicKey := &pem.Block{
|
|
Type: "PUBLIC KEY",
|
|
Bytes: asn1Bytes,
|
|
}
|
|
|
|
publicKeyBuffer := new(bytes.Buffer)
|
|
err = pem.Encode(publicKeyBuffer, publicKey)
|
|
if isError("PublicPEMEncodeError", err) {
|
|
return
|
|
}
|
|
|
|
PublicKey = publicKeyBuffer.String()
|
|
PrivateKey = privateKeyBuffer.String()
|
|
logger.Info("Generated new RSA keys")
|
|
}
|
|
|
|
func saveKeys() {
|
|
err := os.WriteFile(publicKeyFile, []byte(PublicKey), 0600)
|
|
if err != nil {
|
|
logger.Error("PublicKeyWriteError", err)
|
|
} else {
|
|
logger.Info("Saved Public Key: %s", publicKeyFile)
|
|
}
|
|
|
|
err = os.WriteFile(privateKeyFile, []byte(PrivateKey), 0600)
|
|
if err != nil {
|
|
logger.Error("PrivateKeyWriteError", err)
|
|
} else {
|
|
logger.Info("Saved Private Key: %s", privateKeyFile)
|
|
}
|
|
}
|