From b6c4c63fb4aeeb86e9401ccbd4a3fd6d0bc290e8 Mon Sep 17 00:00:00 2001
From: 6543 <6543@obermui.de>
Date: Sun, 5 Dec 2021 15:25:12 +0100
Subject: [PATCH] own file

---
 server/certificates/certificates.go | 70 ------------------------
 server/certificates/mock.go         | 84 +++++++++++++++++++++++++++++
 2 files changed, 84 insertions(+), 70 deletions(-)
 create mode 100644 server/certificates/mock.go

diff --git a/server/certificates/certificates.go b/server/certificates/certificates.go
index b63ed0e..afaa4f0 100644
--- a/server/certificates/certificates.go
+++ b/server/certificates/certificates.go
@@ -6,17 +6,13 @@ import (
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rand"
-	"crypto/rsa"
 	"crypto/tls"
 	"crypto/x509"
-	"crypto/x509/pkix"
 	"encoding/gob"
 	"encoding/json"
-	"encoding/pem"
 	"errors"
 	"io/ioutil"
 	"log"
-	"math/big"
 	"os"
 	"strconv"
 	"strings"
@@ -335,72 +331,6 @@ func obtainCert(acmeClient *lego.Client, domains []string, renew *certificate.Re
 	return tlsCertificate, nil
 }
 
-func mockCert(domain, msg, mainDomainSuffix string, keyDatabase database.KeyDB) tls.Certificate {
-	key, err := certcrypto.GeneratePrivateKey(certcrypto.RSA2048)
-	if err != nil {
-		panic(err)
-	}
-
-	template := x509.Certificate{
-		SerialNumber: big.NewInt(1),
-		Subject: pkix.Name{
-			CommonName:   domain,
-			Organization: []string{"Codeberg Pages Error Certificate (couldn't obtain ACME certificate)"},
-			OrganizationalUnit: []string{
-				"Will not try again for 6 hours to avoid hitting rate limits for your domain.",
-				"Check https://docs.codeberg.org/codeberg-pages/troubleshooting/ for troubleshooting tips, and feel " +
-					"free to create an issue at https://codeberg.org/Codeberg/pages-server if you can't solve it.\n",
-				"Error message: " + msg,
-			},
-		},
-
-		// certificates younger than 7 days are renewed, so this enforces the cert to not be renewed for a 6 hours
-		NotAfter:  time.Now().Add(time.Hour*24*7 + time.Hour*6),
-		NotBefore: time.Now(),
-
-		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
-		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
-		BasicConstraintsValid: true,
-	}
-	certBytes, err := x509.CreateCertificate(
-		rand.Reader,
-		&template,
-		&template,
-		&key.(*rsa.PrivateKey).PublicKey,
-		key,
-	)
-	if err != nil {
-		panic(err)
-	}
-
-	out := &bytes.Buffer{}
-	err = pem.Encode(out, &pem.Block{
-		Bytes: certBytes,
-		Type:  "CERTIFICATE",
-	})
-	if err != nil {
-		panic(err)
-	}
-	outBytes := out.Bytes()
-	res := &certificate.Resource{
-		PrivateKey:        certcrypto.PEMEncode(key),
-		Certificate:       outBytes,
-		IssuerCertificate: outBytes,
-		Domain:            domain,
-	}
-	databaseName := domain
-	if domain == "*"+mainDomainSuffix || domain == mainDomainSuffix[1:] {
-		databaseName = mainDomainSuffix
-	}
-	database.PogrebPut(keyDatabase, []byte(databaseName), res)
-
-	tlsCertificate, err := tls.X509KeyPair(res.Certificate, res.PrivateKey)
-	if err != nil {
-		panic(err)
-	}
-	return tlsCertificate
-}
-
 func SetupCertificates(mainDomainSuffix []byte, acmeAPI, acmeMail, acmeEabHmac, acmeEabKID, dnsProvider string, acmeUseRateLimits, acmeAcceptTerms, enableHTTPServer bool, challengeCache cache.SetGetKey, keyDatabase database.KeyDB) {
 	// getting main cert before ACME account so that we can panic here on database failure without hitting rate limits
 	mainCertBytes, err := keyDatabase.Get(mainDomainSuffix)
diff --git a/server/certificates/mock.go b/server/certificates/mock.go
new file mode 100644
index 0000000..19adb92
--- /dev/null
+++ b/server/certificates/mock.go
@@ -0,0 +1,84 @@
+package certificates
+
+import (
+	"bytes"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/tls"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"math/big"
+	"time"
+
+	"github.com/go-acme/lego/v4/certcrypto"
+	"github.com/go-acme/lego/v4/certificate"
+
+	"codeberg.org/codeberg/pages/server/database"
+)
+
+func mockCert(domain, msg, mainDomainSuffix string, keyDatabase database.KeyDB) tls.Certificate {
+	key, err := certcrypto.GeneratePrivateKey(certcrypto.RSA2048)
+	if err != nil {
+		panic(err)
+	}
+
+	template := x509.Certificate{
+		SerialNumber: big.NewInt(1),
+		Subject: pkix.Name{
+			CommonName:   domain,
+			Organization: []string{"Codeberg Pages Error Certificate (couldn't obtain ACME certificate)"},
+			OrganizationalUnit: []string{
+				"Will not try again for 6 hours to avoid hitting rate limits for your domain.",
+				"Check https://docs.codeberg.org/codeberg-pages/troubleshooting/ for troubleshooting tips, and feel " +
+					"free to create an issue at https://codeberg.org/Codeberg/pages-server if you can't solve it.\n",
+				"Error message: " + msg,
+			},
+		},
+
+		// certificates younger than 7 days are renewed, so this enforces the cert to not be renewed for a 6 hours
+		NotAfter:  time.Now().Add(time.Hour*24*7 + time.Hour*6),
+		NotBefore: time.Now(),
+
+		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		BasicConstraintsValid: true,
+	}
+	certBytes, err := x509.CreateCertificate(
+		rand.Reader,
+		&template,
+		&template,
+		&key.(*rsa.PrivateKey).PublicKey,
+		key,
+	)
+	if err != nil {
+		panic(err)
+	}
+
+	out := &bytes.Buffer{}
+	err = pem.Encode(out, &pem.Block{
+		Bytes: certBytes,
+		Type:  "CERTIFICATE",
+	})
+	if err != nil {
+		panic(err)
+	}
+	outBytes := out.Bytes()
+	res := &certificate.Resource{
+		PrivateKey:        certcrypto.PEMEncode(key),
+		Certificate:       outBytes,
+		IssuerCertificate: outBytes,
+		Domain:            domain,
+	}
+	databaseName := domain
+	if domain == "*"+mainDomainSuffix || domain == mainDomainSuffix[1:] {
+		databaseName = mainDomainSuffix
+	}
+	database.PogrebPut(keyDatabase, []byte(databaseName), res)
+
+	tlsCertificate, err := tls.X509KeyPair(res.Certificate, res.PrivateKey)
+	if err != nil {
+		panic(err)
+	}
+	return tlsCertificate
+}