Fix #6.

Decided not to check for validity and overwrite invalid PKI.
If a user is specifying their own PKI, they would most likely
get upset if we replace them with our own self signed PKI.

Author: binarymason

ssl.go

@@ -8,47 +8,72 @@ import (
 )
 
 // initSSL creates a SSL certificate and key using system's openssl.
-// TODO: don't blow away PKI if it already exists and is valid.
 func initSSL(certPath, keyPath string) ([]byte, error) {
 	if out, err := initRndFile(); err != nil {
 		return out, err
 	}
 
-	fqdn, err := getFQDN()
+	if out, err := initSSLKey(keyPath); err != nil {
+		return out, err
+	}
 
-	if err != nil {
-		return []byte{}, err
+	return initSSLCert(certPath, keyPath)
+}
+
+func initSSLKey(keyPath string) (out []byte, err error) {
+	if fileExists(keyPath) {
+		return
 	}
-	if err := mkdirP(certPath); err != nil {
-		return []byte{}, err
+
+	if err = mkdirP(keyPath); err != nil {
+		return
+	}
+
+	return runCommand(fmt.Sprintf("openssl genrsa -out %s 4096", keyPath))
+}
+
+func initSSLCert(certPath, keyPath string) (out []byte, err error) {
+	if fileExists(certPath) {
+		return
+	}
+
+	var fqdn string
+	fqdn, err = getFQDN()
+
+	if err != nil {
+		return
 	}
-	if err := mkdirP(keyPath); err != nil {
-		return []byte{}, err
+
+	if err = mkdirP(certPath); err != nil {
+		return
 	}
 
-	command := "openssl"
 	args := []string{
 		"req",
 		"-new",
-		"-newkey",
-		"rsa:4096",
 		"-days",
 		"3650",
 		"-nodes",
 		"-x509",
+		"-key",
+		keyPath,
 		"-subj",
 		fmt.Sprintf("/C=US/ST=Somewhere/L=Unknown/O=Idk/CN=%s", fqdn),
-		"-keyout",
-		keyPath,
 		"-out",
 		certPath,
 	}
 
-	return runCommand(command + " " + strings.Join(args, " "))
+	return runCommand("openssl " + strings.Join(args, " "))
 }
 
-func initRndFile() ([]byte, error) {
-	return runCommand(`openssl rand -out "$HOME/.rnd" -hex 256`)
+func initRndFile() (out []byte, err error) {
+	rndPath := fmt.Sprintf("%s/.rnd", os.Getenv("HOME"))
+	if fileExists(rndPath) {
+		return
+	}
+
+	command := fmt.Sprintf("openssl rand -out %s -hex 256", rndPath)
+	return runCommand(command)
 }
 
 func getFQDN() (fqdn string, err error) {
@@ -75,3 +100,13 @@ func mkdirP(p string) error {
 
 	return os.MkdirAll(dir, 0700)
 }
+
+func fileExists(filename string) bool {
+	info, err := os.Stat(filename)
+	if os.IsNotExist(err) {
+		return false
+
+	}
+	return !info.IsDir()
+
+}

ssl_test.go

@@ -2,6 +2,7 @@ package main
 
 import (
 	"fmt"
+	"io/ioutil"
 	"os"
 	"os/exec"
 	"testing"
@@ -11,15 +12,10 @@ import (
 	"github.com/pkg/errors"
 )
 
-func fileExists(filename string) bool {
-	info, err := os.Stat(filename)
-	if os.IsNotExist(err) {
-		return false
-
-	}
-	return !info.IsDir()
-
+func createFile(path, content string) error {
+	return ioutil.WriteFile(path, []byte(content), 0644)
 }
+
 func TestInitSSL(t *testing.T) {
 	id, _ := uuid.NewUUID()
 
@@ -54,3 +50,54 @@ func TestInitSSL(t *testing.T) {
 
 	os.RemoveAll("/tmp/bashrpc")
 }
+
+func TestExistingSSLKey(t *testing.T) {
+	keyPath := "/tmp/test-ssl.key"
+	Given("an SSL key that already exists")
+	if err := createFile(keyPath, "I am a key"); err != nil {
+		t.Error(err)
+	}
+
+	When("initializing SSL key")
+	if _, err := initSSLKey(keyPath); err != nil {
+		t.Error(err)
+	}
+
+	Then("it should NOT be overwritten")
+	key, err := ioutil.ReadFile(keyPath)
+	if err != nil {
+		t.Error(err)
+	}
+
+	Assert(string(key), "I am a key", t)
+
+	os.Remove(keyPath)
+}
+
+func TestExistingSSLCert(t *testing.T) {
+	keyPath := "/tmp/test-ssl.key"
+	certPath := "/tmp/test-ssl.cert"
+	Given("an SSL cert that already exists")
+	if err := createFile(keyPath, "I am a key"); err != nil {
+		t.Error(err)
+	}
+	if err := createFile(certPath, "I am a cert"); err != nil {
+		t.Error(err)
+	}
+
+	When("initializing SSL cert")
+	if _, err := initSSLCert(certPath, keyPath); err != nil {
+		t.Error(err)
+	}
+
+	Then("it should NOT be overwritten")
+	cert, err := ioutil.ReadFile(certPath)
+	if err != nil {
+		t.Error(err)
+	}
+
+	Assert(string(cert), "I am a cert", t)
+
+	os.Remove(keyPath)
+	os.Remove(certPath)
+}