From 1f4fbd90974e0120c20419bf6f8e27321f3bf768 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <hi@filippo.io>
Date: Wed, 27 Jun 2018 22:38:48 -0400
Subject: [PATCH] Allow wildcards and block heading and trailing dots

Fixes #1
---
 README.md |  5 +++--
 main.go   | 11 +++++++----
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 06a2a4f..4ce4663 100644
--- a/README.md
+++ b/README.md
@@ -7,17 +7,18 @@ $ mkcert -install
 Created a new local CA at "/Users/filippo/Library/Application Support/mkcert" 💥
 The local CA is now installed in the system trust store! ⚡️
 
-$ mkcert example.com myapp.dev localhost 127.0.0.1 ::1
+$ mkcert example.com '*.example.org' myapp.dev localhost 127.0.0.1 ::1
 Using the local CA at "/Users/filippo/Library/Application Support/mkcert" ✨
 
 Created a new certificate valid for the following names 📜
  - "example.com"
+ - "*.example.org"
  - "myapp.dev"
  - "localhost"
  - "127.0.0.1"
  - "::1"
 
-The certificate is at "./example.com+4.pem" and the key at "./example.com+4-key.pem" ✅
+The certificate is at "./example.com+5.pem" and the key at "./example.com+5-key.pem" ✅
 ```
 
 <p align="center"><img width="444" alt="Chrome screenshot" src="https://user-images.githubusercontent.com/1225294/41887838-7acd55ca-78d0-11e8-8a81-139a54faaf87.png"></p>
diff --git a/main.go b/main.go
index 3d68b9c..d17a7c0 100644
--- a/main.go
+++ b/main.go
@@ -93,6 +93,9 @@ Usage:
 	$ mkcert example.com myapp.dev localhost 127.0.0.1 ::1
 	Generate "example.com+4.pem" and "example.com+4-key.pem".
 
+	$ mkcert '*.example.com'
+	Generate "_wildcard.example.com.pem" and "_wildcard.example.com-key.pem".
+
 	$ mkcert -uninstall
 	Unnstall the local CA (but do not delete it).
 
@@ -101,12 +104,12 @@ Change the CA certificate and key storage location by setting $CAROOT.
 		return
 	}
 
-	re := regexp.MustCompile(`^[0-9A-Za-z._-]+$`)
+	hostnameRegexp := regexp.MustCompile(`(?i)^(\*\.)?[0-9a-z_-]([0-9a-z._-]*[0-9a-z_-])?$`)
 	for _, name := range args {
 		if ip := net.ParseIP(name); ip != nil {
 			continue
 		}
-		if re.MatchString(name) {
+		if hostnameRegexp.MatchString(name) {
 			continue
 		}
 		log.Fatalf("ERROR: %q is not a valid hostname or IP", name)
@@ -153,6 +156,7 @@ func (m *mkcert) makeCert(hosts []string) {
 	fatalIfErr(err, "failed to generate certificate")
 
 	filename := strings.Replace(hosts[0], ":", "_", -1)
+	filename = strings.Replace(filename, "*", "_wildcard", -1)
 	if len(hosts) > 1 {
 		filename += "+" + strconv.Itoa(len(hosts)-1)
 	}
@@ -223,8 +227,7 @@ func (m *mkcert) newCA() {
 		KeyUsage: x509.KeyUsageCertSign,
 
 		BasicConstraintsValid: true,
-		IsCA: true,
-		MaxPathLen: 0,
+		IsCA:           true,
 		MaxPathLenZero: true,
 	}