/
ca.go
65 lines (60 loc) · 2.25 KB
/
ca.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
package ca
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"fmt"
"log"
"math/big"
"time"
)
// Authority represent an Ca Authority
type Authority struct {
PublicSignedCertificate []byte
PrivateKey []byte
}
// GenerateNewCA Generates an public and private key for Certificate Authority.
// Right now most of the value are hardcoded.
func GenerateNewCA() (Authority, error) {
cauth := &x509.Certificate{
SerialNumber: big.NewInt(1653),
Subject: pkix.Name{
Organization: []string{"GO_PKI_SERVICE"},
Country: []string{"IN"},
Province: []string{"KA"},
Locality: []string{"BLR"},
StreetAddress: []string{"BLR-OLD"},
PostalCode: []string{"000000"},
},
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(5, 0, 0),
IsCA: true,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
BasicConstraintsValid: true,
}
priv, _ := rsa.GenerateKey(rand.Reader, 2048)
pub := &priv.PublicKey
// generate a self signed certifcate
cauthSigned, err := x509.CreateCertificate(rand.Reader, cauth, cauth, pub, priv)
if err != nil {
log.Println("creation of certificate authority failed", err)
return Authority{}, err
}
// save the private and public signed key to memory
publicSignedCertificate := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: cauthSigned})
if publicSignedCertificate == nil {
log.Println("cauthSigned has invalid headers and cannot be encoded")
return Authority{}, fmt.Errorf("cauthSigned has invalid headers and cannot be encoded")
}
fmt.Println("********************** ca.pem ***********************************")
fmt.Println(string(publicSignedCertificate))
privateKey := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
if privateKey == nil {
log.Println("privateKey for CA Authority has invalid headers and cannot be encoded")
return Authority{}, fmt.Errorf("privateKey for CA Authority has invalid headers and cannot be encoded")
}
return Authority{PublicSignedCertificate: publicSignedCertificate, PrivateKey: privateKey}, nil
}