/
tls.go
64 lines (53 loc) · 1.61 KB
/
tls.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
package util
import (
"bytes"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"fmt"
"math/big"
"time"
)
// GeneratePemSelfSignedCertificateAndKey returns a self-signed certificate and its key
func GeneratePemSelfSignedCertificateAndKey(name pkix.Name) (string, string, error) {
if len(name.CommonName) == 0 {
return "", "", fmt.Errorf("the CommonName cannot be empty")
}
// Generate the serial number for the certificate
sn, err := genx509SerialNumber()
if err != nil {
return "", "", err
}
template := &x509.Certificate{
SerialNumber: sn,
Subject: name,
NotBefore: time.Now(),
NotAfter: time.Now().Add(time.Hour * 24 * 365),
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
}
// Generate KEY
priv, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
return "", "", err
}
pub := &priv.PublicKey
// Create the certificate
cert, err := x509.CreateCertificate(rand.Reader, template, template, pub, priv)
if err != nil {
return "", "", err
}
// Encode certificate
certOut := &bytes.Buffer{}
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: cert})
// Encode private key
keyOut := &bytes.Buffer{}
pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
return certOut.String(), keyOut.String(), nil
}
func genx509SerialNumber() (*big.Int, error) {
return rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
}