-
Notifications
You must be signed in to change notification settings - Fork 47
/
cert_option.go
151 lines (130 loc) · 3.62 KB
/
cert_option.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
/*
Copyright (c) 2021 - Present. Blend Labs, Inc. All rights reserved
Use of this source code is governed by a MIT license that can be found in the LICENSE file.
*/
package certutil
import (
"crypto/rsa"
"crypto/x509"
"io/ioutil"
"math/big"
"time"
"github.com/blend/go-sdk/ex"
)
// CertOption is an option for creating certs.
type CertOption func(*CertOptions) error
// OptSubjectCommonName sets the subject common name.
func OptSubjectCommonName(commonName string) CertOption {
return func(csr *CertOptions) error {
csr.Subject.CommonName = commonName
return nil
}
}
// OptSubjectAlternateNames sets the subject alternate names.
func OptSubjectAlternateNames(dnsNames ...string) CertOption {
return func(csr *CertOptions) error {
csr.DNSNames = dnsNames
return nil
}
}
// OptSubjectOrganization sets the subject organization names.
func OptSubjectOrganization(organization ...string) CertOption {
return func(csr *CertOptions) error {
csr.Subject.Organization = organization
return nil
}
}
// OptSubjectCountry sets the subject country names.
func OptSubjectCountry(country ...string) CertOption {
return func(csr *CertOptions) error {
csr.Subject.Country = country
return nil
}
}
// OptSubjectProvince sets the subject province names.
func OptSubjectProvince(province ...string) CertOption {
return func(csr *CertOptions) error {
csr.Subject.Province = province
return nil
}
}
// OptSubjectLocality sets the subject locality names.
func OptSubjectLocality(locality ...string) CertOption {
return func(csr *CertOptions) error {
csr.Subject.Locality = locality
return nil
}
}
// OptNotAfter sets the not after time.
func OptNotAfter(notAfter time.Time) CertOption {
return func(csr *CertOptions) error {
csr.NotAfter = notAfter
return nil
}
}
// OptNotBefore sets the not before time.
func OptNotBefore(notBefore time.Time) CertOption {
return func(csr *CertOptions) error {
csr.NotBefore = notBefore
return nil
}
}
// OptIsCA sets the is certificate authority flag.
func OptIsCA(isCA bool) CertOption {
return func(csr *CertOptions) error {
csr.IsCA = isCA
return nil
}
}
// OptKeyUsage sets the key usage flags.
func OptKeyUsage(keyUsage x509.KeyUsage) CertOption {
return func(csr *CertOptions) error {
csr.KeyUsage = keyUsage
return nil
}
}
// OptDNSNames sets valid dns names for the cert.
func OptDNSNames(dnsNames ...string) CertOption {
return func(csr *CertOptions) error {
csr.DNSNames = dnsNames
return nil
}
}
// OptAddDNSNames adds valid dns names for the cert.
func OptAddDNSNames(dnsNames ...string) CertOption {
return func(csr *CertOptions) error {
csr.DNSNames = append(csr.DNSNames, dnsNames...)
return nil
}
}
// OptSerialNumber sets the serial number for the certificate.
// If this option isn't provided, a random one is generated.
func OptSerialNumber(serialNumber *big.Int) CertOption {
return func(cco *CertOptions) error {
cco.SerialNumber = serialNumber
return nil
}
}
// OptPrivateKey sets the private key to use when generating the certificate.
// If this option isn't provided, a new one is generated.
func OptPrivateKey(privateKey *rsa.PrivateKey) CertOption {
return func(cco *CertOptions) error {
cco.PrivateKey = privateKey
return nil
}
}
// OptPrivateKeyFromPath reads a private key from a given path and parses it as PKCS1PrivateKey.
func OptPrivateKeyFromPath(path string) CertOption {
return func(cco *CertOptions) error {
contents, err := ioutil.ReadFile(path)
if err != nil {
return ex.New(err)
}
privateKey, err := x509.ParsePKCS1PrivateKey(contents)
if err != nil {
return ex.New(err)
}
cco.PrivateKey = privateKey
return nil
}
}