-
Notifications
You must be signed in to change notification settings - Fork 47
/
create_client.go
58 lines (45 loc) · 1.49 KB
/
create_client.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
/*
Copyright (c) 2022 - Present. Blend Labs, Inc. All rights reserved
Use of this source code is governed by a MIT license that can be found in the LICENSE file.
*/
package certutil
import (
"crypto/rand"
"crypto/x509"
"github.com/blend/go-sdk/ex"
)
/*
CreateClient creates a client cert bundle associated with a given common name.
The CA must be passed in as a CertBundle.
Example:
ca, err := certutil.NewCertBundle(certutil.KeyPairFromPaths("ca.crt", "ca.key"))
if err != nil {
return err
}
client, err := CreateClient("foo.bar.com", ca)
*/
func CreateClient(commonName string, ca *CertBundle, options ...CertOption) (*CertBundle, error) {
if ca == nil {
return nil, ex.New("must provide a ca cert bundle")
}
createOptions := DefaultOptionsClient
createOptions.Subject.CommonName = commonName
createOptions.DNSNames = []string{commonName}
if err := ResolveCertOptions(&createOptions, options...); err != nil {
return nil, nil
}
var output CertBundle
output.PrivateKey = createOptions.PrivateKey
output.PublicKey = &createOptions.PrivateKey.PublicKey
der, err := x509.CreateCertificate(rand.Reader, &createOptions.Certificate, &ca.Certificates[0], output.PublicKey, ca.PrivateKey)
if err != nil {
return nil, ex.New(err)
}
cert, err := x509.ParseCertificate(der)
if err != nil {
return nil, ex.New(err)
}
output.CertificateDERs = append([][]byte{der}, ca.CertificateDERs...)
output.Certificates = append([]x509.Certificate{*cert}, ca.Certificates...)
return &output, nil
}