-
Notifications
You must be signed in to change notification settings - Fork 151
/
certificates.go
115 lines (88 loc) · 2.07 KB
/
certificates.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
package testservers
import (
"log"
"os"
"sync"
"code.cloudfoundry.org/tlsconfig/certtest"
)
var LoggregatorTestCerts = GenerateCerts("loggregatorCA")
type TestCerts struct {
ca *certtest.Authority
caFile string
certKeyPairs map[string]certKeyPair
m sync.Mutex
}
type certKeyPair struct {
certFile string
keyFile string
}
func (tc *TestCerts) CertTestCA() *certtest.Authority {
return tc.ca
}
func (tc *TestCerts) CA() string {
return tc.caFile
}
func (tc *TestCerts) Cert(commonName string) string {
return tc.keyPair(commonName).certFile
}
func (tc *TestCerts) Key(commonName string) string {
return tc.keyPair(commonName).keyFile
}
func (tc *TestCerts) keyPair(commonName string) certKeyPair {
tc.m.Lock()
defer tc.m.Unlock()
keyPair, ok := tc.certKeyPairs[commonName]
if !ok {
keyPair = tc.generateCertKeyPair(commonName)
tc.certKeyPairs[commonName] = keyPair
}
return keyPair
}
func GenerateCerts(caName string) *TestCerts {
ca, caFile := generateCA(caName)
return &TestCerts{
ca: ca,
caFile: caFile,
certKeyPairs: map[string]certKeyPair{},
}
}
func generateCA(caName string) (*certtest.Authority, string) {
ca, err := certtest.BuildCA(caName)
if err != nil {
log.Fatal(err)
}
caBytes, err := ca.CertificatePEM()
if err != nil {
log.Fatal(err)
}
fileName := tmpFile(caName+".crt", caBytes)
return ca, fileName
}
func tmpFile(prefix string, caBytes []byte) string {
file, err := os.CreateTemp("", prefix)
if err != nil {
log.Fatal(err)
}
defer file.Close()
_, err = file.Write(caBytes)
if err != nil {
log.Fatal(err)
}
return file.Name()
}
func (tc *TestCerts) generateCertKeyPair(commonName string) certKeyPair {
cert, err := tc.ca.BuildSignedCertificate(commonName, certtest.WithDomains(commonName))
if err != nil {
log.Fatal(err)
}
certBytes, keyBytes, err := cert.CertificatePEMAndPrivateKey()
if err != nil {
log.Fatal(err)
}
certFile := tmpFile(commonName+".crt", certBytes)
keyFile := tmpFile(commonName+".key", keyBytes)
return certKeyPair{
certFile: certFile,
keyFile: keyFile,
}
}