This repository has been archived by the owner on Apr 18, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 29
/
generate.go
60 lines (51 loc) · 1.7 KB
/
generate.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
package ca
import (
"crypto/rand"
"crypto/x509"
"encoding/pem"
"io/ioutil"
"os"
"path/filepath"
"github.com/flanksource/commons/certs"
"github.com/pkg/errors"
)
// GenerateCA generates a new CA certificate
func GenerateCA(name, certPath, privateKeyPath, password string, expiryYears int) error {
if err := ensureDir(certPath, 0700); err != nil {
return errors.Wrapf(err, "failed to create directories for certificate path: %s", certPath)
}
if err := ensureDir(privateKeyPath, 0700); err != nil {
return errors.Wrapf(err, "failed to create directories for certificate private key path: %s", privateKeyPath)
}
ca := certs.NewCertificateBuilder(name).CA().Certificate
signedCA, err := ca.SignCertificate(ca, expiryYears)
if err != nil {
return errors.Wrap(err, "failed to sign certificate")
}
if err := ioutil.WriteFile(certPath, signedCA.EncodedCertificate(), 0600); err != nil {
return errors.Wrap(err, "failed to write certificate file")
}
encryptedPrivateKey := signedCA.EncodedPrivateKey()
if password != "" {
pk := x509.MarshalPKCS1PrivateKey(ca.PrivateKey)
block, err := x509.EncryptPEMBlock(rand.Reader, "RSA PRIVATE KEY", pk, []byte(password), x509.PEMCipherAES256)
if err != nil {
return errors.Wrap(err, "failed to encrypt private key")
}
encryptedPrivateKey = pem.EncodeToMemory(block)
}
if err := ioutil.WriteFile(privateKeyPath, encryptedPrivateKey, 0600); err != nil {
return errors.Wrap(err, "failed to write private key file")
}
return nil
}
func ensureDir(fileName string, mode os.FileMode) error {
dirName := filepath.Dir(fileName)
if _, serr := os.Stat(dirName); serr != nil {
merr := os.MkdirAll(dirName, mode)
if merr != nil {
return merr
}
}
return nil
}