-
-
Notifications
You must be signed in to change notification settings - Fork 23
/
certificate.go
66 lines (59 loc) · 1.72 KB
/
certificate.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
package certificate
import (
"bytes"
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"io"
"math/big"
"net"
"time"
)
func generateCertificate(certPEM, certPrivKeyPEM []byte) (*tls.Certificate, error) {
serverCert, err := tls.X509KeyPair(certPEM, certPrivKeyPEM)
if err != nil {
return nil, err
}
return &serverCert, nil
}
func generateKeyPair(randrdr io.Reader, ca *x509.Certificate, caPrivKey interface{}, subjectKeyID []byte) (certPEM []byte, certPrivKeyPEM []byte, err error) {
// set up our server certificate
cert := &x509.Certificate{
SerialNumber: big.NewInt(2019),
Subject: pkix.Name{
Organization: []string{"goMarkableStream"},
Country: []string{"FR"},
Province: []string{""},
Locality: []string{"Lille"},
StreetAddress: []string{""},
PostalCode: []string{""},
},
IPAddresses: []net.IP{net.IPv4(127, 0, 0, 1), net.IPv6loopback},
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(10, 0, 0),
SubjectKeyId: subjectKeyID,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
KeyUsage: x509.KeyUsageDigitalSignature,
}
certPrivKey, err := rsa.GenerateKey(randrdr, 2048)
if err != nil {
return nil, nil, err
}
certBytes, err := x509.CreateCertificate(randrdr, cert, ca, &certPrivKey.PublicKey, caPrivKey)
if err != nil {
return nil, nil, err
}
certPEMBuf := new(bytes.Buffer)
pem.Encode(certPEMBuf, &pem.Block{
Type: "CERTIFICATE",
Bytes: certBytes,
})
certPrivKeyPEMBuf := new(bytes.Buffer)
pem.Encode(certPrivKeyPEMBuf, &pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(certPrivKey),
})
return certPEMBuf.Bytes(), certPrivKeyPEMBuf.Bytes(), nil
}