2022-03-13 01:45:20 +00:00
|
|
|
package certgen
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/rand"
|
|
|
|
"crypto/rsa"
|
|
|
|
"crypto/tls"
|
|
|
|
"crypto/x509"
|
|
|
|
"crypto/x509/pkix"
|
|
|
|
"log"
|
|
|
|
"math/big"
|
|
|
|
"time"
|
|
|
|
)
|
|
|
|
|
|
|
|
func MakeServerTls(ca *CertGen) (*CertGen, error) {
|
|
|
|
cert := &x509.Certificate{
|
|
|
|
SerialNumber: big.NewInt(29052019),
|
|
|
|
Subject: pkix.Name{
|
|
|
|
Organization: []string{"Ski Creds Server"},
|
|
|
|
Country: []string{"GB"},
|
|
|
|
Province: []string{""},
|
|
|
|
Locality: []string{"London"},
|
|
|
|
CommonName: "ski-creds-server",
|
|
|
|
},
|
2022-03-13 02:24:11 +00:00
|
|
|
DNSNames: []string{"panda.local"},
|
|
|
|
NotBefore: time.Now(),
|
|
|
|
NotAfter: time.Now().AddDate(10, 0, 0),
|
|
|
|
SubjectKeyId: []byte{1, 2, 3, 4, 6},
|
|
|
|
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
|
|
|
|
KeyUsage: x509.KeyUsageDigitalSignature,
|
2022-03-13 01:45:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
serverPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)
|
|
|
|
if err != nil {
|
|
|
|
log.Fatalln("Failed to generate server private key:", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
serverBytes, err := x509.CreateCertificate(rand.Reader, cert, ca.cert, serverPrivKey.Public(), ca.key)
|
|
|
|
if err != nil {
|
|
|
|
log.Fatalln("Failed to generate server certificate bytes:", err)
|
|
|
|
}
|
|
|
|
privKeyBytes := x509.MarshalPKCS1PrivateKey(serverPrivKey)
|
|
|
|
gen := &CertGen{cert: cert, certBytes: serverBytes, key: serverPrivKey, keyBytes: privKeyBytes}
|
|
|
|
err = gen.generatePem()
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
caKeyPair, err := tls.X509KeyPair(gen.certPem, gen.keyPem)
|
|
|
|
if err != nil {
|
2022-03-13 02:24:11 +00:00
|
|
|
log.Fatalln("Failed to generate server key pair:", err)
|
2022-03-13 01:45:20 +00:00
|
|
|
}
|
|
|
|
gen.tlsCert = caKeyPair
|
|
|
|
return gen, nil
|
|
|
|
}
|