Add client cert handling
This commit is contained in:
parent
8c8c8966e0
commit
c86bc8d7e1
6
.idea/vcs.xml
Normal file
6
.idea/vcs.xml
Normal file
@ -0,0 +1,6 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project version="4">
|
||||
<component name="VcsDirectoryMappings">
|
||||
<mapping directory="$PROJECT_DIR$" vcs="Git" />
|
||||
</component>
|
||||
</project>
|
4
ca.go
4
ca.go
@ -15,11 +15,11 @@ func MakeCaTls() (*CertGen, error) {
|
||||
ca := &x509.Certificate{
|
||||
SerialNumber: big.NewInt(29052019),
|
||||
Subject: pkix.Name{
|
||||
Organization: []string{"Ski Creds Server"},
|
||||
Organization: []string{"Ski Creds CA"},
|
||||
Country: []string{"GB"},
|
||||
Province: []string{""},
|
||||
Locality: []string{"London"},
|
||||
CommonName: "ski-creds-server",
|
||||
CommonName: "ski-creds-ca",
|
||||
},
|
||||
NotBefore: time.Now(),
|
||||
NotAfter: time.Now().AddDate(10, 0, 0),
|
||||
|
52
client.go
Normal file
52
client.go
Normal file
@ -0,0 +1,52 @@
|
||||
package certgen
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"crypto/x509/pkix"
|
||||
"log"
|
||||
"math/big"
|
||||
"time"
|
||||
)
|
||||
|
||||
func MakeClientTls() (*CertGen, error) {
|
||||
cert := &x509.Certificate{
|
||||
SerialNumber: big.NewInt(29052019),
|
||||
Subject: pkix.Name{
|
||||
Organization: []string{"Ski Creds Client"},
|
||||
Country: []string{"GB"},
|
||||
Province: []string{""},
|
||||
Locality: []string{"London"},
|
||||
CommonName: "ski-creds-client",
|
||||
},
|
||||
NotBefore: time.Now(),
|
||||
NotAfter: time.Now().AddDate(10, 0, 0),
|
||||
SubjectKeyId: []byte{1, 2, 3, 4, 6},
|
||||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
|
||||
KeyUsage: x509.KeyUsageDigitalSignature,
|
||||
}
|
||||
|
||||
clientPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)
|
||||
if err != nil {
|
||||
log.Fatalln("Failed to generate client private key:", err)
|
||||
}
|
||||
|
||||
clientBytes, err := x509.CreateCertificate(rand.Reader, cert, cert, clientPrivKey.Public(), clientPrivKey)
|
||||
if err != nil {
|
||||
log.Fatalln("Failed to generate client certificate bytes:", err)
|
||||
}
|
||||
privKeyBytes := x509.MarshalPKCS1PrivateKey(clientPrivKey)
|
||||
gen := &CertGen{cert: cert, certBytes: clientBytes, key: clientPrivKey, keyBytes: privKeyBytes}
|
||||
err = gen.generatePem()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
caKeyPair, err := tls.X509KeyPair(gen.certPem, gen.keyPem)
|
||||
if err != nil {
|
||||
log.Fatalln("Failed to generate client key pair:", err)
|
||||
}
|
||||
gen.tlsCert = caKeyPair
|
||||
return gen, nil
|
||||
}
|
14
server.go
14
server.go
@ -21,12 +21,12 @@ func MakeServerTls(ca *CertGen) (*CertGen, error) {
|
||||
Locality: []string{"London"},
|
||||
CommonName: "ski-creds-server",
|
||||
},
|
||||
NotBefore: time.Now(),
|
||||
NotAfter: time.Now().AddDate(10, 0, 0),
|
||||
IsCA: true,
|
||||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
|
||||
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
|
||||
BasicConstraintsValid: true,
|
||||
DNSNames: []string{"panda.local"},
|
||||
NotBefore: time.Now(),
|
||||
NotAfter: time.Now().AddDate(10, 0, 0),
|
||||
SubjectKeyId: []byte{1, 2, 3, 4, 6},
|
||||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
|
||||
KeyUsage: x509.KeyUsageDigitalSignature,
|
||||
}
|
||||
|
||||
serverPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)
|
||||
@ -46,7 +46,7 @@ func MakeServerTls(ca *CertGen) (*CertGen, error) {
|
||||
}
|
||||
caKeyPair, err := tls.X509KeyPair(gen.certPem, gen.keyPem)
|
||||
if err != nil {
|
||||
log.Fatalln("Failed to generate CA key pair:", err)
|
||||
log.Fatalln("Failed to generate server key pair:", err)
|
||||
}
|
||||
gen.tlsCert = caKeyPair
|
||||
return gen, nil
|
||||
|
Loading…
Reference in New Issue
Block a user