| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 |
- package missinggo
- import (
- "crypto/ecdsa"
- "crypto/rand"
- "crypto/rsa"
- "crypto/tls"
- "crypto/x509"
- "crypto/x509/pkix"
- "log"
- "math/big"
- "time"
- )
- func publicKey(priv interface{}) interface{} {
- switch k := priv.(type) {
- case *rsa.PrivateKey:
- return &k.PublicKey
- case *ecdsa.PrivateKey:
- return &k.PublicKey
- default:
- return nil
- }
- }
- // Creates a self-signed certificate in memory for use with tls.Config.
- func NewSelfSignedCertificate() (cert tls.Certificate, err error) {
- cert.PrivateKey, err = rsa.GenerateKey(rand.Reader, 2048)
- if err != nil {
- return
- }
- notBefore := time.Now()
- notAfter := notBefore.Add(365 * 24 * time.Hour)
- serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
- serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
- if err != nil {
- log.Fatalf("failed to generate serial number: %s", err)
- }
- template := x509.Certificate{
- SerialNumber: serialNumber,
- Subject: pkix.Name{
- Organization: []string{"Acme Co"},
- },
- NotBefore: notBefore,
- NotAfter: notAfter,
- KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
- ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
- BasicConstraintsValid: true,
- }
- derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(cert.PrivateKey), cert.PrivateKey)
- if err != nil {
- log.Fatalf("Failed to create certificate: %s", err)
- }
- cert.Certificate = [][]byte{derBytes}
- return
- }
|
