()
| 235 | } |
| 236 | |
| 237 | func createCA() (*rsa.PrivateKey, *x509.Certificate, []byte, error) { |
| 238 | ca := &x509.Certificate{ |
| 239 | SerialNumber: big.NewInt(1), |
| 240 | Subject: pkix.Name{ |
| 241 | Organization: []string{"ACME, Inc"}, |
| 242 | Country: []string{"US"}, |
| 243 | }, |
| 244 | NotBefore: time.Now(), |
| 245 | NotAfter: time.Now().AddDate(10, 0, 0), |
| 246 | IsCA: true, |
| 247 | ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, |
| 248 | KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, |
| 249 | BasicConstraintsValid: true, |
| 250 | } |
| 251 | caPrivateKey, err := rsa.GenerateKey(rand.Reader, 2048) |
| 252 | if err != nil { |
| 253 | return nil, nil, nil, fmt.Errorf("failed to create private key (%w)", err) |
| 254 | } |
| 255 | caCert, err := x509.CreateCertificate(rand.Reader, ca, ca, &caPrivateKey.PublicKey, caPrivateKey) |
| 256 | if err != nil { |
| 257 | return nil, nil, nil, fmt.Errorf("failed to create CA certificate (%w)", err) |
| 258 | } |
| 259 | caPEM := new(bytes.Buffer) |
| 260 | if err := pem.Encode( |
| 261 | caPEM, |
| 262 | &pem.Block{ |
| 263 | Type: "CERTIFICATE", |
| 264 | Bytes: caCert, |
| 265 | }, |
| 266 | ); err != nil { |
| 267 | return nil, nil, nil, fmt.Errorf("failed to encode CA cert (%w)", err) |
| 268 | } |
| 269 | return caPrivateKey, ca, caPEM.Bytes(), nil |
| 270 | } |
| 271 | |
| 272 | func createSignedCert( |
| 273 | usage []x509.ExtKeyUsage, |
no test coverage detected