MCPcopy
hub / github.com/cortesi/devd / GenerateCert

Function GenerateCert

certgen.go:16–90  ·  view source on GitHub ↗

GenerateCert generates a self-signed certificate bundle for devd

(dst string)

Source from the content-addressed store, hash-verified

14
15// GenerateCert generates a self-signed certificate bundle for devd
16func GenerateCert(dst string) error {
17 priv, err := rsa.GenerateKey(rand.Reader, 2048)
18 if err != nil {
19 return err
20 }
21 notBefore := time.Now()
22 notAfter := notBefore.Add(365 * 24 * time.Hour * 3)
23
24 serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
25 serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
26 if err != nil {
27 return err
28 }
29
30 template := x509.Certificate{
31 SerialNumber: serialNumber,
32 Subject: pkix.Name{
33 Organization: []string{"Acme Co"},
34 },
35 NotBefore: notBefore,
36 NotAfter: notAfter,
37
38 KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
39 ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
40 BasicConstraintsValid: true,
41 }
42 template.DNSNames = append(template.DNSNames, "devd.io")
43 template.DNSNames = append(template.DNSNames, "*.devd.io")
44
45 derBytes, err := x509.CreateCertificate(
46 rand.Reader,
47 &template,
48 &template,
49 &priv.PublicKey,
50 priv,
51 )
52 if err != nil {
53 return fmt.Errorf("Could not create cert: %s", err)
54 }
55
56 certOut, err := os.Create(dst)
57 if err != nil {
58 return fmt.Errorf("Could not open %s for writing: %s", dst, err)
59 }
60 err = pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
61 if err != nil {
62 return err
63 }
64
65 err = certOut.Close()
66 if err != nil {
67 return err
68 }
69
70 keyOut, err := os.OpenFile(dst, os.O_WRONLY|os.O_APPEND, 0600)
71 if err != nil {
72 return fmt.Errorf("Could not open %s for writing: %s", dst, err)
73 }

Callers 1

TestGenerateCertFunction · 0.85

Calls 2

AddMethod · 0.80
CloseMethod · 0.45

Tested by 1

TestGenerateCertFunction · 0.68