createClientPair creates a client certificate and key pair. The key file is created only if it doesn't already exist or we force it. The key path can differ from the certsDir which case the path must already exist and be writable. Returns nil on success, or an error otherwise.
(opt *options)
| 204 | // which case the path must already exist and be writable. |
| 205 | // Returns nil on success, or an error otherwise. |
| 206 | func createClientPair(opt *options) error { |
| 207 | if opt.client == "" { |
| 208 | return nil |
| 209 | } |
| 210 | |
| 211 | cc := certConfig{ |
| 212 | until: opt.days, |
| 213 | keySize: opt.keySize, |
| 214 | force: opt.force, |
| 215 | client: opt.client, |
| 216 | curve: opt.curve, |
| 217 | } |
| 218 | |
| 219 | var err error |
| 220 | cc.parent, err = readCert(opt.caCert) |
| 221 | if err != nil { |
| 222 | return err |
| 223 | } |
| 224 | { |
| 225 | priv, err := readKey(opt.caKey) |
| 226 | if err != nil { |
| 227 | return err |
| 228 | } |
| 229 | cc.signer = priv.(crypto.Signer) |
| 230 | } |
| 231 | |
| 232 | certFile := filepath.Join(opt.dir, fmt.Sprint("client.", opt.client, ".crt")) |
| 233 | keyFile := filepath.Join(opt.dir, fmt.Sprint("client.", opt.client, ".key")) |
| 234 | err = cc.generatePair(keyFile, certFile) |
| 235 | if err != nil || !opt.verify { |
| 236 | return err |
| 237 | } |
| 238 | |
| 239 | return cc.verifyCert(certFile) |
| 240 | } |
| 241 | |
| 242 | func createCerts(opt *options) error { |
| 243 | if opt == nil { |
no test coverage detected