MCPcopy
hub / github.com/jsha/minica / makeRootCert

Function makeRootCert

main.go:156–199  ·  view source on GitHub ↗
(key crypto.Signer, filename string)

Source from the content-addressed store, hash-verified

154}
155
156func makeRootCert(key crypto.Signer, filename string) (*x509.Certificate, error) {
157 serial, err := rand.Int(rand.Reader, big.NewInt(math.MaxInt64))
158 if err != nil {
159 return nil, err
160 }
161 skid, err := calculateSKID(key.Public())
162 if err != nil {
163 return nil, err
164 }
165 template := &x509.Certificate{
166 Subject: pkix.Name{
167 CommonName: "minica root ca " + hex.EncodeToString(serial.Bytes()[:3]),
168 },
169 SerialNumber: serial,
170 NotBefore: time.Now(),
171 NotAfter: time.Now().AddDate(100, 0, 0),
172
173 SubjectKeyId: skid,
174 AuthorityKeyId: skid,
175 KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
176 ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
177 BasicConstraintsValid: true,
178 IsCA: true,
179 MaxPathLenZero: true,
180 }
181
182 der, err := x509.CreateCertificate(rand.Reader, template, template, key.Public(), key)
183 if err != nil {
184 return nil, err
185 }
186 file, err := os.OpenFile(filename, os.O_CREATE|os.O_EXCL|os.O_WRONLY, 0600)
187 if err != nil {
188 return nil, err
189 }
190 defer file.Close()
191 err = pem.Encode(file, &pem.Block{
192 Type: "CERTIFICATE",
193 Bytes: der,
194 })
195 if err != nil {
196 return nil, err
197 }
198 return x509.ParseCertificate(der)
199}
200
201func parseIPs(ipAddresses []string) ([]net.IP, error) {
202 var parsed []net.IP

Callers 1

makeIssuerFunction · 0.85

Calls 1

calculateSKIDFunction · 0.85

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…