(key crypto.Signer, filename string)
| 154 | } |
| 155 | |
| 156 | func makeRootCert(key crypto.Signer, filename string) (*x509.Certificate, error) { |
| 157 | serial, err := rand.Int(rand.Reader, big.NewInt(math.MaxInt64)) |
| 158 | if err != nil { |
| 159 | return nil, err |
| 160 | } |
| 161 | skid, err := calculateSKID(key.Public()) |
| 162 | if err != nil { |
| 163 | return nil, err |
| 164 | } |
| 165 | template := &x509.Certificate{ |
| 166 | Subject: pkix.Name{ |
| 167 | CommonName: "minica root ca " + hex.EncodeToString(serial.Bytes()[:3]), |
| 168 | }, |
| 169 | SerialNumber: serial, |
| 170 | NotBefore: time.Now(), |
| 171 | NotAfter: time.Now().AddDate(100, 0, 0), |
| 172 | |
| 173 | SubjectKeyId: skid, |
| 174 | AuthorityKeyId: skid, |
| 175 | KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, |
| 176 | ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, |
| 177 | BasicConstraintsValid: true, |
| 178 | IsCA: true, |
| 179 | MaxPathLenZero: true, |
| 180 | } |
| 181 | |
| 182 | der, err := x509.CreateCertificate(rand.Reader, template, template, key.Public(), key) |
| 183 | if err != nil { |
| 184 | return nil, err |
| 185 | } |
| 186 | file, err := os.OpenFile(filename, os.O_CREATE|os.O_EXCL|os.O_WRONLY, 0600) |
| 187 | if err != nil { |
| 188 | return nil, err |
| 189 | } |
| 190 | defer file.Close() |
| 191 | err = pem.Encode(file, &pem.Block{ |
| 192 | Type: "CERTIFICATE", |
| 193 | Bytes: der, |
| 194 | }) |
| 195 | if err != nil { |
| 196 | return nil, err |
| 197 | } |
| 198 | return x509.ParseCertificate(der) |
| 199 | } |
| 200 | |
| 201 | func parseIPs(ipAddresses []string) ([]net.IP, error) { |
| 202 | var parsed []net.IP |
no test coverage detected
searching dependent graphs…