| 174 | } |
| 175 | |
| 176 | func generateTestClientCert(t *testing.T) (clientCert *os.File, clientKey *os.File, err error) { |
| 177 | hostName := flag.String("host", "127.0.0.1", "Hostname to certify") |
| 178 | priv, err := rsa.GenerateKey(rand.Reader, 1024) // #nosec G403 -- test code |
| 179 | require.NoError(t, err) |
| 180 | now := time.Now() |
| 181 | certTemplate := x509.Certificate{ |
| 182 | SerialNumber: big.NewInt(1234), |
| 183 | Subject: pkix.Name{ |
| 184 | CommonName: *hostName, |
| 185 | Organization: []string{"myorg"}, |
| 186 | }, |
| 187 | NotBefore: now.Add(-300 * time.Second), |
| 188 | NotAfter: now.Add(24 * time.Hour), |
| 189 | SubjectKeyId: []byte{1, 2, 3, 4}, |
| 190 | KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, |
| 191 | } |
| 192 | cert, err := x509.CreateCertificate(rand.Reader, &certTemplate, &certTemplate, &priv.PublicKey, priv) |
| 193 | require.NoError(t, err) |
| 194 | clientCert, err = os.CreateTemp("./test", "testCert") |
| 195 | require.NoError(t, err) |
| 196 | defer func() { _ = clientCert.Close() }() |
| 197 | |
| 198 | require.NoError(t, pem.Encode(clientCert, &pem.Block{Type: "CERTIFICATE", Bytes: cert})) |
| 199 | |
| 200 | clientKey, err = os.CreateTemp("./test", "testKey") |
| 201 | require.NoError(t, err) |
| 202 | defer func() { _ = clientKey.Close() }() |
| 203 | require.NoError(t, pem.Encode(clientKey, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})) |
| 204 | |
| 205 | return clientCert, clientKey, nil |
| 206 | } |