| 25 | var CACert *tls.Certificate |
| 26 | |
| 27 | func GeneratePumaDevCertificateAuthority(certPath string, keyPath string) error { |
| 28 | priv, err := rsa.GenerateKey(rand.Reader, 2048) |
| 29 | if err != nil { |
| 30 | return errors.Context(err, "generating new RSA key") |
| 31 | } |
| 32 | |
| 33 | // create certificate structure with proper values |
| 34 | notBefore := time.Now() |
| 35 | notAfter := notBefore.Add(9999 * 24 * time.Hour) |
| 36 | serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) |
| 37 | serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) |
| 38 | if err != nil { |
| 39 | return errors.Context(err, "generating serial number") |
| 40 | } |
| 41 | |
| 42 | cert := &x509.Certificate{ |
| 43 | SerialNumber: serialNumber, |
| 44 | Subject: pkix.Name{ |
| 45 | Organization: []string{"Developer Certificate"}, |
| 46 | CommonName: "Puma-dev CA", |
| 47 | }, |
| 48 | NotBefore: notBefore, |
| 49 | NotAfter: notAfter, |
| 50 | KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, |
| 51 | ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, |
| 52 | BasicConstraintsValid: true, |
| 53 | IsCA: true, |
| 54 | } |
| 55 | |
| 56 | derBytes, err := x509.CreateCertificate( |
| 57 | rand.Reader, cert, cert, priv.Public(), priv) |
| 58 | |
| 59 | if err != nil { |
| 60 | return errors.Context(err, "creating CA cert") |
| 61 | } |
| 62 | |
| 63 | certOut, err := os.Create(certPath) |
| 64 | if err != nil { |
| 65 | return errors.Context(err, "writing cert.pem") |
| 66 | } |
| 67 | |
| 68 | pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) |
| 69 | certOut.Close() |
| 70 | |
| 71 | keyOut, err := os.OpenFile(keyPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) |
| 72 | if err != nil { |
| 73 | return errors.Context(err, "writing key.pem") |
| 74 | } |
| 75 | |
| 76 | pem.Encode( |
| 77 | keyOut, |
| 78 | &pem.Block{ |
| 79 | Type: "RSA PRIVATE KEY", |
| 80 | Bytes: x509.MarshalPKCS1PrivateKey(priv), |
| 81 | }, |
| 82 | ) |
| 83 | |
| 84 | keyOut.Close() |