MCPcopy
hub / github.com/puma/puma-dev / GeneratePumaDevCertificateAuthority

Function GeneratePumaDevCertificateAuthority

dev/ssl.go:27–87  ·  view source on GitHub ↗
(certPath string, keyPath string)

Source from the content-addressed store, hash-verified

25var CACert *tls.Certificate
26
27func GeneratePumaDevCertificateAuthority(certPath string, keyPath string) error {
28 priv, err := rsa.GenerateKey(rand.Reader, 2048)
29 if err != nil {
30 return errors.Context(err, "generating new RSA key")
31 }
32
33 // create certificate structure with proper values
34 notBefore := time.Now()
35 notAfter := notBefore.Add(9999 * 24 * time.Hour)
36 serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
37 serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
38 if err != nil {
39 return errors.Context(err, "generating serial number")
40 }
41
42 cert := &x509.Certificate{
43 SerialNumber: serialNumber,
44 Subject: pkix.Name{
45 Organization: []string{"Developer Certificate"},
46 CommonName: "Puma-dev CA",
47 },
48 NotBefore: notBefore,
49 NotAfter: notAfter,
50 KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
51 ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
52 BasicConstraintsValid: true,
53 IsCA: true,
54 }
55
56 derBytes, err := x509.CreateCertificate(
57 rand.Reader, cert, cert, priv.Public(), priv)
58
59 if err != nil {
60 return errors.Context(err, "creating CA cert")
61 }
62
63 certOut, err := os.Create(certPath)
64 if err != nil {
65 return errors.Context(err, "writing cert.pem")
66 }
67
68 pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
69 certOut.Close()
70
71 keyOut, err := os.OpenFile(keyPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
72 if err != nil {
73 return errors.Context(err, "writing key.pem")
74 }
75
76 pem.Encode(
77 keyOut,
78 &pem.Block{
79 Type: "RSA PRIVATE KEY",
80 Bytes: x509.MarshalPKCS1PrivateKey(priv),
81 },
82 )
83
84 keyOut.Close()

Calls 1

AddMethod · 0.80