|
|
@@ -17,8 +17,8 @@ import (
|
|
17
|
17
|
"time"
|
|
18
|
18
|
)
|
|
19
|
19
|
|
|
20
|
|
-// CreateCert creates a testing ECDSA certificate, outputting the cert and key at the given filenames.
|
|
21
|
|
-func CreateCert(orgName string, host string, certFilename string, keyFilename string) error {
|
|
|
20
|
+// CreateCertBytes creates a testing ECDSA certificate, returning the cert and key bytes.
|
|
|
21
|
+func CreateCertBytes(orgName string, host string) (certBytes []byte, keyBytes []byte, err error) {
|
|
22
|
22
|
validFrom := time.Now()
|
|
23
|
23
|
validFor := 365 * 24 * time.Hour
|
|
24
|
24
|
notAfter := validFrom.Add(validFor)
|
|
|
@@ -28,7 +28,7 @@ func CreateCert(orgName string, host string, certFilename string, keyFilename st
|
|
28
|
28
|
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
|
|
29
|
29
|
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
|
|
30
|
30
|
if err != nil {
|
|
31
|
|
- return fmt.Errorf("failed to generate serial number: %s", err)
|
|
|
31
|
+ return nil, nil, fmt.Errorf("failed to generate serial number: %s", err)
|
|
32
|
32
|
}
|
|
33
|
33
|
|
|
34
|
34
|
template := x509.Certificate{
|
|
|
@@ -54,26 +54,47 @@ func CreateCert(orgName string, host string, certFilename string, keyFilename st
|
|
54
|
54
|
|
|
55
|
55
|
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
|
|
56
|
56
|
if err != nil {
|
|
57
|
|
- return fmt.Errorf("Failed to create certificate: %s", err.Error())
|
|
|
57
|
+ return nil, nil, fmt.Errorf("Failed to create certificate: %s", err.Error())
|
|
|
58
|
+ }
|
|
|
59
|
+
|
|
|
60
|
+ certBytes = pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
|
|
|
61
|
+
|
|
|
62
|
+ b, err := x509.MarshalECPrivateKey(priv)
|
|
|
63
|
+ if err != nil {
|
|
|
64
|
+ return nil, nil, fmt.Errorf("Unable to marshal ECDSA private key: %v", err.Error())
|
|
|
65
|
+ }
|
|
|
66
|
+ pemBlock := pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
|
|
|
67
|
+ keyBytes = pem.EncodeToMemory(&pemBlock)
|
|
|
68
|
+ return certBytes, keyBytes, nil
|
|
|
69
|
+}
|
|
|
70
|
+
|
|
|
71
|
+// CreateCert creates a testing ECDSA certificate, outputting the cert and key at the given filenames.
|
|
|
72
|
+func CreateCert(orgName string, host string, certFilename string, keyFilename string) error {
|
|
|
73
|
+ certBytes, keyBytes, err := CreateCertBytes(orgName, host)
|
|
|
74
|
+
|
|
|
75
|
+ if err != nil {
|
|
|
76
|
+ return err
|
|
58
|
77
|
}
|
|
59
|
78
|
|
|
60
|
79
|
certOut, err := os.Create(certFilename)
|
|
61
|
80
|
if err != nil {
|
|
62
|
81
|
return fmt.Errorf("failed to open %s for writing: %s", certFilename, err.Error())
|
|
63
|
82
|
}
|
|
64
|
|
- pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
|
|
65
|
|
- certOut.Close()
|
|
|
83
|
+ defer certOut.Close()
|
|
|
84
|
+ _, err = certOut.Write(certBytes)
|
|
|
85
|
+ if err != nil {
|
|
|
86
|
+ return fmt.Errorf("failed to write out cert file %s: %s", certFilename, err.Error())
|
|
|
87
|
+ }
|
|
66
|
88
|
|
|
67
|
89
|
keyOut, err := os.OpenFile(keyFilename, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
|
|
68
|
90
|
if err != nil {
|
|
69
|
91
|
return fmt.Errorf("failed to open %s for writing: %s", keyFilename, err.Error())
|
|
70
|
92
|
}
|
|
71
|
|
- b, err := x509.MarshalECPrivateKey(priv)
|
|
|
93
|
+ defer keyOut.Close()
|
|
|
94
|
+ _, err = keyOut.Write(keyBytes)
|
|
72
|
95
|
if err != nil {
|
|
73
|
|
- return fmt.Errorf("Unable to marshal ECDSA private key: %v", err.Error())
|
|
|
96
|
+ return fmt.Errorf("failed to write out key file %s: %s", keyFilename, err.Error())
|
|
74
|
97
|
}
|
|
75
|
|
- pemBlock := pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
|
|
76
|
|
- pem.Encode(keyOut, &pemBlock)
|
|
77
|
|
- keyOut.Close()
|
|
|
98
|
+
|
|
78
|
99
|
return nil
|
|
79
|
100
|
}
|
Daniel Oaks
7 years ago