mirror of
https://github.com/open-cluster-management-io/ocm.git
synced 2026-05-20 16:14:23 +00:00
60 lines
1.2 KiB
Go
60 lines
1.2 KiB
Go
package util
|
|
|
|
import (
|
|
cryptorand "crypto/rand"
|
|
"crypto/rsa"
|
|
"crypto/x509"
|
|
"crypto/x509/pkix"
|
|
"encoding/pem"
|
|
"math/big"
|
|
"time"
|
|
|
|
certutil "k8s.io/client-go/util/cert"
|
|
)
|
|
|
|
func NewCert(notAfter time.Time) []byte {
|
|
caKey, err := rsa.GenerateKey(cryptorand.Reader, 2048)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
caCert, err := certutil.NewSelfSignedCACert(certutil.Config{CommonName: "open-cluster-management.io"}, caKey)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
key, err := rsa.GenerateKey(cryptorand.Reader, 2048)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
certDERBytes, err := x509.CreateCertificate(
|
|
cryptorand.Reader,
|
|
&x509.Certificate{
|
|
Subject: pkix.Name{
|
|
CommonName: "test",
|
|
},
|
|
SerialNumber: big.NewInt(1),
|
|
NotBefore: caCert.NotBefore,
|
|
NotAfter: notAfter,
|
|
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
|
|
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
|
|
},
|
|
caCert,
|
|
key.Public(),
|
|
caKey,
|
|
)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
cert, err := x509.ParseCertificate(certDERBytes)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
return pem.EncodeToMemory(&pem.Block{
|
|
Type: certutil.CertificateBlockType,
|
|
Bytes: cert.Raw,
|
|
})
|
|
}
|