github/paralus
1
0
Fork 0
mirror of https://github.com/paralus/paralus.git synced 2026-05-09 18:06:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
cfa532c321b7062eb5ca8dfd22b0fe211de6fa4d
paralus/pkg/sentry/cryptoutil/ca.go
nirav-rafay c66bdc25cd restructure rcloud-base as a single base controller (#37) 
* restructure rcloud-base as a single base controller
* updated master.rest
* moved sentry from internal to pkg as it is used by relay
* removing unused rpc and it's dependencies
* Fix usermgmt tests
* Don't redefine variables in rest file
Co-authored-by: Abin Simon <abin.simon@rafay.co>
2022-03-03 17:59:06 +05:30

54 lines
1.3 KiB
Go
Raw Blame History

package cryptoutil
import (
"crypto/ecdsa"
"crypto/rand"
"crypto/x509"
"crypto/x509/pkix"
"math/big"
"time"
)
func getSerialNumber() *big.Int {
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, _ := rand.Int(rand.Reader, serialNumberLimit)
return serialNumber
}
// GenerateCA Generates PEM encoded CA Certificate and Private key
// PasswordFunc should return non zero value to encrypt the PEM encoded private key
func GenerateCA(subject pkix.Name, f PasswordFunc) (cert, key []byte, err error) {
var caCert *x509.Certificate
var privKey *ecdsa.PrivateKey
caCert = &x509.Certificate{
SerialNumber: getSerialNumber(),
Subject: subject,
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(10, 0, 0),
IsCA: true,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
BasicConstraintsValid: true,
}
privKey, err = GenerateECDSAPrivateKey()
if err != nil {
return
}
var caBytes []byte
caBytes, err = x509.CreateCertificate(rand.Reader, caCert, caCert, &privKey.PublicKey, privKey)
if err != nil {
return
}
cert = EncodeCert(caBytes)
key, err = EncodePrivateKey(privKey, f)
return
}
Reference in New Issue View Git Blame Copy Permalink