cmd/dcs-localdcs/gencert.go

   1 // Generates self-signed TLS certificates to be used a DCS production
   2 // installation.
   3 package main
   4
   5 import (
   6         "crypto/rand"
   7         "crypto/rsa"
   8         "crypto/x509"
   9         "crypto/x509/pkix"
  10         "encoding/pem"
  11         "fmt"
  12         "math/big"
  13         "os"
  14         "path/filepath"
  15         "time"
  16 )
  17
  18 func generatecert(dir string) error {
  19         priv, err := rsa.GenerateKey(rand.Reader, 2048)
  20         if err != nil {
  21                 return fmt.Errorf("failed to generate private key: %s", err)
  22         }
  23
  24         notBefore := time.Now()
  25         notAfter := notBefore.Add(10 * 365 * 24 * time.Hour)
  26
  27         serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
  28         serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
  29         if err != nil {
  30                 return fmt.Errorf("failed to generate serial number: %s", err)
  31         }
  32
  33         template := x509.Certificate{
  34                 SerialNumber: serialNumber,
  35                 Subject: pkix.Name{
  36                         Organization: []string{"Debian Code Search"},
  37                 },
  38                 DNSNames:  []string{"localhost"},
  39                 NotBefore: notBefore,
  40                 NotAfter:  notAfter,
  41
  42                 KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
  43                 IsCA:     true,
  44                 BasicConstraintsValid: true,
  45         }
  46
  47         derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
  48         if err != nil {
  49                 return fmt.Errorf("Failed to create certificate: %s", err)
  50         }
  51
  52         certOut, err := os.Create(filepath.Join(dir, "cert.pem"))
  53         if err != nil {
  54                 return fmt.Errorf("failed to open cert.pem for writing: %s", err)
  55         }
  56         pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
  57         certOut.Close()
  58
  59         keyOut, err := os.OpenFile(filepath.Join(dir, "key.pem"), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
  60         if err != nil {
  61                 return fmt.Errorf("failed to open key.pem for writing:", err)
  62         }
  63         pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
  64         keyOut.Close()
  65         return nil
  66 }