Browse Source
protocol: certificate generator
Signed-off-by: Maciek Borzecki <maciek.borzecki@gmail.com>bboozzoo/golang
Maciek Borzecki
5 years ago
1 changed files with 77 additions and 0 deletions
Unified View
Diff Options
-
+77 -0protocol/cert.go
+ 77
- 0
protocol/cert.go
View File
| @ -0,0 +1,77 @@ | |||||
| // Licensed under the Apache License, Version 2.0 (the "License"); | |||||
| // you may not use this file except in compliance with the License. | |||||
| // You may obtain a copy of the License at | |||||
| // | |||||
| // http://www.apache.org/licenses/LICENSE-2.0 | |||||
| // | |||||
| // Unless required by applicable law or agreed to in writing, software | |||||
| // distributed under the License is distributed on an "AS IS" BASIS, | |||||
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |||||
| // See the License for the specific language governing permissions and | |||||
| // limitations under the License. | |||||
| package protocol | |||||
| import ( | |||||
| "crypto/ecdsa" | |||||
| "crypto/elliptic" | |||||
| "crypto/rand" | |||||
| "crypto/tls" | |||||
| "crypto/x509" | |||||
| "crypto/x509/pkix" | |||||
| "math/big" | |||||
| "time" | |||||
| ) | |||||
| type DeviceCertificate struct { | |||||
| key *ecdsa.PrivateKey | |||||
| cert []byte | |||||
| } | |||||
| func (d *DeviceCertificate) TLSCertificate() *tls.Certificate { | |||||
| return &tls.Certificate{ | |||||
| PrivateKey: d.key, | |||||
| Certificate: [][]byte{d.cert}, | |||||
| } | |||||
| } | |||||
| // GenerateDeviceCertificate returns a device certificate | |||||
| func GenerateDeviceCertificate(entity string) (*DeviceCertificate, error) { | |||||
| limit := big.Int{} | |||||
| limit.Lsh(big.NewInt(1), 128) | |||||
| serial, err := rand.Int(rand.Reader, &limit) | |||||
| if err != nil { | |||||
| return nil, err | |||||
| } | |||||
| priv, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) | |||||
| if err != nil { | |||||
| return nil, err | |||||
| } | |||||
| startTime := time.Now() | |||||
| // 10 years from now | |||||
| expireTime := startTime.AddDate(10, 0, 0) | |||||
| template := x509.Certificate{ | |||||
| SerialNumber: serial, | |||||
| Subject: pkix.Name{ | |||||
| CommonName: entity, | |||||
| Organization: []string{"mconnect"}, | |||||
| OrganizationalUnit: []string{"mconnect"}, | |||||
| }, | |||||
| NotBefore: startTime, | |||||
| NotAfter: expireTime, | |||||
| BasicConstraintsValid: true, | |||||
| } | |||||
| selfSign := template | |||||
| cert, err := x509.CreateCertificate(rand.Reader, &template, &selfSign, | |||||
| &priv.PublicKey, priv) | |||||
| if err != nil { | |||||
| return nil, err | |||||
| } | |||||
| devcert := &DeviceCertificate{ | |||||
| key: priv, | |||||
| cert: cert, | |||||
| } | |||||
| return devcert, nil | |||||
| } | |||||