本文整理汇总了Golang中crypto/x509.CreateCertificate函数的典型用法代码示例。如果您正苦于以下问题:Golang CreateCertificate函数的具体用法?Golang CreateCertificate怎么用?Golang CreateCertificate使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了CreateCertificate函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Golang代码示例。
示例1: TestCheckCert
func TestCheckCert(t *testing.T) {
testKey, _ := rsa.GenerateKey(rand.Reader, 1024)
checker := newChecker(nil)
fc := clock.NewFake()
fc.Add(time.Hour * 24 * 90)
checker.clock = fc
issued := checker.clock.Now().Add(-time.Hour * 24 * 45)
goodExpiry := issued.Add(checkPeriod)
serial := big.NewInt(1337)
// Problems
// Blacklsited common name
// Expiry period is too long
// Basic Constraints aren't set
// Wrong key usage (none)
rawCert := x509.Certificate{
Subject: pkix.Name{
CommonName: "example.com",
},
NotAfter: goodExpiry.AddDate(0, 0, 1), // Period too long
DNSNames: []string{"example-a.com"},
SerialNumber: serial,
BasicConstraintsValid: false,
}
brokenCertDer, err := x509.CreateCertificate(rand.Reader, &rawCert, &rawCert, &testKey.PublicKey, testKey)
test.AssertNotError(t, err, "Couldn't create certificate")
// Problems
// Digest doesn't match
// Serial doesn't match
// Expiry doesn't match
cert := core.Certificate{
Status: core.StatusValid,
DER: brokenCertDer,
Issued: issued,
Expires: goodExpiry.AddDate(0, 0, 2), // Expiration doesn't match
}
problems := checker.checkCert(cert)
test.AssertEquals(t, len(problems), 7)
// Fix the problems
rawCert.Subject.CommonName = "example-a.com"
rawCert.NotAfter = goodExpiry
rawCert.BasicConstraintsValid = true
rawCert.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}
goodCertDer, err := x509.CreateCertificate(rand.Reader, &rawCert, &rawCert, &testKey.PublicKey, testKey)
test.AssertNotError(t, err, "Couldn't create certificate")
parsed, err := x509.ParseCertificate(goodCertDer)
test.AssertNotError(t, err, "Couldn't parse created certificate")
cert.Serial = core.SerialToString(serial)
cert.Digest = core.Fingerprint256(goodCertDer)
cert.DER = goodCertDer
cert.Expires = parsed.NotAfter
problems = checker.checkCert(cert)
test.AssertEquals(t, len(problems), 0)
}
开发者ID:devpaul,项目名称:boulder,代码行数:56,代码来源:main_test.go
示例2: imitateCertificate
// imitateCertificate returns a new TLS certificate that has most of the same
// data as serverCert but is signed by Redwood's root certificate, or
// self-signed.
func imitateCertificate(serverCert *x509.Certificate, selfSigned bool, conf *config) (cert tls.Certificate, err error) {
template := serverCert
if selfSigned {
template = &x509.Certificate{
SerialNumber: new(big.Int).SetInt64(0),
Subject: serverCert.Subject,
NotBefore: serverCert.NotBefore,
NotAfter: serverCert.NotAfter,
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
ExtKeyUsage: serverCert.ExtKeyUsage,
DNSNames: serverCert.DNSNames,
}
} else {
// Use a hash of the real certificate as the serial number.
h := md5.New()
h.Write(serverCert.Raw)
h.Write([]byte{1}) // To give different serial numbers after the key usage change.
template.SerialNumber = big.NewInt(0).SetBytes(h.Sum(nil))
if err != nil {
return tls.Certificate{}, fmt.Errorf("failed to generate serial number: %s", err)
}
template.SubjectKeyId = nil
template.AuthorityKeyId = nil
template.OCSPServer = nil
template.IssuingCertificateURL = nil
template.CRLDistributionPoints = nil
template.KeyUsage = x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment
template.BasicConstraintsValid = false
template.SignatureAlgorithm = x509.UnknownSignatureAlgorithm
}
var newCertBytes []byte
if selfSigned {
newCertBytes, err = x509.CreateCertificate(rand.Reader, template, template, conf.ParsedTLSCert.PublicKey, conf.TLSCert.PrivateKey)
} else {
newCertBytes, err = x509.CreateCertificate(rand.Reader, template, conf.ParsedTLSCert, conf.ParsedTLSCert.PublicKey, conf.TLSCert.PrivateKey)
}
if err != nil {
return tls.Certificate{}, err
}
newCert := tls.Certificate{
Certificate: [][]byte{newCertBytes},
PrivateKey: conf.TLSCert.PrivateKey,
}
if !selfSigned {
newCert.Certificate = append(newCert.Certificate, conf.TLSCert.Certificate...)
}
return newCert, nil
}
开发者ID:vishnuvaradaraj,项目名称:redwood,代码行数:55,代码来源:tls.go
示例3: CreateUserCertificate
//CreateUserCertificate create a simple self-signed cert
func CreateUserCertificate(key *Key, username string, expires time.Time) (*Certificate, error) {
certName := pkix.Name{
Country: nil,
Organization: nil,
OrganizationalUnit: []string{username},
Locality: nil,
Province: nil,
StreetAddress: nil,
PostalCode: nil,
SerialNumber: "",
CommonName: "",
}
hostTemplate.Subject = certName
hostTemplate.NotAfter = expires
// hostTemplate.SubjectKeyId, err := GenerateSubjectKeyId(key.Public)
// if err != nil {
// return nil, err
// }
crtBytes, err := x509.CreateCertificate(rand.Reader, &hostTemplate, &hostTemplate, key.Public, key.Private)
if err != nil {
return nil, err
}
return NewCertificateFromDER(crtBytes), nil
}
开发者ID:dnascimento,项目名称:symbios,代码行数:29,代码来源:cert_host.go
示例4: NewSignedCertificate
func NewSignedCertificate(cfg CertConfig, key *rsa.PrivateKey, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, error) {
serial, err := rand.Int(rand.Reader, new(big.Int).SetInt64(math.MaxInt64))
if err != nil {
return nil, err
}
certTmpl := x509.Certificate{
Subject: pkix.Name{
CommonName: cfg.CommonName,
Organization: caCert.Subject.Organization,
},
DNSNames: cfg.AltNames.DNSNames,
IPAddresses: cfg.AltNames.IPs,
SerialNumber: serial,
NotBefore: caCert.NotBefore,
NotAfter: time.Now().Add(Duration365d).UTC(),
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
}
certDERBytes, err := x509.CreateCertificate(rand.Reader, &certTmpl, caCert, key.Public(), caKey)
if err != nil {
return nil, err
}
return x509.ParseCertificate(certDERBytes)
}
开发者ID:40a,项目名称:bootkube,代码行数:25,代码来源:tlsutil.go
示例5: GenerateServerCert
// GenerateServerCert generates a server certificate and returns the cert bytes as
// well as the private key used to generate the certificate.
// Takes in the CA cert and key, the size of the key to generate, and the list
// of hosts/ip addresses this certificate applies to.
func GenerateServerCert(caCert *x509.Certificate, caKey crypto.PrivateKey, keySize int, hosts []string) (
[]byte, crypto.PrivateKey, error) {
privateKey, publicKey, err := generateKeyPair(keySize)
if err != nil {
return nil, nil, err
}
template, err := newTemplate(NodeUser)
if err != nil {
return nil, nil, err
}
// Only server authentication is allowed.
template.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}
if hosts != nil {
for _, h := range hosts {
if ip := net.ParseIP(h); ip != nil {
template.IPAddresses = append(template.IPAddresses, ip)
} else {
template.DNSNames = append(template.DNSNames, h)
}
}
}
certBytes, err := x509.CreateCertificate(rand.Reader, template, caCert, publicKey, caKey)
if err != nil {
return nil, nil, err
}
return certBytes, privateKey, nil
}
开发者ID:Hellblazer,项目名称:cockroach,代码行数:35,代码来源:x509.go
示例6: generateDerCert
func generateDerCert(privKey *rsa.PrivateKey, expiration time.Time, domain string) ([]byte, error) {
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil {
return nil, err
}
if expiration.IsZero() {
expiration = time.Now().Add(365)
}
template := x509.Certificate{
SerialNumber: serialNumber,
Subject: pkix.Name{
CommonName: "ACME Challenge TEMP",
},
NotBefore: time.Now(),
NotAfter: expiration,
KeyUsage: x509.KeyUsageKeyEncipherment,
BasicConstraintsValid: true,
DNSNames: []string{domain},
}
return x509.CreateCertificate(rand.Reader, &template, &template, &privKey.PublicKey, privKey)
}
开发者ID:kennwhite,项目名称:lego,代码行数:26,代码来源:crypto.go
示例7: Cert
// Cert generates a new TLS certificate for hostname and signs it using caPrivKey.
func Cert(t *testing.T, caCert *x509.Certificate, caPrivKey *ecdsa.PrivateKey, hostname string, rnd io.Reader) tls.Certificate {
if rnd == nil {
rnd = rand.Reader
}
privKey, err := ecdsa.GenerateKey(elliptic.P256(), rnd)
if err != nil {
t.Fatal(err)
}
certTemplate := &x509.Certificate{
Subject: pkix.Name{CommonName: hostname},
SerialNumber: newSerial(t, rnd),
NotBefore: time.Now(),
NotAfter: time.Now().Add(1 * time.Hour),
KeyUsage: x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
}
if ip := net.ParseIP(hostname); ip != nil {
certTemplate.IPAddresses = []net.IP{ip}
}
certDER, err := x509.CreateCertificate(rnd, certTemplate, caCert, &privKey.PublicKey, caPrivKey)
if err != nil {
t.Fatal(err)
}
cert, err := x509.ParseCertificate(certDER)
if err != nil {
t.Fatal(err)
}
return tls.Certificate{Certificate: [][]byte{certDER}, PrivateKey: privKey, Leaf: cert}
}
开发者ID:andres-erbsen,项目名称:tlstestutil,代码行数:31,代码来源:tlstestutil.go
示例8: generateCert
func generateCert(serverName string, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error) {
priv, err := rsa.GenerateKey(rand.Reader, 1024)
if err != nil {
return nil, nil, err
}
serial := randBigInt()
keyId := randBytes()
template := x509.Certificate{
Subject: pkix.Name{
CommonName: serverName,
},
SerialNumber: serial,
SubjectKeyId: keyId,
AuthorityKeyId: caCert.AuthorityKeyId,
NotBefore: time.Now().Add(-5 * time.Minute).UTC(),
NotAfter: time.Now().AddDate(2, 0, 0).UTC(),
}
derBytes, err := x509.CreateCertificate(rand.Reader, &template, caCert, &priv.PublicKey, caKey)
if err != nil {
return nil, nil, err
}
certs, err := x509.ParseCertificates(derBytes)
if err != nil {
return nil, nil, err
}
if len(certs) != 1 {
return nil, nil, errors.New("Failed to generate a parsable certificate")
}
return certs[0], priv, nil
}
开发者ID:gwitmond,项目名称:ecca-datingsite,代码行数:35,代码来源:make-ca-certs.go
示例9: generateKeyAndCert
// generateKeyAndCert deals with the creation and storage of a key and returns a cert
func generateKeyAndCert(gun string) (crypto.PrivateKey, *x509.Certificate, error) {
// Generates a new RSA key
key, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
return nil, nil, fmt.Errorf("could not generate private key: %v", err)
}
// Creates a new Certificate template. We need the certificate to calculate the
// TUF-compliant keyID
//TODO (diogo): We're hardcoding the Organization to be the GUN. Probably want to
// change it
template := newCertificate(gun, gun)
derBytes, err := x509.CreateCertificate(rand.Reader, template, template, key.Public(), key)
if err != nil {
return nil, nil, fmt.Errorf("failed to generate the certificate for key: %v", err)
}
// Encode the new certificate into PEM
cert, err := x509.ParseCertificate(derBytes)
if err != nil {
return nil, nil, fmt.Errorf("failed to generate the certificate for key: %v", err)
}
fingerprint := trustmanager.FingerprintCert(cert)
// The key is going to be stored in the private directory, using the GUN and
// the filename will be the TUF-compliant ID. The Store takes care of extensions.
privKeyFilename := filepath.Join(gun, fingerprint)
pemKey, err := trustmanager.KeyToPEM(key)
if err != nil {
return nil, nil, fmt.Errorf("failed to generate the certificate for key: %v", err)
}
return key, cert, privKeyStore.Add(privKeyFilename, pemKey)
}
开发者ID:aaronlehmann,项目名称:notary,代码行数:35,代码来源:cli_crypto_service.go
示例10: Hijack
// Hijack takes a net.Conn and the host name to create the SSL
// certificate for and returns a tls.Conn that can read and write
// to the given host over TLS.
func (mitm *MITM) Hijack(conn net.Conn, host string) (*tls.Conn, *bufio.ReadWriter, error) {
// Ensure the certificate we create is valid within a window of time to allow
// for clock skew.
start := time.Now().Add(-mitm.Validity)
end := time.Now().Add(mitm.Validity)
tpl, err := NewTemplate(mitm.Organization, host, start, end, mitm.PublicKey)
if err != nil {
return nil, nil, err
}
cb, err := x509.CreateCertificate(rand.Reader, tpl, mitm.Authority, mitm.PublicKey, mitm.PrivateKey)
if err != nil {
return nil, nil, err
}
config := &tls.Config{
Certificates: []tls.Certificate{
{
PrivateKey: mitm.PrivateKey,
Certificate: [][]byte{cb},
},
},
}
tlsConn := tls.Server(conn, config)
r := bufio.NewReader(tlsConn)
w := bufio.NewWriter(tlsConn)
return tlsConn, bufio.NewReadWriter(r, w), nil
}
开发者ID:eolexe,项目名称:martian,代码行数:34,代码来源:mitm.go
示例11: NewCA
// NewCA generates a CA certificate/key pair suitable for signing server
// keys for an environment with the given name.
func NewCA(envName string, expiry time.Time) (certPEM, keyPEM string, err error) {
key, err := rsa.GenerateKey(rand.Reader, KeyBits)
if err != nil {
return "", "", err
}
now := time.Now()
template := &x509.Certificate{
SerialNumber: new(big.Int),
Subject: pkix.Name{
CommonName: fmt.Sprintf("juju-generated CA for environment %q", envName),
Organization: []string{"juju"},
},
NotBefore: now.UTC().AddDate(0, 0, -7),
NotAfter: expiry.UTC(),
SubjectKeyId: bigIntHash(key.N),
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
IsCA: true,
MaxPathLen: 0, // Disallow delegation for now.
BasicConstraintsValid: true,
}
certDER, err := x509.CreateCertificate(rand.Reader, template, template, &key.PublicKey, key)
if err != nil {
return "", "", fmt.Errorf("cannot create certificate: %v", err)
}
certPEMData := pem.EncodeToMemory(&pem.Block{
Type: "CERTIFICATE",
Bytes: certDER,
})
keyPEMData := pem.EncodeToMemory(&pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(key),
})
return string(certPEMData), string(keyPEMData), nil
}
开发者ID:imoapps,项目名称:juju,代码行数:36,代码来源:cert.go
示例12: newLeaf
// newLeaf generates a certificate/key pair suitable for use by a leaf node.
func newLeaf(caCertPEM, caKeyPEM string, expiry time.Time, hostnames []string, extKeyUsage []x509.ExtKeyUsage) (certPEM, keyPEM string, err error) {
tlsCert, err := tls.X509KeyPair([]byte(caCertPEM), []byte(caKeyPEM))
if err != nil {
return "", "", err
}
if len(tlsCert.Certificate) != 1 {
return "", "", fmt.Errorf("more than one certificate for CA")
}
caCert, err := x509.ParseCertificate(tlsCert.Certificate[0])
if err != nil {
return "", "", err
}
if !caCert.BasicConstraintsValid || !caCert.IsCA {
return "", "", fmt.Errorf("CA certificate is not a valid CA")
}
caKey, ok := tlsCert.PrivateKey.(*rsa.PrivateKey)
if !ok {
return "", "", fmt.Errorf("CA private key has unexpected type %T", tlsCert.PrivateKey)
}
key, err := rsa.GenerateKey(rand.Reader, KeyBits)
if err != nil {
return "", "", fmt.Errorf("cannot generate key: %v", err)
}
now := time.Now()
template := &x509.Certificate{
SerialNumber: new(big.Int),
Subject: pkix.Name{
// This won't match host names with dots. The hostname
// is hardcoded when connecting to avoid the issue.
CommonName: "*",
Organization: []string{"juju"},
},
NotBefore: now.UTC().AddDate(0, 0, -7),
NotAfter: expiry.UTC(),
SubjectKeyId: bigIntHash(key.N),
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageKeyAgreement,
ExtKeyUsage: extKeyUsage,
}
for _, hostname := range hostnames {
if ip := net.ParseIP(hostname); ip != nil {
template.IPAddresses = append(template.IPAddresses, ip)
} else {
template.DNSNames = append(template.DNSNames, hostname)
}
}
certDER, err := x509.CreateCertificate(rand.Reader, template, caCert, &key.PublicKey, caKey)
if err != nil {
return "", "", err
}
certPEMData := pem.EncodeToMemory(&pem.Block{
Type: "CERTIFICATE",
Bytes: certDER,
})
keyPEMData := pem.EncodeToMemory(&pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(key),
})
return string(certPEMData), string(keyPEMData), nil
}
开发者ID:imoapps,项目名称:juju,代码行数:61,代码来源:cert.go
示例13: CreateSignedX509
// CreateSignedX509 creates a signed X.509 certificate based on a template.
func (s *Signer) CreateSignedX509(subject *Verifier, template, issuer *x509.Certificate) (*x509.Certificate, error) {
der, err := x509.CreateCertificate(rand.Reader, template, issuer, subject.ec, s.ec)
if err != nil {
return nil, err
}
return x509.ParseCertificate(der)
}
开发者ID:kevinawalsh,项目名称:cloudproxy,代码行数:8,代码来源:keys.go
示例14: generateFromTemplate
// generateFromTemplate generates a certificate from the given template and signed by
// the given parent, storing the results in a certificate and key file.
func generateFromTemplate(certFile, keyFile string, template, parent *x509.Certificate, key crypto.PrivateKey, parentKey crypto.PrivateKey) error {
derBytes, err := x509.CreateCertificate(rand.Reader, template, parent, key.(crypto.Signer).Public(), parentKey)
if err != nil {
return err
}
certOut, err := os.Create(certFile)
if err != nil {
return err
}
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
certOut.Close()
keyOut, err := os.OpenFile(keyFile, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil {
return err
}
defer keyOut.Close()
switch v := key.(type) {
case *rsa.PrivateKey:
keyBytes := x509.MarshalPKCS1PrivateKey(v)
pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: keyBytes})
case *ecdsa.PrivateKey:
keyBytes, err := x509.MarshalECPrivateKey(v)
if err != nil {
return err
}
pem.Encode(keyOut, &pem.Block{Type: "EC PRIVATE KEY", Bytes: keyBytes})
default:
return fmt.Errorf("Unsupport private key type: %#v", key)
}
return nil
}
开发者ID:PabloSajnovsky,项目名称:quicktls,代码行数:37,代码来源:main.go
示例15: generateCA
// generateCA creates a new CA certificate, saves the certificate
// and returns the x509 certificate and crypto private key. This
// private key should never be saved to disk, but rather used to
// immediately generate further certificates.
func generateCA(caFile string) (*x509.Certificate, crypto.PrivateKey, error) {
template := newCertificate()
template.IsCA = true
template.KeyUsage |= x509.KeyUsageCertSign
template.Subject.CommonName = org
priv, err := newPrivateKey()
if err != nil {
return nil, nil, err
}
derBytes, err := x509.CreateCertificate(rand.Reader, template, template, priv.(crypto.Signer).Public(), priv)
if err != nil {
return nil, nil, err
}
ca, err := x509.ParseCertificate(derBytes)
if err != nil {
return nil, nil, err
}
certOut, err := os.Create(caFile)
if err != nil {
return nil, nil, err
}
defer certOut.Close()
if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}); err != nil {
return nil, nil, err
}
return ca, priv, nil
}
开发者ID:PabloSajnovsky,项目名称:quicktls,代码行数:36,代码来源:main.go
示例16: GenerateCA
// GenerateCA generates a new certificate authority
// and stores the resulting certificate and key file
// in the arguments.
func GenerateCA(certFile, keyFile string) error {
log.Printf("Generating a new certificate authority.")
template := newCertificate()
template.IsCA = true
template.KeyUsage |= x509.KeyUsageCertSign
priv, err := rsa.GenerateKey(rand.Reader, RSABITS)
if err != nil {
return err
}
derBytes, err := x509.CreateCertificate(rand.Reader, template, template, &priv.PublicKey, priv)
if err != nil {
return err
}
certOut, err := os.Create(certFile)
if err != nil {
return err
}
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
certOut.Close()
keyOut, err := os.OpenFile(keyFile, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil {
return err
}
pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
keyOut.Close()
return nil
}
开发者ID:imdreamrunner,项目名称:generate_cert,代码行数:35,代码来源:generate_cert.go
示例17: makeCert
// makeCert creates a self-signed RSA certificate.
// taken from crypto/tls/generate_cert.go
func makeCert(host string, validFor time.Duration) (certPEM, keyPEM []byte) {
const bits = 1024
priv, err := rsa.GenerateKey(rand.Reader, bits)
if err != nil {
log.Fatalf("Failed to generate private key: %s", err)
}
template := x509.Certificate{
SerialNumber: big.NewInt(1),
Subject: pkix.Name{
Organization: []string{"Fabio Co"},
},
NotBefore: time.Now(),
NotAfter: time.Now().Add(validFor),
IsCA: true,
DNSNames: []string{host},
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
}
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
if err != nil {
log.Fatalf("Failed to create certificate: %s", err)
}
var cert, key bytes.Buffer
pem.Encode(&cert, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
pem.Encode(&key, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
return cert.Bytes(), key.Bytes()
}
开发者ID:yexiaoming20140413,项目名称:fabio,代码行数:33,代码来源:source_test.go
示例18: GenerateEmptyConfig
func GenerateEmptyConfig() (*tls.Config, error) {
priv, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
if err != nil {
return nil, err
}
number, err := rand.Int(rand.Reader, big.NewInt(0).Lsh(big.NewInt(1), 128))
if err != nil {
return nil, err
}
cert := &x509.Certificate{
SerialNumber: number,
NotBefore: time.Now(),
NotAfter: time.Now().Add(time.Hour * 24),
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
BasicConstraintsValid: true,
}
certbytes, err := x509.CreateCertificate(rand.Reader, cert, cert, &priv.PublicKey, priv)
if err != nil {
return nil, err
}
ct := tls.Certificate{[][]byte{certbytes}, priv, nil, cert}
c := &tls.Config{InsecureSkipVerify: true}
c.Certificates = append(c.Certificates, ct)
c.NextProtos = []string{Proto}
return c, nil
}
开发者ID:sdgoij,项目名称:TheDistributedBay,代码行数:28,代码来源:tls.go
示例19: CA
// CA returns a new CA certificate, a pool containing that certificate, and the
// corresponding private key.
func CA(t *testing.T, rnd io.Reader) (*x509.Certificate, *x509.CertPool, *ecdsa.PrivateKey) {
if rnd == nil {
rnd = rand.Reader
}
var err error
caPrivKey, err := ecdsa.GenerateKey(elliptic.P256(), rnd)
if err != nil {
t.Fatal(err)
}
caCertTemplate := &x509.Certificate{
Subject: pkix.Name{CommonName: "testingCA"},
SerialNumber: newSerial(t, rnd),
NotBefore: time.Now(),
NotAfter: time.Now().Add(time.Hour),
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
BasicConstraintsValid: true,
IsCA: true,
MaxPathLen: 4,
}
caCertDER, err := x509.CreateCertificate(rnd, caCertTemplate, caCertTemplate, &caPrivKey.PublicKey, caPrivKey)
if err != nil {
t.Fatal(err)
}
caCert, err := x509.ParseCertificate(caCertDER)
if err != nil {
t.Fatal(err)
}
caPool := x509.NewCertPool()
caPool.AddCert(caCert)
return caCert, caPool, caPrivKey
}
开发者ID:andres-erbsen,项目名称:tlstestutil,代码行数:34,代码来源:tlstestutil.go
示例20: CreateCertificateAuthority
// CreateCertificateAuthority creates Certificate Authority using existing key.
// CertificateAuthorityInfo returned is the extra infomation required by Certificate Authority.
func CreateCertificateAuthority(key *Key, organizationalUnit string, years int, organization string, country string, province string, locality string, commonName string) (*Certificate, error) {
subjectKeyID, err := GenerateSubjectKeyID(key.Public)
if err != nil {
return nil, err
}
authTemplate.SubjectKeyId = subjectKeyID
authTemplate.NotAfter = time.Now().AddDate(years, 0, 0).UTC()
if len(country) > 0 {
authTemplate.Subject.Country = []string{country}
}
if len(province) > 0 {
authTemplate.Subject.Province = []string{province}
}
if len(locality) > 0 {
authTemplate.Subject.Locality = []string{locality}
}
if len(organization) > 0 {
authTemplate.Subject.Organization = []string{organization}
}
if len(organizationalUnit) > 0 {
authTemplate.Subject.OrganizationalUnit = []string{organizationalUnit}
}
if len(commonName) > 0 {
authTemplate.Subject.CommonName = commonName
}
crtBytes, err := x509.CreateCertificate(rand.Reader, &authTemplate, &authTemplate, key.Public, key.Private)
if err != nil {
return nil, err
}
return NewCertificateFromDER(crtBytes), nil
}
开发者ID:mcpherrinm,项目名称:certstrap,代码行数:35,代码来源:cert_auth.go
注:本文中的crypto/x509.CreateCertificate函数示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论