Skip to content
This repository was archived by the owner on Dec 2, 2025. It is now read-only.

refactory certificate generation code #49

Merged
merged 1 commit into from
Apr 11, 2023
Merged

refactory certificate generation code #49

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 23 additions & 45 deletions tests/systest/helpers/tls.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,39 +36,42 @@ var default_ca = &x509.Certificate{
BasicConstraintsValid: true,
}

func GenerateCA(ca *x509.Certificate) (CAPEM, CAPrivateKey, error) {

var err error

if ca == nil {
ca = default_ca
}
func sign(crt, ca *x509.Certificate, caPrivKey *rsa.PrivateKey) ([]byte, []byte, error) {

rawPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)
if err != nil {
return nil, nil, err
}
rawCaBytes, err := x509.CreateCertificate(rand.Reader, ca, ca, &rawPrivKey.PublicKey, rawPrivKey)
rawCrtBytes, err := x509.CreateCertificate(rand.Reader, crt, ca, &caPrivKey.PublicKey, caPrivKey)
if err != nil {
return nil, nil, err
}

caPem := &bytes.Buffer{}
if err = pem.Encode(caPem, &pem.Block{
crtPem := &bytes.Buffer{}
if err = pem.Encode(crtPem, &pem.Block{
Type: "CERTIFICATE",
Bytes: rawCaBytes,
Bytes: rawCrtBytes,
}); err != nil {
return nil, nil, err
}
caPrivKeyPem := &bytes.Buffer{}
if err = pem.Encode(caPrivKeyPem, &pem.Block{
crtPrivKeyPem := &bytes.Buffer{}
if err = pem.Encode(crtPrivKeyPem, &pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(rawPrivKey),
Bytes: x509.MarshalPKCS1PrivateKey(caPrivKey),
}); err != nil {
return nil, nil, err
}

return caPem.Bytes(), caPrivKeyPem.Bytes(), nil
return crtPem.Bytes(), crtPrivKeyPem.Bytes(), nil
}

func GenerateCA(ca *x509.Certificate) (CAPEM, CAPrivateKey, error) {
if ca == nil {
ca = default_ca
}

rawPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)
if err != nil {
return nil, nil, err
}

return sign(ca, ca, rawPrivKey)
}

var default_cert = &x509.Certificate{
Expand Down Expand Up @@ -104,7 +107,6 @@ func GenerateServerCert(serverCert *x509.Certificate, caPem CAPEM, caPrivKeyPem
if caPrivKeyBlock == nil {
return nil, nil, fmt.Errorf("can not decode CA Private Key")
}

caPrivKey, err := x509.ParsePKCS1PrivateKey(caPrivKeyBlock.Bytes)
if err != nil {
return nil, nil, err
Expand All @@ -113,32 +115,8 @@ func GenerateServerCert(serverCert *x509.Certificate, caPem CAPEM, caPrivKeyPem
if serverCert == nil {
serverCert = default_cert
}
rawServerPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)
if err != nil {
return nil, nil, err
}

rawServerCert, err := x509.CreateCertificate(rand.Reader, serverCert, ca, &rawServerPrivKey.PublicKey, caPrivKey)
if err != nil {
return nil, nil, err
}

serverCertPem := &bytes.Buffer{}
if err := pem.Encode(serverCertPem, &pem.Block{
Type: "CERTIFICATE",
Bytes: rawServerCert,
}); err != nil {
return nil, nil, err
}

serverPrivKeyPem := &bytes.Buffer{}
if err := pem.Encode(serverPrivKeyPem, &pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(rawServerPrivKey),
}); err != nil {
return nil, nil, err
}
return serverCertPem.Bytes(), serverPrivKeyPem.Bytes(), nil
return sign(serverCert, ca, caPrivKey)
}

func VerifyServerWithCA(caPem []byte, serverPem []byte) error {
Expand Down