infrastructure/cmd/config-generator/pki_generators.go

126 lines
3.5 KiB
Go
Raw Normal View History

package main
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"log"
"math/big"
"time"
)
func createCertPEM(template, parent *x509.Certificate, pub, priv interface{}) string {
caCertBytes, err := x509.CreateCertificate(rand.Reader, template, parent, pub, priv)
if err != nil {
log.Println("failed to generate CA certificate")
panic(err)
}
return string(pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: caCertBytes}))
}
func keyToPem(key *rsa.PrivateKey) string {
pkcs1 := x509.MarshalPKCS1PrivateKey(key)
block := &pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: pkcs1,
}
encoded := pem.EncodeToMemory(block)
return string(encoded)
}
func DirectoryReplicationServerCA() string {
ca := &x509.Certificate{
SerialNumber: big.NewInt(1653),
Subject: pkix.Name{
Organization: []string{"ORGANIZATION_NAME"},
Country: []string{"COUNTRY_CODE"},
Province: []string{"PROVINCE"},
Locality: []string{"CITY"},
StreetAddress: []string{"ADDRESS"},
PostalCode: []string{"POSTAL_CODE"},
},
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(10, 0, 0),
IsCA: true,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
BasicConstraintsValid: true,
}
caPrivateKey, _ := rsa.GenerateKey(rand.Reader, 2048)
return createCertPEM(ca, ca, &caPrivateKey.PublicKey, caPrivateKey)
}
func GenerateAPNConfiguration() (a APNConfiguration) {
ca := &x509.Certificate{
SerialNumber: big.NewInt(1653),
Subject: pkix.Name{
Organization: []string{"ORGANIZATION_NAME"},
Country: []string{"COUNTRY_CODE"},
Province: []string{"PROVINCE"},
Locality: []string{"CITY"},
StreetAddress: []string{"ADDRESS"},
PostalCode: []string{"POSTAL_CODE"},
},
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(10, 0, 0),
IsCA: true,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
BasicConstraintsValid: true,
}
caPrivateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
log.Println("Failied to generate 2048 bit RSA key for APN CA")
panic(err)
}
caPem := createCertPEM(ca, ca, &caPrivateKey.PublicKey, caPrivateKey)
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
log.Println("Failied to generate 2048 bit RSA key for APN configuration")
panic(err)
}
certPem := createCertPEM(&x509.Certificate{
SerialNumber: big.NewInt(1653),
Subject: pkix.Name{
Organization: []string{"ORGANIZATION_NAME"},
Country: []string{"COUNTRY_CODE"},
Province: []string{"PROVINCE"},
Locality: []string{"CITY"},
StreetAddress: []string{"ADDRESS"},
PostalCode: []string{"POSTAL_CODE"},
},
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(10, 0, 0),
KeyUsage: x509.KeyUsageDigitalSignature,
}, ca, &privateKey.PublicKey, privateKey)
a.PushCertificate = caPem + certPem
a.PushKey = keyToPem(privateKey)
a.BundleID = "a"
return
}
func GenerateGCPSigningKey() string {
key, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
panic(err)
}
pkcs8, err := x509.MarshalPKCS8PrivateKey(key)
if err != nil {
panic(err)
}
block := &pem.Block{
Type: "PRIVATE KEY",
Bytes: pkcs8,
}
encoded := pem.EncodeToMemory(block)
return string(encoded)
}