package main import ( "crypto/rand" "crypto/rsa" "crypto/x509" "crypto/x509/pkix" "encoding/pem" "log" "math/big" "time" ) func createCertPEM(template, parent *x509.Certificate, pub, priv interface{}) string { caCertBytes, err := x509.CreateCertificate(rand.Reader, template, parent, pub, priv) if err != nil { log.Println("failed to generate CA certificate") panic(err) } return string(pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: caCertBytes})) } func keyToPem(key *rsa.PrivateKey) string { pkcs1 := x509.MarshalPKCS1PrivateKey(key) block := &pem.Block{ Type: "RSA PRIVATE KEY", Bytes: pkcs1, } encoded := pem.EncodeToMemory(block) return string(encoded) } func DirectoryReplicationServerCA() string { ca := &x509.Certificate{ SerialNumber: big.NewInt(1653), Subject: pkix.Name{ Organization: []string{"ORGANIZATION_NAME"}, Country: []string{"COUNTRY_CODE"}, Province: []string{"PROVINCE"}, Locality: []string{"CITY"}, StreetAddress: []string{"ADDRESS"}, PostalCode: []string{"POSTAL_CODE"}, }, NotBefore: time.Now(), NotAfter: time.Now().AddDate(10, 0, 0), IsCA: true, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, BasicConstraintsValid: true, } caPrivateKey, _ := rsa.GenerateKey(rand.Reader, 2048) return createCertPEM(ca, ca, &caPrivateKey.PublicKey, caPrivateKey) } func GenerateAPNConfiguration() (a APNConfiguration) { ca := &x509.Certificate{ SerialNumber: big.NewInt(1653), Subject: pkix.Name{ Organization: []string{"ORGANIZATION_NAME"}, Country: []string{"COUNTRY_CODE"}, Province: []string{"PROVINCE"}, Locality: []string{"CITY"}, StreetAddress: []string{"ADDRESS"}, PostalCode: []string{"POSTAL_CODE"}, }, NotBefore: time.Now(), NotAfter: time.Now().AddDate(10, 0, 0), IsCA: true, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, BasicConstraintsValid: true, } caPrivateKey, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { log.Println("Failied to generate 2048 bit RSA key for APN CA") panic(err) } caPem := createCertPEM(ca, ca, &caPrivateKey.PublicKey, caPrivateKey) privateKey, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { log.Println("Failied to generate 2048 bit RSA key for APN configuration") panic(err) } certPem := createCertPEM(&x509.Certificate{ SerialNumber: big.NewInt(1653), Subject: pkix.Name{ Organization: []string{"ORGANIZATION_NAME"}, Country: []string{"COUNTRY_CODE"}, Province: []string{"PROVINCE"}, Locality: []string{"CITY"}, StreetAddress: []string{"ADDRESS"}, PostalCode: []string{"POSTAL_CODE"}, }, NotBefore: time.Now(), NotAfter: time.Now().AddDate(10, 0, 0), KeyUsage: x509.KeyUsageDigitalSignature, }, ca, &privateKey.PublicKey, privateKey) a.PushCertificate = caPem + certPem a.PushKey = keyToPem(privateKey) a.BundleID = "a" return } func GenerateGCPSigningKey() string { key, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { panic(err) } pkcs8, err := x509.MarshalPKCS8PrivateKey(key) if err != nil { panic(err) } block := &pem.Block{ Type: "PRIVATE KEY", Bytes: pkcs8, } encoded := pem.EncodeToMemory(block) return string(encoded) }