go.charczuk.com@v0.0.0-20240327042549-bc490516bd1a/sdk/certutil/constants.go (about) 1 /* 2 3 Copyright (c) 2023 - Present. Will Charczuk. All rights reserved. 4 Use of this source code is governed by a MIT license that can be found in the LICENSE file at the root of the repository. 5 6 */ 7 8 package certutil 9 10 import ( 11 "crypto/x509" 12 "time" 13 ) 14 15 // BlockTypes 16 const ( 17 BlockTypeCertificate = "CERTIFICATE" 18 BlockTypeRSAPrivateKey = "RSA PRIVATE KEY" 19 ) 20 21 // Not After defaults. 22 const ( 23 DefaultCANotAfterYears = 10 24 DefaultClientNotAfterYears = 1 25 DefaultServerNotAfterYears = 5 26 ) 27 28 // DefaultOptionsCertificateAuthority are the default options for certificate authorities. 29 var DefaultOptionsCertificateAuthority = CertOptions{ 30 Certificate: x509.Certificate{ 31 IsCA: true, 32 KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, 33 BasicConstraintsValid: true, 34 }, 35 NotAfterProvider: func() time.Time { return time.Now().UTC().AddDate(DefaultCANotAfterYears, 0, 0) }, 36 } 37 38 // DefaultOptionsServer are the default create cert options for server certificates. 39 var DefaultOptionsServer = CertOptions{ 40 Certificate: x509.Certificate{ 41 ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, 42 KeyUsage: x509.KeyUsageDigitalSignature, 43 }, 44 NotAfterProvider: func() time.Time { return time.Now().UTC().AddDate(DefaultServerNotAfterYears, 0, 0) }, 45 } 46 47 // DefaultOptionsClient are the default create cert options for client certificates. 48 var DefaultOptionsClient = CertOptions{ 49 Certificate: x509.Certificate{ 50 ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, 51 KeyUsage: x509.KeyUsageDigitalSignature, 52 }, 53 NotAfterProvider: func() time.Time { return time.Now().UTC().AddDate(DefaultClientNotAfterYears, 0, 0) }, 54 }