go.charczuk.com@v0.0.0-20240327042549-bc490516bd1a/sdk/certutil/create_server.go (about) 1 /* 2 3 Copyright (c) 2023 - Present. Will Charczuk. All rights reserved. 4 Use of this source code is governed by a MIT license that can be found in the LICENSE file at the root of the repository. 5 6 */ 7 8 package certutil 9 10 import ( 11 "crypto/rand" 12 "crypto/x509" 13 "fmt" 14 15 "go.charczuk.com/sdk/errutil" 16 ) 17 18 // CreateServer creates a ca cert bundle. 19 func CreateServer(commonName string, ca *CertBundle, options ...CertOption) (*CertBundle, error) { 20 if ca == nil || ca.PrivateKey == nil || len(ca.Certificates) == 0 { 21 return nil, errutil.New("provided certificate authority bundle is invalid") 22 } 23 24 createOptions := DefaultOptionsServer 25 if err := ResolveCertOptions(&createOptions, options...); err != nil { 26 return nil, err 27 } 28 if createOptions.PrivateKey == nil { 29 return nil, fmt.Errorf("create server; private key is unset") 30 } 31 createOptions.Subject.CommonName = commonName 32 createOptions.DNSNames = append(createOptions.DNSNames, commonName) 33 34 var output CertBundle 35 output.PrivateKey = createOptions.PrivateKey 36 output.PublicKey = &createOptions.PrivateKey.PublicKey 37 der, err := x509.CreateCertificate(rand.Reader, &createOptions.Certificate, &ca.Certificates[0], output.PublicKey, ca.PrivateKey) 38 if err != nil { 39 return nil, errutil.New(err) 40 } 41 cert, err := x509.ParseCertificate(der) 42 if err != nil { 43 return nil, errutil.New(err) 44 } 45 output.CertificateDERs = append([][]byte{der}, ca.CertificateDERs...) 46 output.Certificates = append([]x509.Certificate{*cert}, ca.Certificates...) 47 return &output, nil 48 }