2020-04-21 15:03:33 +01:00
|
|
|
package pki
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/ed25519"
|
|
|
|
"crypto/x509"
|
|
|
|
"crypto/x509/pkix"
|
|
|
|
"math/big"
|
|
|
|
"net"
|
|
|
|
"time"
|
|
|
|
)
|
|
|
|
|
|
|
|
// CertOptions are passed to cert options
|
|
|
|
type CertOptions struct {
|
2021-03-06 19:45:13 +03:00
|
|
|
NotAfter time.Time
|
|
|
|
NotBefore time.Time
|
|
|
|
Parent *x509.Certificate
|
|
|
|
SerialNumber *big.Int
|
2020-04-21 15:03:33 +01:00
|
|
|
Subject pkix.Name
|
|
|
|
DNSNames []string
|
|
|
|
IPAddresses []net.IP
|
2021-03-06 19:45:13 +03:00
|
|
|
Pub ed25519.PublicKey
|
|
|
|
Priv ed25519.PrivateKey
|
|
|
|
IsCA bool
|
2020-04-21 15:03:33 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// CertOption sets CertOptions
|
|
|
|
type CertOption func(c *CertOptions)
|
|
|
|
|
|
|
|
// Subject sets the Subject field
|
|
|
|
func Subject(subject pkix.Name) CertOption {
|
|
|
|
return func(c *CertOptions) {
|
|
|
|
c.Subject = subject
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// IsCA states the cert is a CA
|
|
|
|
func IsCA() CertOption {
|
|
|
|
return func(c *CertOptions) {
|
|
|
|
c.IsCA = true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// DNSNames is a list of hosts to sign in to the certificate
|
|
|
|
func DNSNames(names ...string) CertOption {
|
|
|
|
return func(c *CertOptions) {
|
|
|
|
c.DNSNames = names
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// IPAddresses is a list of IPs to sign in to the certificate
|
|
|
|
func IPAddresses(ips ...net.IP) CertOption {
|
|
|
|
return func(c *CertOptions) {
|
|
|
|
c.IPAddresses = ips
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// KeyPair is the key pair to sign the certificate with
|
|
|
|
func KeyPair(pub ed25519.PublicKey, priv ed25519.PrivateKey) CertOption {
|
|
|
|
return func(c *CertOptions) {
|
|
|
|
c.Pub = pub
|
|
|
|
c.Priv = priv
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// SerialNumber is the Certificate Serial number
|
|
|
|
func SerialNumber(serial *big.Int) CertOption {
|
|
|
|
return func(c *CertOptions) {
|
|
|
|
c.SerialNumber = serial
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// NotBefore is the time the certificate is not valid before
|
|
|
|
func NotBefore(time time.Time) CertOption {
|
|
|
|
return func(c *CertOptions) {
|
|
|
|
c.NotBefore = time
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// NotAfter is the time the certificate is not valid after
|
|
|
|
func NotAfter(time time.Time) CertOption {
|
|
|
|
return func(c *CertOptions) {
|
|
|
|
c.NotAfter = time
|
|
|
|
}
|
|
|
|
}
|