Add util/pki for creating and signing certificates (#1555)

util/pki/certoptions.go

@@ -0,0 +1,85 @@
+package pki
+
+import (
+	"crypto/ed25519"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"math/big"
+	"net"
+	"time"
+)
+
+// CertOptions are passed to cert options
+type CertOptions struct {
+	IsCA         bool
+	Subject      pkix.Name
+	DNSNames     []string
+	IPAddresses  []net.IP
+	SerialNumber *big.Int
+	NotBefore    time.Time
+	NotAfter     time.Time
+
+	Parent *x509.Certificate
+	Pub    ed25519.PublicKey
+	Priv   ed25519.PrivateKey
+}
+
+// CertOption sets CertOptions
+type CertOption func(c *CertOptions)
+
+// Subject sets the Subject field
+func Subject(subject pkix.Name) CertOption {
+	return func(c *CertOptions) {
+		c.Subject = subject
+	}
+}
+
+// IsCA states the cert is a CA
+func IsCA() CertOption {
+	return func(c *CertOptions) {
+		c.IsCA = true
+	}
+}
+
+// DNSNames is a list of hosts to sign in to the certificate
+func DNSNames(names ...string) CertOption {
+	return func(c *CertOptions) {
+		c.DNSNames = names
+	}
+}
+
+// IPAddresses is a list of IPs to sign in to the certificate
+func IPAddresses(ips ...net.IP) CertOption {
+	return func(c *CertOptions) {
+		c.IPAddresses = ips
+	}
+}
+
+// KeyPair is the key pair to sign the certificate with
+func KeyPair(pub ed25519.PublicKey, priv ed25519.PrivateKey) CertOption {
+	return func(c *CertOptions) {
+		c.Pub = pub
+		c.Priv = priv
+	}
+}
+
+// SerialNumber is the Certificate Serial number
+func SerialNumber(serial *big.Int) CertOption {
+	return func(c *CertOptions) {
+		c.SerialNumber = serial
+	}
+}
+
+// NotBefore is the time the certificate is not valid before
+func NotBefore(time time.Time) CertOption {
+	return func(c *CertOptions) {
+		c.NotBefore = time
+	}
+}
+
+// NotAfter is the time the certificate is not valid after
+func NotAfter(time time.Time) CertOption {
+	return func(c *CertOptions) {
+		c.NotAfter = time
+	}
+}