package acme import ( "crypto/rand" "crypto/rsa" "crypto/x509" "crypto/x509/pkix" "encoding/base64" "encoding/pem" "io" "io/ioutil" ) func LoadKey(r io.Reader) (*rsa.PrivateKey, error) { der, err := ioutil.ReadAll(r) if err != nil { return nil, err } block, _ := pem.Decode(der) return x509.ParsePKCS1PrivateKey(block.Bytes) } func NewKey(w io.Writer, size int) (*rsa.PrivateKey, error) { key, err := rsa.GenerateKey(rand.Reader, size) if err != nil { return nil, err } block := &pem.Block{ Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key), } return key, pem.Encode(w, block) } func NewCSR(altnames []string, key *rsa.PrivateKey) (string, error) { tmpl := x509.CertificateRequest{ Subject: pkix.Name{ CommonName: altnames[0], }, } if len(altnames) > 1 { tmpl.DNSNames = altnames } der, err := x509.CreateCertificateRequest(rand.Reader, &tmpl, key) if err != nil { return "", err } return base64.RawURLEncoding.EncodeToString(der), nil } func SaveCert(w io.Writer, der []byte) error { block := &pem.Block{ Type: "CERTIFICATE", Bytes: der, } return pem.Encode(w, block) } func LoadCert(r io.Reader) ([]*x509.Certificate, error) { der, err := ioutil.ReadAll(r) if err != nil { return nil, err } block, _ := pem.Decode(der) return x509.ParseCertificates(block.Bytes) }