package acme import ( "crypto/rand" "crypto/rsa" "crypto/x509" "crypto/x509/pkix" "encoding/base64" ) type Desire struct { altnames []string key *rsa.PrivateKey cert []*x509.Certificate } func NewDesire(altnames []string, size int) (*Desire, error) { key, err := rsa.GenerateKey(rand.Reader, size) if err != nil { return nil, err } return &Desire{ key: key, altnames: altnames, }, nil } func (d *Desire) SaveKey(fname string) error { fd, err := CreateKeyFile(fname) if err != nil { return err } defer fd.Close() return SaveKey(fd, d.key) } func (d *Desire) SaveCert(fname string) error { fd, err := CreateCertFile(fname) if err != nil { return err } defer fd.Close() if err := SaveCert(fd, d.cert); err != nil { return err } return nil } func (d *Desire) NewCSR() (string, error) { tmpl := x509.CertificateRequest{ Subject: pkix.Name{CommonName: d.altnames[0]}, } if len(d.altnames) > 1 { tmpl.DNSNames = d.altnames } der, err := x509.CreateCertificateRequest(rand.Reader, &tmpl, d.key) if err != nil { return "", err } return base64.RawURLEncoding.EncodeToString(der), nil } func (d *Desire) AddCert(der []byte) error { cert, err := x509.ParseCertificate(der) if err != nil { return err } d.cert = append(d.cert, cert) return nil }