aboutsummaryrefslogtreecommitdiff
path: root/desire.go
blob: 38899d42491725e5c67ee4119f1835a38079f60f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
package acme

import (
	"crypto/rand"
	"crypto/rsa"
	"crypto/x509"
	"crypto/x509/pkix"
	"encoding/base64"
)

type Desire struct {
	altnames []string
	key      *rsa.PrivateKey
	cert     []*x509.Certificate
}

func NewDesire(altnames []string, size int) (*Desire, error) {
	key, err := rsa.GenerateKey(rand.Reader, size)
	if err != nil {
		return nil, err
	}
	return &Desire{
		key:      key,
		altnames: altnames,
	}, nil
}

func (d *Desire) SaveKey(fname string) error {
	fd, err := CreateKeyFile(fname)
	if err != nil {
		return err
	}
	defer fd.Close()
	return SaveKey(fd, d.key)
}

func (d *Desire) SaveCert(fname string) error {
	fd, err := CreateCertFile(fname)
	if err != nil {
		return err
	}
	defer fd.Close()
	if err := SaveCert(fd, d.cert); err != nil {
		return err
	}
	return nil
}

func (d *Desire) NewCSR() (string, error) {
	tmpl := x509.CertificateRequest{
		Subject: pkix.Name{CommonName: d.altnames[0]},
	}
	if len(d.altnames) > 1 {
		tmpl.DNSNames = d.altnames
	}
	der, err := x509.CreateCertificateRequest(rand.Reader, &tmpl, d.key)
	if err != nil {
		return "", err
	}
	return base64.RawURLEncoding.EncodeToString(der), nil
}

func (d *Desire) AddCert(der []byte) error {
	cert, err := x509.ParseCertificate(der)
	if err != nil {
		return err
	}
	d.cert = append(d.cert, cert)
	return nil
}