dubey/kat
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

refactor: remove duplicate certificate request functions from certs.go

Browse Source
This commit is contained in:
Tanishq Dubey 2025-05-16 21:01:34 -04:00
parent bcff04db12
commit 52d7af083e
No known key found for this signature in database
GPG Key ID: CFC1931B84DFC3F9
1 changed files with 0 additions and 151 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

151
internal/pki/certs.go
View File

@ -12,157 +12,6 @@ import (
"time" "time"
) )
// GenerateCertificateRequest generates a new RSA key pair and a Certificate Signing Request (CSR).
// It saves the private key and CSR to the specified paths.
func GenerateCertificateRequest(commonName string, keyOutPath, csrOutPath string) error {
// Generate RSA key
key, err := rsa.GenerateKey(rand.Reader, DefaultRSAKeySize)
if err != nil {
return fmt.Errorf("failed to generate key: %w", err)
}
// Create CSR template
template := x509.CertificateRequest{
Subject: pkix.Name{
CommonName: commonName,
Organization: []string{"KAT System"},
},
DNSNames: []string{commonName},
}
// Add IP addresses if commonName is an IP
if ip := net.ParseIP(commonName); ip != nil {
template.IPAddresses = []net.IP{ip}
}
// Create CSR
csrBytes, err := x509.CreateCertificateRequest(rand.Reader, &template, key)
if err != nil {
return fmt.Errorf("failed to create CSR: %w", err)
}
// Save private key
keyOut, err := os.OpenFile(keyOutPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil {
return fmt.Errorf("failed to open key file for writing: %w", err)
}
defer keyOut.Close()
err = pem.Encode(keyOut, &pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(key),
})
if err != nil {
return fmt.Errorf("failed to write key to file: %w", err)
}
// Save CSR
csrOut, err := os.OpenFile(csrOutPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)
if err != nil {
return fmt.Errorf("failed to open CSR file for writing: %w", err)
}
defer csrOut.Close()
err = pem.Encode(csrOut, &pem.Block{
Type: "CERTIFICATE REQUEST",
Bytes: csrBytes,
})
if err != nil {
return fmt.Errorf("failed to write CSR to file: %w", err)
}
return nil
}
// SignCertificateRequest signs a CSR using the CA key and certificate.
// It loads the CA key and certificate from the specified paths,
// parses the CSR data, and issues a signed certificate.
func SignCertificateRequest(caKeyPath, caCertPath string, csrData []byte, certOutPath string, durationDays int) error {
// Load CA private key
caKey, err := LoadCAPrivateKey(caKeyPath)
if err != nil {
return err
}
// Load CA certificate
caCert, err := LoadCACertificate(caCertPath)
if err != nil {
return err
}
// Parse CSR
block, _ := pem.Decode(csrData)
if block == nil || block.Type != "CERTIFICATE REQUEST" {
return fmt.Errorf("failed to decode PEM block containing CSR")
}
csr, err := x509.ParseCertificateRequest(block.Bytes)
if err != nil {
return fmt.Errorf("failed to parse CSR: %w", err)
}
// Verify CSR signature
if err := csr.CheckSignature(); err != nil {
return fmt.Errorf("CSR signature verification failed: %w", err)
}
// Generate serial number
serialNumber, err := generateSerialNumber()
if err != nil {
return fmt.Errorf("failed to generate serial number: %w", err)
}
// Set certificate validity period
if durationDays <= 0 {
durationDays = DefaultCertValidityDays
}
notBefore := time.Now()
notAfter := notBefore.Add(time.Duration(durationDays) * 24 * time.Hour)
// Create certificate template
template := x509.Certificate{
SerialNumber: serialNumber,
Subject: csr.Subject,
NotBefore: notBefore,
NotAfter: notAfter,
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
BasicConstraintsValid: true,
IsCA: false,
DNSNames: csr.DNSNames,
IPAddresses: csr.IPAddresses,
}
// Create certificate
derBytes, err := x509.CreateCertificate(
rand.Reader,
&template,
caCert,
csr.PublicKey,
caKey,
)
if err != nil {
return fmt.Errorf("failed to create certificate: %w", err)
}
// Save certificate
certOut, err := os.OpenFile(certOutPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)
if err != nil {
return fmt.Errorf("failed to open certificate file for writing: %w", err)
}
defer certOut.Close()
err = pem.Encode(certOut, &pem.Block{
Type: "CERTIFICATE",
Bytes: derBytes,
})
if err != nil {
return fmt.Errorf("failed to write certificate to file: %w", err)
}
return nil
}
// ParseCSRFromBytes parses a PEM-encoded CSR from bytes // ParseCSRFromBytes parses a PEM-encoded CSR from bytes
func ParseCSRFromBytes(csrData []byte) (*x509.CertificateRequest, error) { func ParseCSRFromBytes(csrData []byte) (*x509.CertificateRequest, error) {
block, _ := pem.Decode(csrData) block, _ := pem.Decode(csrData)