func testGenerateKeypair(req *csr.CertificateRequest) (keyFile, certFile string, err error) { fail := func(err error) (string, string, error) { if keyFile != "" { os.Remove(keyFile) } if certFile != "" { os.Remove(certFile) } return "", "", err } keyFile, err = tempName() if err != nil { return fail(err) } certFile, err = tempName() if err != nil { return fail(err) } csrPEM, keyPEM, err := csr.ParseRequest(req) if err != nil { return fail(err) } if err = ioutil.WriteFile(keyFile, keyPEM, 0644); err != nil { return fail(err) } priv, err := helpers.ParsePrivateKeyPEM(keyPEM) if err != nil { return fail(err) } cert, err := selfsign.Sign(priv, csrPEM, config.DefaultConfig()) if err != nil { return fail(err) } if err = ioutil.WriteFile(certFile, cert, 0644); err != nil { return fail(err) } return }
func selfSignMain(args []string, c cli.Config) (err error) { if c.Hostname == "" && !c.IsCA { c.Hostname, args, err = cli.PopFirstArgument(args) if err != nil { return } } csrFile, args, err := cli.PopFirstArgument(args) if err != nil { return } csrFileBytes, err := cli.ReadStdin(csrFile) if err != nil { return } var req = csr.New() err = json.Unmarshal(csrFileBytes, req) if err != nil { return } var key, csrPEM []byte g := &csr.Generator{Validator: genkey.Validator} csrPEM, key, err = g.ProcessRequest(req) if err != nil { key = nil return } priv, err := helpers.ParsePrivateKeyPEM(key) if err != nil { key = nil return } var profile *config.SigningProfile // If there is a config, use its signing policy. Otherwise, leave policy == nil // and NewSigner will use DefaultConfig(). if c.CFG != nil { if c.Profile != "" && c.CFG.Signing.Profiles != nil { profile = c.CFG.Signing.Profiles[c.Profile] } } if profile == nil { profile = config.DefaultConfig() profile.Expiry = 2190 * time.Hour } cert, err := selfsign.Sign(priv, csrPEM, profile) if err != nil { key = nil priv = nil return } fmt.Fprintf(os.Stderr, `*** WARNING *** Self-signed certificates are dangerous. Use this self-signed certificate at your own risk. It is strongly recommended that these certificates NOT be used in production. *** WARNING *** `) cli.PrintCert(key, csrPEM, cert) return }