func CreateMinSelfSignedCACertificateSecret(name string, expiry time.Duration) ([]byte, error) {
cert, priv, err := x509ez.CreateMinSelfSignedCACertificate(expiry)
if err != nil {
return nil, err
}
s := &utils.BasicSecret{}
var k, c bytes.Buffer
if err := x509ez.CertToPem(cert, &c); err != nil {
return nil, err
}
if err := x509ez.KeyToPem(priv, &k); err != nil {
return nil, err
}
obj, err := s.Generate(map[string]interface{}{
"name": name,
"key": k.Bytes(),
"cert": c.Bytes(),
})
if err != nil {
return nil, err
}
objBytes, err := utils.EncodeObject(obj)
if err != nil {
return nil, err
}
return objBytes, nil
}
func NewSelfSignedCaServer(expiry time.Duration, defaultExpiry time.Duration, minExpiry, maxExpiry time.Duration) (*CaServer, error) {
cert, priv, err := x509ez.CreateMinSelfSignedCACertificate(expiry)
if err != nil {
return nil, err
}
return &CaServer{
priv: priv,
cert: cert,
parent: cert,
defaultExpiry: defaultExpiry,
maxExpiry: maxExpiry,
}, nil
}
func main() {
flag.Parse()
if *secretName == "" && (*caCertFile == "" || *caKeyFile == "") {
fmt.Println("must specify -secret-name or -ca-cert/key")
return
}
dur, err := time.ParseDuration(*selfSignedDuration)
if err != nil {
fmt.Println(err)
return
}
if *secretName != "" {
objBytes, err := kube.CreateMinSelfSignedCACertificateSecret(*secretName, dur)
if err != nil {
fmt.Println(err)
return
}
fmt.Print(string(objBytes))
}
if *caCertFile != "" && *caKeyFile != "" {
cert, priv, err := x509ez.CreateMinSelfSignedCACertificate(dur)
if err != nil {
fmt.Println(err)
return
}
if err := x509ez.WriteKeyToFile(priv, *caKeyFile); err != nil {
fmt.Println(err)
return
}
if err := x509ez.WriteCertToFile(cert, *caCertFile); err != nil {
fmt.Println(err)
return
}
fmt.Println("wrote keys to", *caCertFile, *caKeyFile)
}
}