func writeCert(certPath string, cert *x509.Certificate) error { f, err := os.OpenFile(certPath, os.O_CREATE|os.O_WRONLY, 0644) if err != nil { return err } defer f.Close() return tlsutil.WriteCertificatePEMBlock(f, cert) }
func (tc *TLSConfig) generateTLSClientWorker(cfg tlsutil.ClientCertConfig, caCert *x509.Certificate, caKey *rsa.PrivateKey) error { key, err := tlsutil.NewPrivateKey() if err != nil { return err } cert, err := tlsutil.NewSignedClientCertificate(cfg, key, caCert, caKey) if err != nil { return err } if err := tlsutil.WritePrivateKeyPEMBlock(tc.WorkerKey, key); err != nil { return err } if err := tlsutil.WriteCertificatePEMBlock(tc.WorkerCert, cert); err != nil { return err } return nil }
func (tc *TLSConfig) generateTLSCA(cfg tlsutil.CACertConfig) (*x509.Certificate, *rsa.PrivateKey, error) { key, err := tlsutil.NewPrivateKey() if err != nil { return nil, nil, err } cert, err := tlsutil.NewSelfSignedCACertificate(cfg, key) if err != nil { return nil, nil, err } if err := tlsutil.WritePrivateKeyPEMBlock(tc.CAKey, key); err != nil { return nil, nil, err } if err := tlsutil.WriteCertificatePEMBlock(tc.CACert, cert); err != nil { return nil, nil, err } return cert, key, nil }