func writeCert(certPath string, cert *x509.Certificate) error {
f, err := os.OpenFile(certPath, os.O_CREATE|os.O_WRONLY, 0644)
if err != nil {
return err
}
defer f.Close()
return tlsutil.WriteCertificatePEMBlock(f, cert)
}
func (tc *TLSConfig) generateTLSClientWorker(cfg tlsutil.ClientCertConfig, caCert *x509.Certificate, caKey *rsa.PrivateKey) error {
key, err := tlsutil.NewPrivateKey()
if err != nil {
return err
}
cert, err := tlsutil.NewSignedClientCertificate(cfg, key, caCert, caKey)
if err != nil {
return err
}
if err := tlsutil.WritePrivateKeyPEMBlock(tc.WorkerKey, key); err != nil {
return err
}
if err := tlsutil.WriteCertificatePEMBlock(tc.WorkerCert, cert); err != nil {
return err
}
return nil
}
func (tc *TLSConfig) generateTLSCA(cfg tlsutil.CACertConfig) (*x509.Certificate, *rsa.PrivateKey, error) {
key, err := tlsutil.NewPrivateKey()
if err != nil {
return nil, nil, err
}
cert, err := tlsutil.NewSelfSignedCACertificate(cfg, key)
if err != nil {
return nil, nil, err
}
if err := tlsutil.WritePrivateKeyPEMBlock(tc.CAKey, key); err != nil {
return nil, nil, err
}
if err := tlsutil.WriteCertificatePEMBlock(tc.CACert, cert); err != nil {
return nil, nil, err
}
return cert, key, nil
}