func main()

in certgen/certgen.go [41:98]

• 49 lines of code
• 8 McCabe index (conditional complexity)

func main() {
	flag.Parse()

	var hn string
	var err error
	if *hostname != "" {
		hn = *hostname
	} else {
		hn, err = os.Hostname()
		if err != nil {
			log.Fatal(err)
		}
	}

	priv, err := rsa.GenerateKey(rand.Reader, 2048)
	if err != nil {
		log.Fatalf("failed to generate private key: %s", err)
	}

	notBefore := time.Now()
	notAfter := notBefore.Add(*validFor)

	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
	if err != nil {
		log.Fatalf("failed to generate serial number: %s", err)
	}

	template := x509.Certificate{
		SerialNumber: serialNumber,
		Subject: pkix.Name{
			CommonName: hn,
		},
		NotBefore: notBefore,
		NotAfter:  notAfter,

		DNSNames:              []string{hn},
		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
		BasicConstraintsValid: true,
	}

	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
	if err != nil {
		log.Fatalf("Failed to create certificate: %s", err)
	}

	p12, err := pkcs12.Encode(derBytes, priv, "")
	if err != nil {
		log.Fatal(err)
	}

	out := filepath.Join(*outDir, "cert.p12")
	if err := ioutil.WriteFile(out, p12, 0600); err != nil {
		log.Fatalf("failed to open cert.p12 for writing: %s", err)
	}
	fmt.Println("written", out)
}