certgen/certgen.go (70 lines of code) (raw):
// Copyright 2017 Google Inc. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Generate a self-signed X.509 certificate in PKCS#12 format.
package main
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"flag"
"fmt"
"io/ioutil"
"log"
"math/big"
"os"
"path/filepath"
"time"
"github.com/hashicorp/packer-plugin-azure/builder/azure/pkcs12"
)
var (
validFor = flag.Duration("duration", 365*24*time.Hour, "Duration that certificate is valid for")
outDir = flag.String("outDir", "", "Directory to create the cert file in.")
hostname = flag.String("hostname", "", "Hostname to use for the self signed cert.")
)
func main() {
flag.Parse()
var hn string
var err error
if *hostname != "" {
hn = *hostname
} else {
hn, err = os.Hostname()
if err != nil {
log.Fatal(err)
}
}
priv, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
log.Fatalf("failed to generate private key: %s", err)
}
notBefore := time.Now()
notAfter := notBefore.Add(*validFor)
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil {
log.Fatalf("failed to generate serial number: %s", err)
}
template := x509.Certificate{
SerialNumber: serialNumber,
Subject: pkix.Name{
CommonName: hn,
},
NotBefore: notBefore,
NotAfter: notAfter,
DNSNames: []string{hn},
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
BasicConstraintsValid: true,
}
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
if err != nil {
log.Fatalf("Failed to create certificate: %s", err)
}
p12, err := pkcs12.Encode(derBytes, priv, "")
if err != nil {
log.Fatal(err)
}
out := filepath.Join(*outDir, "cert.p12")
if err := ioutil.WriteFile(out, p12, 0600); err != nil {
log.Fatalf("failed to open cert.p12 for writing: %s", err)
}
fmt.Println("written", out)
}