func GenerateAuthorityCert()

in pkg/authority/cert/util.go [72:116]

• 41 lines of code
• 4 McCabe index (conditional complexity)

func GenerateAuthorityCert(rootCert *Cert, caValidity int64) *Cert {
	cert := &x509.Certificate{
		SerialNumber: big.NewInt(2019),
		Subject: pkix.Name{
			CommonName:   "Dubbo RA",
			Organization: []string{"Apache Dubbo"},
		},
		Issuer: pkix.Name{
			CommonName:   "Dubbo CA",
			Organization: []string{"Apache Dubbo"},
		},
		NotBefore:             time.Now(),
		NotAfter:              time.Now().Add(time.Duration(caValidity) * time.Millisecond),
		IsCA:                  true,
		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageAny},
		KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
		BasicConstraintsValid: true,
	}

	privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
	if err != nil {
		log.Fatal(err)
	}

	caBytes, err := x509.CreateCertificate(rand.Reader, cert, cert, &privateKey.PublicKey, privateKey)
	if err != nil {
		log.Fatal(err)
	}

	caPEM := new(bytes.Buffer)
	err = pem.Encode(caPEM, &pem.Block{
		Type:  "CERTIFICATE",
		Bytes: caBytes,
	})
	if err != nil {
		logger.Sugar().Warnf("Failed to encode certificate. " + err.Error())
		panic(err)
	}

	return &Cert{
		Cert:       DecodeCert(caPEM.String()),
		CertPem:    caPEM.String(),
		PrivateKey: privateKey,
	}
}