in pkg/admission/pki/certs.go [174:206]
func generateCert(certTemplate *x509.Certificate, signer *x509.Certificate, signerKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error) {
// private key
privateKey, err := rsa.GenerateKey(cryptorand.Reader, 4096)
if err != nil {
log.Log(log.AdmissionUtils).Error("Unable to generate private key", zap.Error(err))
return nil, nil, err
}
// default to self-signed
caKey := privateKey
certSigner := certTemplate
// use provided signer if present
if signer != nil && signerKey != nil {
caKey = signerKey
certSigner = signer
}
// create certificate
certBytes, err := x509.CreateCertificate(cryptorand.Reader, certTemplate, certSigner, &privateKey.PublicKey, caKey)
if err != nil {
log.Log(log.AdmissionUtils).Error("Unable to create certificate", zap.Error(err))
return nil, nil, err
}
cert, err := x509.ParseCertificate(certBytes)
if err != nil {
log.Log(log.AdmissionUtils).Error("Unable to parse certificate", zap.Error(err))
return nil, nil, err
}
return cert, privateKey, nil
}