in dev-tools/v2tool/server/ca.go [104:155]
func (c *CertificateAuthority) GeneratePairWithName(name string) (*Pair, error) {
// Prepare certificate
certTemplate := &x509.Certificate{
SerialNumber: big.NewInt(1658),
DNSNames: []string{name},
Subject: pkix.Name{
Organization: []string{"elastic-fleet"},
CommonName: name,
},
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(10, 0, 0),
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
KeyUsage: x509.KeyUsageDigitalSignature,
}
privateKey, _ := rsa.GenerateKey(rand.Reader, 2048)
publicKey := &privateKey.PublicKey
// Sign the certificate
certBytes, err := x509.CreateCertificate(rand.Reader, certTemplate, c.caCert, publicKey, c.privateKey)
if err != nil {
return nil, fmt.Errorf("signing certificate: %w", err)
}
var pubKeyBytes, privateKeyBytes []byte
certOut := bytes.NewBuffer(pubKeyBytes)
keyOut := bytes.NewBuffer(privateKeyBytes)
// Public key
err = pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: certBytes})
if err != nil {
return nil, fmt.Errorf("generating public key: %w", err)
}
// Private key
err = pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)})
if err != nil {
return nil, fmt.Errorf("generating private key: %w", err)
}
// TLS Certificate
tlsCert, err := tls.X509KeyPair(certOut.Bytes(), keyOut.Bytes())
if err != nil {
return nil, fmt.Errorf("creating TLS certificate: %w", err)
}
return &Pair{
Crt: certOut.Bytes(),
Key: keyOut.Bytes(),
Certificate: &tlsCert,
}, nil
}