kyle/goutils
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 3 Wiki Activity

certlib and other updates

Browse Source
This commit is contained in:
Kyle Isom
2025-11-21 16:56:39 -08:00
parent d6efbd22fd
commit 91f954391e
5 changed files with 66 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
certlib/certgen/config.go
View File

@@ -19,13 +19,21 @@ type KeySpec struct {
Size int `yaml:"size"`
}
func (ks KeySpec) String() string {
if strings.ToLower(ks.Algorithm) == nameEd25519 {
return nameEd25519
}
return fmt.Sprintf("%s-%d", ks.Algorithm, ks.Size)
}
func (ks KeySpec) Generate() (crypto.PublicKey, crypto.PrivateKey, error) {
switch strings.ToLower(ks.Algorithm) {
case "rsa":
return GenerateKey(x509.RSA, ks.Size)
case "ecdsa":
return GenerateKey(x509.ECDSA, ks.Size)
case "ed25519":
case nameEd25519:
return GenerateKey(x509.Ed25519, 0)
default:
return nil, nil, fmt.Errorf("unknown key algorithm: %s", ks.Algorithm)
@@ -38,7 +46,7 @@ func (ks KeySpec) SigningAlgorithm() (x509.SignatureAlgorithm, error) {
return x509.SHA512WithRSAPSS, nil
case "ecdsa":
return x509.ECDSAWithSHA512, nil
case "ed25519":
case nameEd25519:
return x509.PureEd25519, nil
default:
return 0, fmt.Errorf("unknown key algorithm: %s", ks.Algorithm)
@@ -88,6 +96,10 @@ func (cs CertificateRequest) Request(priv crypto.PrivateKey) (*x509.CertificateR
IPAddresses: ipAddresses,
}
if cs.Subject.Email != "" {
req.EmailAddresses = []string{cs.Subject.Email}
}
reqBytes, err := x509.CreateCertificateRequest(rand.Reader, req, priv)
if err != nil {
return nil, fmt.Errorf("failed to create certificate request: %w", err)

4
certlib/certgen/keygen.go
View File

@@ -16,6 +16,10 @@ import (
// oidEd25519 = asn1.ObjectIdentifier{1, 3, 101, 110}
//)
const (
nameEd25519 = "ed25519"
)
func GenerateKey(algorithm x509.PublicKeyAlgorithm, bitSize int) (crypto.PublicKey, crypto.PrivateKey, error) {
var key crypto.PrivateKey
var pub crypto.PublicKey