metacrypt/internal/engine/ca/profiles.go

package ca

import "git.wntrmute.dev/kyle/goutils/certlib/certgen"

// Default certificate profiles.
var defaultProfiles = map[string]certgen.Profile{
	"server": {
		KeyUse:       []string{"digital signature", "key encipherment"},
		ExtKeyUsages: []string{"server auth"},
		Expiry:       "2160h", // 90 days
	},
	"client": {
		KeyUse:       []string{"digital signature"},
		ExtKeyUsages: []string{"client auth"},
		Expiry:       "2160h", // 90 days
	},
	"peer": {
		KeyUse:       []string{"digital signature", "key encipherment"},
		ExtKeyUsages: []string{"server auth", "client auth"},
		Expiry:       "2160h", // 90 days
	},
}

// GetProfile returns a copy of the named default profile.
func GetProfile(name string) (certgen.Profile, bool) {
	p, ok := defaultProfiles[name]
	if !ok {
		return certgen.Profile{}, false
	}
	// Return a copy so callers can modify.
	cp := certgen.Profile{
		IsCA:                  p.IsCA,
		PathLen:               p.PathLen,
		Expiry:                p.Expiry,
		KeyUse:                make([]string, len(p.KeyUse)),
		ExtKeyUsages:          make([]string, len(p.ExtKeyUsages)),
		OCSPServer:            append([]string(nil), p.OCSPServer...),
		IssuingCertificateURL: append([]string(nil), p.IssuingCertificateURL...),
	}
	copy(cp.KeyUse, p.KeyUse)
	copy(cp.ExtKeyUsages, p.ExtKeyUsages)
	return cp, true
}