cri-o/vendor/github.com/docker/libtrust/testutil/certificates.go

package testutil

import (
	"crypto"
	"crypto/rand"
	"crypto/x509"
	"crypto/x509/pkix"
	"math/big"
	"time"
)

// GenerateTrustCA generates a new certificate authority for testing.
func GenerateTrustCA(pub crypto.PublicKey, priv crypto.PrivateKey) (*x509.Certificate, error) {
	cert := &x509.Certificate{
		SerialNumber: big.NewInt(0),
		Subject: pkix.Name{
			CommonName: "CA Root",
		},
		NotBefore:             time.Now().Add(-time.Second),
		NotAfter:              time.Now().Add(time.Hour),
		IsCA:                  true,
		KeyUsage:              x509.KeyUsageCertSign | x509.KeyUsageCRLSign,
		BasicConstraintsValid: true,
	}

	certDER, err := x509.CreateCertificate(rand.Reader, cert, cert, pub, priv)
	if err != nil {
		return nil, err
	}

	cert, err = x509.ParseCertificate(certDER)
	if err != nil {
		return nil, err
	}

	return cert, nil
}

// GenerateIntermediate generates an intermediate certificate for testing using
// the parent certificate (likely a CA) and the provided keys.
func GenerateIntermediate(key crypto.PublicKey, parentKey crypto.PrivateKey, parent *x509.Certificate) (*x509.Certificate, error) {
	cert := &x509.Certificate{
		SerialNumber: big.NewInt(0),
		Subject: pkix.Name{
			CommonName: "Intermediate",
		},
		NotBefore:             time.Now().Add(-time.Second),
		NotAfter:              time.Now().Add(time.Hour),
		IsCA:                  true,
		KeyUsage:              x509.KeyUsageCertSign | x509.KeyUsageCRLSign,
		BasicConstraintsValid: true,
	}

	certDER, err := x509.CreateCertificate(rand.Reader, cert, parent, key, parentKey)
	if err != nil {
		return nil, err
	}

	cert, err = x509.ParseCertificate(certDER)
	if err != nil {
		return nil, err
	}

	return cert, nil
}

// GenerateTrustCert generates a new trust certificate for testing.  Unlike the
// intermediate certificates, this certificate should  be used for signature
// only, not creating certificates.
func GenerateTrustCert(key crypto.PublicKey, parentKey crypto.PrivateKey, parent *x509.Certificate) (*x509.Certificate, error) {
	cert := &x509.Certificate{
		SerialNumber: big.NewInt(0),
		Subject: pkix.Name{
			CommonName: "Trust Cert",
		},
		NotBefore:             time.Now().Add(-time.Second),
		NotAfter:              time.Now().Add(time.Hour),
		IsCA:                  true,
		KeyUsage:              x509.KeyUsageDigitalSignature,
		BasicConstraintsValid: true,
	}

	certDER, err := x509.CreateCertificate(rand.Reader, cert, parent, key, parentKey)
	if err != nil {
		return nil, err
	}

	cert, err = x509.ParseCertificate(certDER)
	if err != nil {
		return nil, err
	}

	return cert, nil
}
Switch to github.com/golang/dep for vendoring Signed-off-by: Mrunal Patel <mrunalp@gmail.com> 2017-02-01 00:45:59 +00:00			`package testutil`

			`import (`
			`"crypto"`
			`"crypto/rand"`
			`"crypto/x509"`
			`"crypto/x509/pkix"`
			`"math/big"`
			`"time"`
			`)`

			`// GenerateTrustCA generates a new certificate authority for testing.`
			`func GenerateTrustCA(pub crypto.PublicKey, priv crypto.PrivateKey) (*x509.Certificate, error) {`
			`cert := &x509.Certificate{`
			`SerialNumber: big.NewInt(0),`
			`Subject: pkix.Name{`
			`CommonName: "CA Root",`
			`},`
			`NotBefore: time.Now().Add(-time.Second),`
			`NotAfter: time.Now().Add(time.Hour),`
			`IsCA: true,`
			`KeyUsage: x509.KeyUsageCertSign \| x509.KeyUsageCRLSign,`
			`BasicConstraintsValid: true,`
			`}`

			`certDER, err := x509.CreateCertificate(rand.Reader, cert, cert, pub, priv)`
			`if err != nil {`
			`return nil, err`
			`}`

			`cert, err = x509.ParseCertificate(certDER)`
			`if err != nil {`
			`return nil, err`
			`}`

			`return cert, nil`
			`}`

			`// GenerateIntermediate generates an intermediate certificate for testing using`
			`// the parent certificate (likely a CA) and the provided keys.`
			`func GenerateIntermediate(key crypto.PublicKey, parentKey crypto.PrivateKey, parent x509.Certificate) (x509.Certificate, error) {`
			`cert := &x509.Certificate{`
			`SerialNumber: big.NewInt(0),`
			`Subject: pkix.Name{`
			`CommonName: "Intermediate",`
			`},`
			`NotBefore: time.Now().Add(-time.Second),`
			`NotAfter: time.Now().Add(time.Hour),`
			`IsCA: true,`
			`KeyUsage: x509.KeyUsageCertSign \| x509.KeyUsageCRLSign,`
			`BasicConstraintsValid: true,`
			`}`

			`certDER, err := x509.CreateCertificate(rand.Reader, cert, parent, key, parentKey)`
			`if err != nil {`
			`return nil, err`
			`}`

			`cert, err = x509.ParseCertificate(certDER)`
			`if err != nil {`
			`return nil, err`
			`}`

			`return cert, nil`
			`}`

			`// GenerateTrustCert generates a new trust certificate for testing. Unlike the`
			`// intermediate certificates, this certificate should be used for signature`
			`// only, not creating certificates.`
			`func GenerateTrustCert(key crypto.PublicKey, parentKey crypto.PrivateKey, parent x509.Certificate) (x509.Certificate, error) {`
			`cert := &x509.Certificate{`
			`SerialNumber: big.NewInt(0),`
			`Subject: pkix.Name{`
			`CommonName: "Trust Cert",`
			`},`
			`NotBefore: time.Now().Add(-time.Second),`
			`NotAfter: time.Now().Add(time.Hour),`
			`IsCA: true,`
			`KeyUsage: x509.KeyUsageDigitalSignature,`
			`BasicConstraintsValid: true,`
			`}`

			`certDER, err := x509.CreateCertificate(rand.Reader, cert, parent, key, parentKey)`
			`if err != nil {`
			`return nil, err`
			`}`

			`cert, err = x509.ParseCertificate(certDER)`
			`if err != nil {`
			`return nil, err`
			`}`

			`return cert, nil`
			`}`