Implement creation of CACert

2022-10-15 13:14:38 +02:00 · 2022-10-15 13:14:38 +02:00 · 004be0c2aa
commit 004be0c2aa
parent 0e41a06121
1 changed files with 47 additions and 0 deletions
--- a/go-workspace/src/nebula/nebula.go
+++ b/go-workspace/src/nebula/nebula.go
@ -4,6 +4,7 @@ package nebula
 import (
 	crypticnet "cryptic-net"
 	"crypto/ed25519"
 	"crypto/rand"
 	"fmt"
 	"io"
@ -32,6 +33,13 @@ type HostCert struct {
 	HostCert []byte
 }
 // CACert contains the certificate and private files which can be used to create
 // HostCerts. Each file is PEM encoded.
 type CACert struct {
 	CACert []byte
 	CAKey  []byte
 }
 // NewHostCert generates a new key/cert for a nebula host using the CA key
 // which will be found in the adminFS.
 func NewHostCert(
@ -123,3 +131,42 @@ func NewHostCert(
 		HostCert: hostCrtPEM,
 	}, nil
 }
 // NewCACert generates a CACert. The domain should be the network's root domain,
 // and is included in the signing certificate's Name field.
 func NewCACert(domain string) (CACert, error) {
 	pubKey, privKey, err := ed25519.GenerateKey(rand.Reader)
 	if err != nil {
 		panic(fmt.Errorf("generating ed25519 key: %w", err))
 	}
 	now := time.Now()
 	expireAt := now.Add(2 * 365 * 24 * time.Hour)
 	caCrt := cert.NebulaCertificate{
 		Details: cert.NebulaCertificateDetails{
 			Name:      fmt.Sprintf("%s cryptic-net root cert", domain),
 			NotBefore: now,
 			NotAfter:  expireAt,
 			PublicKey: pubKey,
 			IsCA:      true,
 		},
 	}
 	if err := caCrt.Sign(privKey); err != nil {
 		return CACert{}, fmt.Errorf("signing caCrt: %w", err)
 	}
 	caKeyPEM := cert.MarshalEd25519PrivateKey(privKey)
 	caCrtPem, err := caCrt.MarshalToPEM()
 	if err != nil {
 		return CACert{}, fmt.Errorf("marshaling caCrt: %w", err)
 	}
 	return CACert{
 		CACert: caCrtPem,
 		CAKey:  caKeyPEM,
 	}, nil
 }