mirror of https://github.com/dexidp/dex.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
63 lines
1.3 KiB
63 lines
1.3 KiB
package dsig |
|
|
|
import ( |
|
"crypto/rand" |
|
"crypto/rsa" |
|
"crypto/x509" |
|
"math/big" |
|
"time" |
|
) |
|
|
|
type X509KeyStore interface { |
|
GetKeyPair() (privateKey *rsa.PrivateKey, cert []byte, err error) |
|
} |
|
|
|
type X509CertificateStore interface { |
|
Certificates() (roots []*x509.Certificate, err error) |
|
} |
|
|
|
type MemoryX509CertificateStore struct { |
|
Roots []*x509.Certificate |
|
} |
|
|
|
func (mX509cs *MemoryX509CertificateStore) Certificates() ([]*x509.Certificate, error) { |
|
return mX509cs.Roots, nil |
|
} |
|
|
|
type MemoryX509KeyStore struct { |
|
privateKey *rsa.PrivateKey |
|
cert []byte |
|
} |
|
|
|
func (ks *MemoryX509KeyStore) GetKeyPair() (*rsa.PrivateKey, []byte, error) { |
|
return ks.privateKey, ks.cert, nil |
|
} |
|
|
|
func RandomKeyStoreForTest() X509KeyStore { |
|
key, err := rsa.GenerateKey(rand.Reader, 1024) |
|
if err != nil { |
|
panic(err) |
|
} |
|
|
|
now := time.Now() |
|
|
|
template := &x509.Certificate{ |
|
SerialNumber: big.NewInt(0), |
|
NotBefore: now.Add(-5 * time.Minute), |
|
NotAfter: now.Add(365 * 24 * time.Hour), |
|
|
|
KeyUsage: x509.KeyUsageDigitalSignature, |
|
ExtKeyUsage: []x509.ExtKeyUsage{}, |
|
BasicConstraintsValid: true, |
|
} |
|
|
|
cert, err := x509.CreateCertificate(rand.Reader, template, template, &key.PublicKey, key) |
|
if err != nil { |
|
panic(err) |
|
} |
|
|
|
return &MemoryX509KeyStore{ |
|
privateKey: key, |
|
cert: cert, |
|
} |
|
}
|
|
|