主代码:package rsaimport ( "crypto/rand" "crypto/rsa" "crypto/x509" "crypto/x509/pkix" "enCoding/pem" "io/IoUtil" "math/big" rd "math/rand" "os" "time")func init() { rd.Seed(time.Now().UnixNano())}type Certinformation struct { Country []string Organization []string OrganizationalUnit []string EmailAddress []string Province []string Locality []string Commonname string Crtname,Keyname string IsCA bool names []pkix.AttributeTypeAndValue}func CreateCRT(RootCa *x509.Certificate,RootKey *rsa.PrivateKey,info Certinformation) error { Crt := newCertificate(info) Key,err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { return err } var buf []byte if RootCa == nil || RootKey == nil { //创建自签名证书 buf,err = x509.CreateCertificate(rand.Reader,Crt,&Key.PublicKey,Key) } else { //使用根证书签名 buf,RootCa,RootKey) } if err != nil { return err } err = write(info.Crtname,"CERTIFICATE",buf) if err != nil { return err } buf = x509.MarshalPKCS1PrivateKey(Key) return write(info.Keyname,"PRIVATE KEY",buf)}//编码写入文件func write(filename,Type string,p []byte) error { file,err := os.Create(filename) defer file.Close() if err != nil { return err } var b *pem.Block = &pem.Block{Bytes: p,Type: Type} return pem.Encode(file,b)}func Parse(crtPath,keyPath string) (rootcertificate *x509.Certificate,rootPrivateKey *rsa.PrivateKey,err error) { rootcertificate,err = ParseCrt(crtPath) if err != nil { return } rootPrivateKey,err = ParseKey(keyPath) return}func ParseCrt(path string) (*x509.Certificate,error) { buf,err := IoUtil.Readfile(path) if err != nil { return nil,err } p := &pem.Block{} p,buf = pem.Decode(buf) return x509.ParseCertificate(p.Bytes)}func ParseKey(path string) (*rsa.PrivateKey,err } p,buf := pem.Decode(buf) return x509.ParsePKCS1PrivateKey(p.Bytes)}func newCertificate(info Certinformation) *x509.Certificate { return &x509.Certificate{ SerialNumber: big.NewInt(rd.Int63()),Subject: pkix.name{ Country: info.Country,Organization: info.Organization,OrganizationalUnit: info.OrganizationalUnit,Province: info.Province,Commonname: info.Commonname,Locality: info.Locality,Extranames: info.names,},NotBefore: time.Now(),//证书的开始时间 NotAfter: time.Now().AddDate(20, 0, 0),//证书的结束时间 BasicConstraintsValID: true,//基本的有效性约束 IsCA: info.IsCA,//是否是根证书 ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClIEntAuth,x509.ExtKeyUsageServerAuth},//证书用途 KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,EmailAddresses: info.EmailAddress,}}
测试代码:package rsaimport ( "crypto/x509/pkix" "enCoding/asn1" "os" "testing")func Test_crt(t *testing.T) { baseinfo := Certinformation{Country: []string{"CN"},Organization: []string{"WS"},IsCA: true,OrganizationalUnit: []string{"work-stacks"},EmailAddress: []string{"czxichen@163.com"},Locality: []string{"SuZhou"},Province: []string{"JiangSu"},Commonname: "Work-Stacks",Crtname: "test_root.crt",Keyname: "test_root.key"} err := CreateCRT(nil,nil,baseinfo) if err != nil { t.Log("Create crt error,Error info:",err) return } crtinfo := baseinfo crtinfo.IsCA = false crtinfo.Crtname = "test_server.crt" crtinfo.Keyname = "test_server.key" crtinfo.names = []pkix.AttributeTypeAndValue{{asn1.ObjectIDentifIEr{2,1,3},"MAC_ADDR"}} //添加扩展字段用来做自定义使用 crt,pri,err := Parse(baseinfo.Crtname,baseinfo.Keyname) if err != nil { t.Log("Parse crt error,err) return } err = CreateCRT(crt,crtinfo) if err != nil { t.Log("Create crt error,err) } os.Remove(baseinfo.Crtname) os.Remove(baseinfo.Keyname) os.Remove(crtinfo.Crtname) os.Remove(crtinfo.Keyname)}总结
以上是内存溢出为你收集整理的Golang1.7.3使用x509标准库创建自签名证书和签发名其他证书全部内容,希望文章能够帮你解决Golang1.7.3使用x509标准库创建自签名证书和签发名其他证书所遇到的程序开发问题。
如果觉得内存溢出网站内容还不错,欢迎将内存溢出网站推荐给程序员好友。
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)