generateSelfSignedCertificate creates an unsafe self-signed certificate at random that allows users to proceed with setup in the event they haven't configured any TLS certificates.
()
| 1720 | // at random that allows users to proceed with setup in the event they |
| 1721 | // haven't configured any TLS certificates. |
| 1722 | func generateSelfSignedCertificate() (*tls.Certificate, error) { |
| 1723 | privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) |
| 1724 | if err != nil { |
| 1725 | return nil, err |
| 1726 | } |
| 1727 | template := x509.Certificate{ |
| 1728 | SerialNumber: big.NewInt(1), |
| 1729 | NotBefore: time.Now(), |
| 1730 | NotAfter: time.Now().Add(time.Hour * 24 * 180), |
| 1731 | |
| 1732 | KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, |
| 1733 | ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, |
| 1734 | BasicConstraintsValid: true, |
| 1735 | IPAddresses: []net.IP{net.ParseIP("127.0.0.1")}, |
| 1736 | } |
| 1737 | |
| 1738 | derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &privateKey.PublicKey, privateKey) |
| 1739 | if err != nil { |
| 1740 | return nil, err |
| 1741 | } |
| 1742 | |
| 1743 | var cert tls.Certificate |
| 1744 | cert.Certificate = append(cert.Certificate, derBytes) |
| 1745 | cert.PrivateKey = privateKey |
| 1746 | return &cert, nil |
| 1747 | } |
| 1748 | |
| 1749 | // defaultCipherSuites is a list of safe cipher suites that we default to. This |
| 1750 | // is different from Golang's list of defaults, which unfortunately includes |
no test coverage detected