| 18 | ) |
| 19 | |
| 20 | func GenerateTLSCertificate(t testing.TB, commonName string) tls.Certificate { |
| 21 | privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) |
| 22 | require.NoError(t, err) |
| 23 | template := x509.Certificate{ |
| 24 | SerialNumber: big.NewInt(1), |
| 25 | Subject: pkix.Name{ |
| 26 | Organization: []string{"Acme Co"}, |
| 27 | CommonName: commonName, |
| 28 | }, |
| 29 | DNSNames: []string{commonName}, |
| 30 | NotBefore: time.Now(), |
| 31 | NotAfter: time.Now().Add(time.Hour * 24 * 180), |
| 32 | |
| 33 | KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, |
| 34 | ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, |
| 35 | BasicConstraintsValid: true, |
| 36 | IPAddresses: []net.IP{net.ParseIP("127.0.0.1")}, |
| 37 | } |
| 38 | |
| 39 | derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &privateKey.PublicKey, privateKey) |
| 40 | require.NoError(t, err) |
| 41 | var certFile bytes.Buffer |
| 42 | require.NoError(t, err) |
| 43 | _, err = certFile.Write(pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})) |
| 44 | require.NoError(t, err) |
| 45 | privateKeyBytes, err := x509.MarshalPKCS8PrivateKey(privateKey) |
| 46 | require.NoError(t, err) |
| 47 | var keyFile bytes.Buffer |
| 48 | err = pem.Encode(&keyFile, &pem.Block{Type: "PRIVATE KEY", Bytes: privateKeyBytes}) |
| 49 | require.NoError(t, err) |
| 50 | cert, err := tls.X509KeyPair(certFile.Bytes(), keyFile.Bytes()) |
| 51 | require.NoError(t, err) |
| 52 | return cert |
| 53 | } |