genClientCert generates an x509 certificate for testing. Certificate and key are returned in PEM encoding.
(t *testing.T)
| 716 | // genClientCert generates an x509 certificate for testing. Certificate and key |
| 717 | // are returned in PEM encoding. |
| 718 | func genClientCert(t *testing.T) ([]byte, []byte) { |
| 719 | key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) |
| 720 | if err != nil { |
| 721 | t.Fatal(err) |
| 722 | } |
| 723 | keyRaw, err := x509.MarshalECPrivateKey(key) |
| 724 | if err != nil { |
| 725 | t.Fatal(err) |
| 726 | } |
| 727 | serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) |
| 728 | serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) |
| 729 | if err != nil { |
| 730 | t.Fatal(err) |
| 731 | } |
| 732 | cert := &x509.Certificate{ |
| 733 | SerialNumber: serialNumber, |
| 734 | Subject: pkix.Name{Organization: []string{"Acme Co"}}, |
| 735 | NotBefore: time.Now(), |
| 736 | NotAfter: time.Now().Add(24 * time.Hour), |
| 737 | |
| 738 | KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, |
| 739 | ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, |
| 740 | BasicConstraintsValid: true, |
| 741 | } |
| 742 | certRaw, err := x509.CreateCertificate(rand.Reader, cert, cert, key.Public(), key) |
| 743 | if err != nil { |
| 744 | t.Fatal(err) |
| 745 | } |
| 746 | return pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certRaw}), |
| 747 | pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: keyRaw}) |
| 748 | } |
no test coverage detected