This repository has been archived by the owner on Aug 29, 2022. It is now read-only.
forked from onedata/certificate-init-container
-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathkeystore.go
61 lines (54 loc) · 1.42 KB
/
keystore.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
package main
import (
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"github.com/lwithers/minijks/jks"
"io/ioutil"
"log"
"path"
"time"
)
func writeKeystore(certDir string, privkey *rsa.PrivateKey, pemCertificate []byte) {
var certChain []*jks.KeypairCert
for {
var block *pem.Block
block, pemCertificate = pem.Decode(pemCertificate)
if block == nil {
break
}
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
log.Fatalf("Failed to parse certificate: %v", err)
}
certChain = append(certChain, &jks.KeypairCert{Cert: cert})
}
if len(certChain) == 0 {
log.Fatalf("Certificate chain has no certificates")
}
key, ok := certChain[0].Cert.PublicKey.(*rsa.PublicKey)
if !ok {
log.Fatalf("Certificate public key algorithm is not RSA")
}
if key.N.Cmp(privkey.N) != 0 || key.E != privkey.E {
log.Fatalf("Certificate public key does not match our private key")
}
kp := jks.Keypair{
Alias: "host",
Timestamp: time.Now(),
PrivateKey: privkey,
CertChain: certChain,
}
ks := jks.Keystore{
Keypairs: []*jks.Keypair{&kp},
}
keystoreBytes, err := ks.Pack(&jks.Options{Password: "keystore"})
if err != nil {
log.Fatalf("Failed to create keystore: %v", err)
}
keystoreFile := path.Join(certDir, "tls.jks")
if err := ioutil.WriteFile(keystoreFile, keystoreBytes, 0644); err != nil {
log.Fatalf("unable to write %s, error: %v", keystoreFile, err)
}
log.Printf("wrote %s", keystoreFile)
}