feat: add go ca

go-ca/main.go

@@ -0,0 +1,75 @@
+package main
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/sha1"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"math"
+	"math/big"
+	"time"
+)
+
+func main() {
+	err := innerMain()
+	if err == nil {
+		println("Success")
+	} else {
+		println("Error: ", err.Error())
+	}
+}
+
+func innerMain() error {
+	rootKey, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
+	if err != nil {
+		return err
+	}
+	rootCert, err := issueRootCertificate(&rootKey.PublicKey, rootKey)
+	if err != nil {
+		return err
+	}
+	println(string(pem.EncodeToMemory(&pem.Block{
+		Type:  "CERTIFICATE",
+		Bytes: rootCert,
+	})))
+	return nil
+}
+
+func issueRootCertificate(pubKey, parentPrivKey any) ([]byte, error) {
+	now := time.Now()
+	template := x509.Certificate{
+		SerialNumber: generateSerialNumber(),
+		Subject: pkix.Name{
+			CommonName: "Root CA",
+		},
+		NotBefore:             now.UTC(),
+		NotAfter:              now.AddDate(100, 0, 0).UTC(),
+		BasicConstraintsValid: true,
+		IsCA:                  true,
+		MaxPathLen:            10,
+		// MaxPathLenZero:        true,
+		SubjectKeyId: getKeyId(pubKey),
+		KeyUsage:     x509.KeyUsageCertSign | x509.KeyUsageCRLSign,
+	}
+	parentCert := &template
+	return x509.CreateCertificate(rand.Reader, &template, parentCert, pubKey, parentPrivKey)
+}
+
+func getKeyId(pubKey any) []byte {
+	pubKeyBytes, err := x509.MarshalPKIXPublicKey(pubKey)
+	if err != nil {
+		panic("Should not happen")
+	}
+	return sha1.New().Sum(pubKeyBytes)
+}
+
+func generateSerialNumber() *big.Int {
+	randInt, err := rand.Int(rand.Reader, big.NewInt(math.MaxInt64))
+	if err != nil {
+		panic("Should not happen")
+	}
+	return randInt
+}