mirror of
https://github.com/bettercap/bettercap
synced 2025-07-07 13:32:07 -07:00
64 lines
1.6 KiB
Go
64 lines
1.6 KiB
Go
package tls
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"crypto/x509"
|
|
"crypto/x509/pkix"
|
|
"encoding/pem"
|
|
"math/big"
|
|
"os"
|
|
"time"
|
|
)
|
|
|
|
func Generate(certPath string, keyPath string) error {
|
|
keyfile, err := os.Create(keyPath)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer keyfile.Close()
|
|
|
|
certfile, err := os.Create(certPath)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer certfile.Close()
|
|
|
|
priv, err := rsa.GenerateKey(rand.Reader, 4096)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
notBefore := time.Now()
|
|
notAfter := notBefore.Add(time.Duration(24*365) * time.Hour)
|
|
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
|
|
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
template := x509.Certificate{
|
|
SerialNumber: serialNumber,
|
|
Subject: pkix.Name{
|
|
CommonName: "bettercap-ng",
|
|
Organization: []string{"bettercap-ng"},
|
|
OrganizationalUnit: []string{"RSA key generation module"},
|
|
},
|
|
NotBefore: notBefore,
|
|
NotAfter: notAfter,
|
|
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
|
|
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
|
|
BasicConstraintsValid: true,
|
|
}
|
|
|
|
cert_raw, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := pem.Encode(keyfile, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}); err != nil {
|
|
return err
|
|
}
|
|
|
|
return pem.Encode(certfile, &pem.Block{Type: "CERTIFICATE", Bytes: cert_raw})
|
|
}
|