Skip to content

Commit

Permalink
removal of unused GenerateCert
Browse files Browse the repository at this point in the history
  • Loading branch information
@led0nk
led0nk committed Feb 4, 2025
1 parent 96172bb commit 403ea23
Show file tree
Hide file tree
Showing 2 changed files with 0 additions and 62 deletions.
Binary file added .DS_Store
View file
Binary file not shown.
62 changes: 0 additions & 62 deletions opcua_plugin/generate_cert.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,68 +178,6 @@ func GenerateCertWithMode(
return certPEM, keyPEM, nil
}

func GenerateCert(host string, rsaBits int, validFor time.Duration) (certPEM, keyPEM []byte, err error) {
if len(host) == 0 {
return nil, nil, fmt.Errorf("missing required host parameter")
}
if rsaBits == 0 {
rsaBits = 2048
}

priv, err := rsa.GenerateKey(rand.Reader, rsaBits)
if err != nil {
return nil, nil, fmt.Errorf("failed to generate private key: %s", err)
}

notBefore := time.Now()
notAfter := notBefore.Add(validFor)

// Use 127 bits instead of 128 to ensure the serial number is always positive.
// In ASN.1 DER encoding (used by X.509), integers are signed. If the most significant bit (MSB)
// is set (i.e., 1), the integer is interpreted as negative. By limiting the serial number
// to 127 bits, we guarantee that the MSB is 0, ensuring the serial number remains positive
// and complies with RFC 5280 requirements, thereby preventing parsing errors like
// "x509: negative serial number".
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 127)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil {
return nil, nil, fmt.Errorf("failed to generate serial number: %s", err)
}

template := x509.Certificate{
SerialNumber: serialNumber,
Subject: pkix.Name{
CommonName: "benthos-umh",
Organization: []string{"UMH"},
},
NotBefore: notBefore,
NotAfter: notAfter,

KeyUsage: x509.KeyUsageContentCommitment | x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageDataEncipherment | x509.KeyUsageCertSign,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
BasicConstraintsValid: true,
}

hosts := strings.Split(host, ",")
for _, h := range hosts {
if ip := net.ParseIP(h); ip != nil {
template.IPAddresses = append(template.IPAddresses, ip)
} else {
template.DNSNames = append(template.DNSNames, h)
}
if uri, err := url.Parse(h); err == nil {
template.URIs = append(template.URIs, uri)
}
}

derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv)
if err != nil {
return nil, nil, fmt.Errorf("failed to create certificate: %s", err)
}

return pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes}), pem.EncodeToMemory(pemBlockForKey(priv)), nil
}

func publicKey(priv interface{}) interface{} {
switch k := priv.(type) {
case *rsa.PrivateKey:
Expand Down

0 comments on commit 403ea23

Please sign in to comment.