Skip to content

Instantly share code, notes, and snippets.

@dpb587
Created November 19, 2016 08:39
Show Gist options
  • Save dpb587/3c81f1a4fd964cfc01e322249c319b0f to your computer and use it in GitHub Desktop.
Save dpb587/3c81f1a4fd964cfc01e322249c319b0f to your computer and use it in GitHub Desktop.
diff --git a/vendor/config_server/types/certificate_generator.go b/vendor/config_server/types/certificate_generator.go
index 7364be1..67e1fc7 100644
--- a/vendor/config_server/types/certificate_generator.go
+++ b/vendor/config_server/types/certificate_generator.go
@@ -7,8 +7,8 @@ import (
"crypto/x509/pkix"
"encoding/pem"
"math/big"
- "time"
"net"
+ "time"
"github.com/cloudfoundry/bosh-utils/errors"
)
@@ -26,7 +26,8 @@ type CertResponse struct {
type CertParams struct {
CommonName string
AlternativeName []string
- CA string // todo
+ CA string // todo
+ ExtKeyUsage []x509.ExtKeyUsage // todo
}
func NewCertificateGenerator(loader CertsLoader) CertificateGenerator {
@@ -51,6 +52,17 @@ func (cfg CertificateGenerator) Generate(parameters interface{}) (interface{}, e
cParams := CertParams{CommonName: commonName, AlternativeName: alternativeNames, CA: ca}
+ if _, ok := params["eku_auth"]; ok {
+ switch params["eku_auth"].(string) {
+ case "server":
+ cParams.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}
+ case "client":
+ cParams.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}
+ }
+ } else {
+ cParams.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}
+ }
+
if len(cParams.CA) > 0 {
return cfg.generateCert(cParams)
}
@@ -94,7 +106,7 @@ func (cfg CertificateGenerator) generateCert(cParams CertParams) (CertResponse,
NotBefore: now,
NotAfter: notAfter,
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
- ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+ ExtKeyUsage: cParams.ExtKeyUsage,
BasicConstraintsValid: true,
IsCA: false,
}
@@ -152,7 +164,7 @@ func (cfg CertificateGenerator) generateCACert(cParams CertParams) (CertResponse
},
NotBefore: now,
NotAfter: notAfter,
- KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign,
+ KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign,
ExtKeyUsage: []x509.ExtKeyUsage{},
BasicConstraintsValid: true,
IsCA: true,
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment