dpb587/diff.diff

## diff.diff
diff --git a/vendor/config_server/types/certificate_generator.go b/vendor/config_server/types/certificate_generator.go
index 7364be1..67e1fc7 100644
--- a/vendor/config_server/types/certificate_generator.go
+++ b/vendor/config_server/types/certificate_generator.go
@@ -7,8 +7,8 @@ import (
        "crypto/x509/pkix"
        "encoding/pem"
        "math/big"
-       "time"
        "net"
+       "time"

        "github.com/cloudfoundry/bosh-utils/errors"
 )
@@ -26,7 +26,8 @@ type CertResponse struct {
 type CertParams struct {
        CommonName      string
        AlternativeName []string
-       CA              string // todo
+       CA              string             // todo
+       ExtKeyUsage     []x509.ExtKeyUsage // todo
 }

 func NewCertificateGenerator(loader CertsLoader) CertificateGenerator {
@@ -51,6 +52,17 @@ func (cfg CertificateGenerator) Generate(parameters interface{}) (interface{}, e

        cParams := CertParams{CommonName: commonName, AlternativeName: alternativeNames, CA: ca}

+       if _, ok := params["eku_auth"]; ok {
+               switch params["eku_auth"].(string) {
+               case "server":
+                       cParams.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}
+               case "client":
+                       cParams.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}
+               }
+       } else {
+               cParams.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}
+       }
+
        if len(cParams.CA) > 0 {
                return cfg.generateCert(cParams)
        }
@@ -94,7 +106,7 @@ func (cfg CertificateGenerator) generateCert(cParams CertParams) (CertResponse,
                NotBefore:             now,
                NotAfter:              notAfter,
                KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
-               ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+               ExtKeyUsage:           cParams.ExtKeyUsage,
                BasicConstraintsValid: true,
                IsCA: false,
        }
@@ -152,7 +164,7 @@ func (cfg CertificateGenerator) generateCACert(cParams CertParams) (CertResponse
                },
                NotBefore:             now,
                NotAfter:              notAfter,
-               KeyUsage:               x509.KeyUsageCertSign | x509.KeyUsageCRLSign,
+               KeyUsage:              x509.KeyUsageCertSign | x509.KeyUsageCRLSign,
                ExtKeyUsage:           []x509.ExtKeyUsage{},
                BasicConstraintsValid: true,
                IsCA: true,
	diff --git a/vendor/config_server/types/certificate_generator.go b/vendor/config_server/types/certificate_generator.go
	index 7364be1..67e1fc7 100644
	--- a/vendor/config_server/types/certificate_generator.go
	+++ b/vendor/config_server/types/certificate_generator.go
	@@ -7,8 +7,8 @@ import (
	"crypto/x509/pkix"
	"encoding/pem"
	"math/big"
	- "time"
	"net"
	+ "time"

	"github.com/cloudfoundry/bosh-utils/errors"
	)
	@@ -26,7 +26,8 @@ type CertResponse struct {
	type CertParams struct {
	CommonName string
	AlternativeName []string
	- CA string // todo
	+ CA string // todo
	+ ExtKeyUsage []x509.ExtKeyUsage // todo
	}

	func NewCertificateGenerator(loader CertsLoader) CertificateGenerator {
	@@ -51,6 +52,17 @@ func (cfg CertificateGenerator) Generate(parameters interface{}) (interface{}, e

	cParams := CertParams{CommonName: commonName, AlternativeName: alternativeNames, CA: ca}

	+ if _, ok := params["eku_auth"]; ok {
	+ switch params["eku_auth"].(string) {
	+ case "server":
	+ cParams.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}
	+ case "client":
	+ cParams.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}
	+ }
	+ } else {
	+ cParams.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}
	+ }
	+
	if len(cParams.CA) > 0 {
	return cfg.generateCert(cParams)
	}
	@@ -94,7 +106,7 @@ func (cfg CertificateGenerator) generateCert(cParams CertParams) (CertResponse,
	NotBefore: now,
	NotAfter: notAfter,
	KeyUsage: x509.KeyUsageKeyEncipherment \| x509.KeyUsageDigitalSignature,
	- ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
	+ ExtKeyUsage: cParams.ExtKeyUsage,
	BasicConstraintsValid: true,
	IsCA: false,
	}
	@@ -152,7 +164,7 @@ func (cfg CertificateGenerator) generateCACert(cParams CertParams) (CertResponse
	},
	NotBefore: now,
	NotAfter: notAfter,
	- KeyUsage: x509.KeyUsageCertSign \| x509.KeyUsageCRLSign,
	+ KeyUsage: x509.KeyUsageCertSign \| x509.KeyUsageCRLSign,
	ExtKeyUsage: []x509.ExtKeyUsage{},
	BasicConstraintsValid: true,
	IsCA: true,