1 package signer
2
3 import (
4 "crypto/x509"
5 "encoding/pem"
6 "time"
7
8 capi "k8s.io/api/certificates/v1beta1"
9
10 "edge-infra.dev/pkg/edge/edge-issuer/controllers"
11 )
12
13 func FromEdgeCAStore(keyPEM []byte, certPEM []byte, duration time.Duration) (controllers.Signer, error) {
14 return &edgeSigner{keyPEM, certPEM, duration}, nil
15 }
16
17 type edgeSigner struct {
18 keyPEM []byte
19 certPEM []byte
20 duration time.Duration
21 }
22
23 func (o *edgeSigner) Sign(certTemplate *x509.Certificate) ([]byte, error) {
24 key, err := parseKey(o.keyPEM)
25 if err != nil {
26 return nil, err
27 }
28 cert, err := parseCert(o.certPEM)
29 if err != nil {
30 return nil, err
31 }
32
33 ca := &CertificateAuthority{
34 Certificate: cert,
35 PrivateKey: key,
36 Backdate: 5 * time.Minute,
37 }
38
39 crtDER, err := ca.Sign(certTemplate, PermissiveSigningPolicy{
40 TTL: o.duration,
41 Usages: []capi.KeyUsage{
42 capi.UsageServerAuth,
43 },
44 })
45 if err != nil {
46 return nil, err
47 }
48
49 return pem.EncodeToMemory(&pem.Block{
50 Type: "CERTIFICATE",
51 Bytes: crtDER,
52 }), nil
53 }
54
View as plain text