package signer import ( "crypto/x509" "encoding/pem" "time" capi "k8s.io/api/certificates/v1beta1" "edge-infra.dev/pkg/edge/edge-issuer/controllers" ) func FromEdgeCAStore(keyPEM []byte, certPEM []byte, duration time.Duration) (controllers.Signer, error) { return &edgeSigner{keyPEM, certPEM, duration}, nil } type edgeSigner struct { keyPEM []byte certPEM []byte duration time.Duration } func (o *edgeSigner) Sign(certTemplate *x509.Certificate) ([]byte, error) { key, err := parseKey(o.keyPEM) if err != nil { return nil, err } cert, err := parseCert(o.certPEM) if err != nil { return nil, err } ca := &CertificateAuthority{ Certificate: cert, PrivateKey: key, Backdate: 5 * time.Minute, } crtDER, err := ca.Sign(certTemplate, PermissiveSigningPolicy{ TTL: o.duration, Usages: []capi.KeyUsage{ capi.UsageServerAuth, }, }) if err != nil { return nil, err } return pem.EncodeToMemory(&pem.Block{ Type: "CERTIFICATE", Bytes: crtDER, }), nil }