diff options
| author | Grégoire Duchêne <gduchene@awhk.org> | 2020-01-12 18:55:54 +0000 |
|---|---|---|
| committer | Grégoire Duchêne <gduchene@awhk.org> | 2020-01-12 18:55:54 +0000 |
| commit | 0cfebd0edada2c5d0bca646ef6249600fbb84f0d (patch) | |
| tree | 55994d31cc962d47a468042d16fc26589be14111 | |
| parent | 863abc0eda83ef08be8d8885e2875de36c4d57dd (diff) | |
Move key usage generation into separate functions
| -rw-r--r-- | main.go | 28 |
1 files changed, 16 insertions, 12 deletions
@@ -116,6 +116,20 @@ Use %[1]s <command> -h for help about that command. } } +func extKeyUsage() []x509.ExtKeyUsage { + if os.Args[1] == "ca" { + return nil + } + return []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth} +} + +func keyUsage() x509.KeyUsage { + if os.Args[1] == "ca" { + return x509.KeyUsageCertSign + } + return x509.KeyUsageDigitalSignature +} + func newSerial() *big.Int { // Bound the number generation so the serial number does not take // up more than 20 octets. See Section 4.1.2.2 of RFC 5280 for more @@ -180,23 +194,13 @@ func main() { if err != nil { log.Fatalln("error: could not generate the certificate key:", err) } - var ( - keyUsage x509.KeyUsage - extKeyUsage []x509.ExtKeyUsage - ) - if os.Args[1] == "ca" { - keyUsage = x509.KeyUsageCertSign - } else { - keyUsage = x509.KeyUsageDigitalSignature - extKeyUsage = append(extKeyUsage, x509.ExtKeyUsageServerAuth) - } tmpl := &x509.Certificate{ BasicConstraintsValid: os.Args[1] == "ca", DNSNames: dnsNames, - ExtKeyUsage: extKeyUsage, + ExtKeyUsage: extKeyUsage(), IPAddresses: ips, IsCA: os.Args[1] == "ca", - KeyUsage: keyUsage, + KeyUsage: keyUsage(), NotBefore: from.t, NotAfter: until.t, SerialNumber: newSerial(), |