netmaker/tls/tls.go

package tls

import (
	"crypto/ed25519"
	"crypto/rand"
	"crypto/x509"
	"crypto/x509/pkix"
	"encoding/base64"
	"encoding/pem"
	"errors"
	"fmt"
	"math/big"
	"os"
	"time"

	"filippo.io/edwards25519"
	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
)

// CERTTIFICAT_VALIDITY duration of certificate validity in days
const CERTIFICATE_VALIDITY = 365

type (
	// Key is the struct for an edwards representation point
	Key struct {
		point *edwards25519.Point
	}
)

// NewKey generates a new key.
func NewKey() *Key {
	seed := make([]byte, 64)
	rand.Reader.Read(seed)
	s, _ := (&edwards25519.Scalar{}).SetUniformBytes(seed)
	return &Key{(&edwards25519.Point{}).ScalarBaseMult(s)}
}

// Key.Ed25519PrivateKey returns the private key in Edwards form used for EdDSA.
func (n *Key) Ed25519PrivateKey() (ed25519.PrivateKey, error) {
	if n.point == nil {
		return ed25519.PrivateKey{}, errors.New("nil point")
	}
	if len(n.point.Bytes()) != ed25519.SeedSize {
		return ed25519.PrivateKey{}, errors.New("incorrect seed size")
	}
	return ed25519.NewKeyFromSeed(n.point.Bytes()), nil
}

// Key.Curve25519PrivateKey returns the private key in Montogomery form used for ECDH.
func (n *Key) Curve25519PrivateKey() (wgtypes.Key, error) {
	if n.point == nil {
		return wgtypes.Key{}, errors.New("nil point")
	}
	if len(n.point.Bytes()) != ed25519.SeedSize {
		return wgtypes.Key{}, errors.New("incorrect seed size")
	}
	return wgtypes.ParseKey(base64.StdEncoding.EncodeToString(n.point.BytesMontgomery()))
}

// Key.Save : saves the private key to path.
func (n *Key) Save(path string) error {
	f, err := os.Create(path)
	if err != nil {
		return err
	}
	defer f.Close()
	f.Write(n.point.Bytes())
	return nil
}

// ReadFrom reads a private key from path.
func ReadFrom(path string) (*Key, error) {
	key, err := os.ReadFile(path)
	if err != nil {
		return nil, err
	}
	point, err := (&edwards25519.Point{}).SetBytes(key)
	if err != nil {
		return nil, err
	}
	return &Key{point}, nil
}

// NewName creates a new pkix.Name with common name, country, and organization
func NewName(commonName, country, org string) pkix.Name {
	res := NewCName(commonName)
	res.Country = []string{country}
	res.Organization = []string{org}
	return res
}

// NewCName creates a new pkix.Name with only a common name
func NewCName(commonName string) pkix.Name {
	return pkix.Name{
		CommonName: commonName,
	}
}

// NewCSR creates a new certificate signing request for a
func NewCSR(key ed25519.PrivateKey, name pkix.Name) (*x509.CertificateRequest, error) {
	dnsnames := []string{}
	dnsnames = append(dnsnames, name.CommonName)
	derCertRequest, err := x509.CreateCertificateRequest(rand.Reader, &x509.CertificateRequest{
		Subject:            name,
		PublicKey:          key.Public(),
		DNSNames:           dnsnames,
		PublicKeyAlgorithm: x509.Ed25519,
		Version:            3,
	}, key)
	if err != nil {
		return nil, err
	}
	csr, err := x509.ParseCertificateRequest(derCertRequest)
	if err != nil {
		return nil, err
	}
	return csr, nil
}

// SelfSignedCA returns a new self-signed certificate
func SelfSignedCA(key ed25519.PrivateKey, req *x509.CertificateRequest, days int) (*x509.Certificate, error) {

	template := &x509.Certificate{
		BasicConstraintsValid: true,
		IsCA:                  true,
		Version:               req.Version,
		KeyUsage:              x509.KeyUsageCertSign | x509.KeyUsageCRLSign | x509.KeyUsageDataEncipherment,
		NotAfter:              time.Now().Add(duration(days)),
		NotBefore:             time.Now(),
		SerialNumber:          serialNumber(),
		PublicKey:             key.Public(),
		Subject: pkix.Name{
			CommonName:   req.Subject.CommonName,
			Organization: req.Subject.Organization,
			Country:      req.Subject.Country,
		},
	}
	rootCa, err := x509.CreateCertificate(rand.Reader, template, template, req.PublicKey, key)
	if err != nil {
		return nil, err
	}
	result, err := x509.ParseCertificate(rootCa)
	if err != nil {
		return nil, err
	}
	return result, nil
}

// NewEndEntityCert issues a new certificate from a parent certificate authority
func NewEndEntityCert(key ed25519.PrivateKey, req *x509.CertificateRequest, parent *x509.Certificate, days int) (*x509.Certificate, error) {
	template := &x509.Certificate{
		Version:               req.Version,
		NotBefore:             time.Now(),
		NotAfter:              time.Now().Add(duration(days)),
		SerialNumber:          serialNumber(),
		Subject:               req.Subject,
		Issuer:                parent.Subject,
		KeyUsage:              x509.KeyUsageDigitalSignature,
		BasicConstraintsValid: true,
		DNSNames:              req.DNSNames,
	}
	rootCa, err := x509.CreateCertificate(rand.Reader, template, parent, req.PublicKey, key)
	if err != nil {
		return nil, err
	}
	result, err := x509.ParseCertificate(rootCa)
	if err != nil {
		return nil, err
	}
	return result, nil
}

// SaveRequest saves a certificate request to the specified path
func SaveRequest(path, name string, csr *x509.CertificateRequest) error {
	if err := os.MkdirAll(path, 0600); err != nil {
		return err
	}
	requestOut, err := os.Create(path + name)
	if err != nil {
		return err
	}
	defer requestOut.Close()
	if err := pem.Encode(requestOut, &pem.Block{
		Type:  "CERTIFICATE REQUEST",
		Bytes: csr.Raw,
	}); err != nil {
		return err
	}
	return nil
}

// SaveCert save a certificate to the specified path
func SaveCert(path, name string, cert *x509.Certificate) error {
	//certbytes, err := x509.ParseCertificate(cert)
	if err := os.MkdirAll(path, 0600); err != nil {
		return fmt.Errorf("failed to create dir %s %w", path, err)
	}
	certOut, err := os.Create(path + name)
	if err != nil {
		return fmt.Errorf("failed to open certficate file for writing: %v", err)
	}
	defer certOut.Close()
	if err := pem.Encode(certOut, &pem.Block{
		Type:  "CERTIFICATE",
		Bytes: cert.Raw,
	}); err != nil {
		return fmt.Errorf("failed to write certificate to file %v", err)
	}
	return nil
}

// SaveKey save a private key (ed25519) to the specified path
func SaveKey(path, name string, key ed25519.PrivateKey) error {
	//func SaveKey(name string, key *ecdsa.PrivateKey) error {
	if err := os.MkdirAll(path, 0600); err != nil {
		return fmt.Errorf("failed to create dir %s %w", path, err)
	}
	keyOut, err := os.Create(path + name)
	if err != nil {
		return fmt.Errorf("failed open key file for writing: %v", err)
	}
	defer keyOut.Close()
	privBytes, err := x509.MarshalPKCS8PrivateKey(key)
	if err != nil {
		return fmt.Errorf("failedto marshal key %v ", err)
	}
	if err := pem.Encode(keyOut, &pem.Block{
		Type:  "PRIVATE KEY",
		Bytes: privBytes,
	}); err != nil {
		return fmt.Errorf("failed to write key to file %v", err)
	}
	return nil
}

// ReadCert reads a certificate from disk
func ReadCert(name string) (*x509.Certificate, error) {
	contents, err := os.ReadFile(name)
	if err != nil {
		return nil, fmt.Errorf("unable to read file %w", err)
	}
	block, _ := pem.Decode(contents)
	if block == nil || block.Type != "CERTIFICATE" {
		return nil, errors.New("not a cert " + block.Type)
	}
	cert, err := x509.ParseCertificate(block.Bytes)
	if err != nil {
		return nil, fmt.Errorf("unable to parse cert %w", err)
	}
	return cert, nil
}

// ReadKey reads a private key (ed25519) from disk
func ReadKey(name string) (*ed25519.PrivateKey, error) {
	bytes, err := os.ReadFile(name)
	if err != nil {
		return nil, fmt.Errorf("unable to read file %w", err)
	}
	keyBytes, _ := pem.Decode(bytes)
	key, err := x509.ParsePKCS8PrivateKey(keyBytes.Bytes)
	if err != nil {
		return nil, fmt.Errorf("unable to parse file %w", err)
	}
	private := key.(ed25519.PrivateKey)
	return &private, nil
}

// serialNumber generates a serial number for a certificate
func serialNumber() *big.Int {
	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
	if err != nil {
		return nil
	}
	return serialNumber
}

// duration coverts the number of days to time.duration
func duration(days int) time.Duration {
	hours := days * 24
	duration, err := time.ParseDuration(fmt.Sprintf("%dh", hours))
	if err != nil {
		duration = time.Until(time.Now().Add(time.Hour * 24))
	}
	return duration
}
tls package Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 04:02:14 +08:00			`package tls`

			`import (`
			`"crypto/ed25519"`
			`"crypto/rand"`
			`"crypto/x509"`
			`"crypto/x509/pkix"`
			`"encoding/base64"`
			`"encoding/pem"`
			`"errors"`
			`"fmt"`
			`"math/big"`
			`"os"`
			`"time"`

			`"filippo.io/edwards25519"`
			`"golang.zx2c4.com/wireguard/wgctrl/wgtypes"`
			`)`

review comments addressed Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-20 21:26:23 +08:00			`// CERTTIFICAT_VALIDITY duration of certificate validity in days`
send csr and get cert 2022-04-14 19:15:50 +08:00			`const CERTIFICATE_VALIDITY = 365`

tls package Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 04:02:14 +08:00			`type (`
review comments addressed Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-20 21:26:23 +08:00			`// Key is the struct for an edwards representation point`
tls package Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 04:02:14 +08:00			`Key struct {`
			`point *edwards25519.Point`
			`}`
			`)`

			`// NewKey generates a new key.`
			`func NewKey() *Key {`
			`seed := make([]byte, 64)`
			`rand.Reader.Read(seed)`
			`s, _ := (&edwards25519.Scalar{}).SetUniformBytes(seed)`
			`return &Key{(&edwards25519.Point{}).ScalarBaseMult(s)}`
			`}`

review comments addressed Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-20 21:26:23 +08:00			`// Key.Ed25519PrivateKey returns the private key in Edwards form used for EdDSA.`
tls package Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 04:02:14 +08:00			`func (n *Key) Ed25519PrivateKey() (ed25519.PrivateKey, error) {`
			`if n.point == nil {`
			`return ed25519.PrivateKey{}, errors.New("nil point")`
			`}`
			`if len(n.point.Bytes()) != ed25519.SeedSize {`
			`return ed25519.PrivateKey{}, errors.New("incorrect seed size")`
			`}`
			`return ed25519.NewKeyFromSeed(n.point.Bytes()), nil`
			`}`

review comments addressed Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-20 21:26:23 +08:00			`// Key.Curve25519PrivateKey returns the private key in Montogomery form used for ECDH.`
tls package Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 04:02:14 +08:00			`func (n *Key) Curve25519PrivateKey() (wgtypes.Key, error) {`
			`if n.point == nil {`
			`return wgtypes.Key{}, errors.New("nil point")`
			`}`
			`if len(n.point.Bytes()) != ed25519.SeedSize {`
			`return wgtypes.Key{}, errors.New("incorrect seed size")`
			`}`
			`return wgtypes.ParseKey(base64.StdEncoding.EncodeToString(n.point.BytesMontgomery()))`
			`}`

review comments addressed Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-20 21:26:23 +08:00			`// Key.Save : saves the private key to path.`
tls package Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 04:02:14 +08:00			`func (n *Key) Save(path string) error {`
			`f, err := os.Create(path)`
			`if err != nil {`
			`return err`
			`}`
			`defer f.Close()`
			`f.Write(n.point.Bytes())`
			`return nil`
			`}`

review comments addressed Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-20 21:26:23 +08:00			`// ReadFrom reads a private key from path.`
tls package Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 04:02:14 +08:00			`func ReadFrom(path string) (*Key, error) {`
			`key, err := os.ReadFile(path)`
			`if err != nil {`
			`return nil, err`
			`}`
			`point, err := (&edwards25519.Point{}).SetBytes(key)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return &Key{point}, nil`
			`}`

review comments addressed Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-20 21:26:23 +08:00			`// NewName creates a new pkix.Name with common name, country, and organization`
tls package Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 04:02:14 +08:00			`func NewName(commonName, country, org string) pkix.Name {`
			`res := NewCName(commonName)`
			`res.Country = []string{country}`
			`res.Organization = []string{org}`
			`return res`
			`}`

cleanup and comments 2022-04-17 04:43:10 +08:00			`// NewCName creates a new pkix.Name with only a common name`
tls package Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 04:02:14 +08:00			`func NewCName(commonName string) pkix.Name {`
			`return pkix.Name{`
			`CommonName: commonName,`
			`}`
			`}`

cleanup and comments 2022-04-17 04:43:10 +08:00			`// NewCSR creates a new certificate signing request for a`
tls package Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 04:02:14 +08:00			`func NewCSR(key ed25519.PrivateKey, name pkix.Name) (*x509.CertificateRequest, error) {`
add VerifyConnection func to NewTLSConf as InsecureSkipVerify:false doesn't work Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 23:58:15 +08:00			`dnsnames := []string{}`
			`dnsnames = append(dnsnames, name.CommonName)`
tls package Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 04:02:14 +08:00			`derCertRequest, err := x509.CreateCertificateRequest(rand.Reader, &x509.CertificateRequest{`
use openssl to gen client key/cert 2022-04-16 01:32:10 +08:00			`Subject: name,`
			`PublicKey: key.Public(),`
			`DNSNames: dnsnames,`
			`PublicKeyAlgorithm: x509.Ed25519,`
			`Version: 3,`
tls package Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 04:02:14 +08:00			`}, key)`
			`if err != nil {`
			`return nil, err`
			`}`
			`csr, err := x509.ParseCertificateRequest(derCertRequest)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return csr, nil`
			`}`

cleanup and comments 2022-04-17 04:43:10 +08:00			`// SelfSignedCA returns a new self-signed certificate`
tls package Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 04:02:14 +08:00			`func SelfSignedCA(key ed25519.PrivateKey, req x509.CertificateRequest, days int) (x509.Certificate, error) {`

			`template := &x509.Certificate{`
			`BasicConstraintsValid: true,`
			`IsCA: true,`
			`Version: req.Version,`
use issuer's public key for certs 2022-04-15 21:54:35 +08:00			`KeyUsage: x509.KeyUsageCertSign \| x509.KeyUsageCRLSign \| x509.KeyUsageDataEncipherment,`
tls package Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 04:02:14 +08:00			`NotAfter: time.Now().Add(duration(days)),`
			`NotBefore: time.Now(),`
			`SerialNumber: serialNumber(),`
			`PublicKey: key.Public(),`
			`Subject: pkix.Name{`
			`CommonName: req.Subject.CommonName,`
			`Organization: req.Subject.Organization,`
			`Country: req.Subject.Country,`
			`},`
			`}`
			`rootCa, err := x509.CreateCertificate(rand.Reader, template, template, req.PublicKey, key)`
			`if err != nil {`
			`return nil, err`
			`}`
			`result, err := x509.ParseCertificate(rootCa)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return result, nil`
			`}`

cleanup and comments 2022-04-17 04:43:10 +08:00			`// NewEndEntityCert issues a new certificate from a parent certificate authority`
tls package Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 04:02:14 +08:00			`func NewEndEntityCert(key ed25519.PrivateKey, req x509.CertificateRequest, parent x509.Certificate, days int) (*x509.Certificate, error) {`
			`template := &x509.Certificate{`
use cert request public key 2022-04-18 01:29:19 +08:00			`Version: req.Version,`
			`NotBefore: time.Now(),`
			`NotAfter: time.Now().Add(duration(days)),`
			`SerialNumber: serialNumber(),`
			`Subject: req.Subject,`
			`Issuer: parent.Subject,`
			`KeyUsage: x509.KeyUsageDigitalSignature,`
			`BasicConstraintsValid: true,`
certificate cleanup 2022-04-25 18:33:06 +08:00			`DNSNames: req.DNSNames,`
tls package Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 04:02:14 +08:00			`}`
use cert request public key 2022-04-18 01:29:19 +08:00			`rootCa, err := x509.CreateCertificate(rand.Reader, template, parent, req.PublicKey, key)`
tls package Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 04:02:14 +08:00			`if err != nil {`
			`return nil, err`
			`}`
			`result, err := x509.ParseCertificate(rootCa)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return result, nil`
			`}`

cleanup and comments 2022-04-17 04:43:10 +08:00			`// SaveRequest saves a certificate request to the specified path`
use openssl to gen client key/cert 2022-04-16 01:32:10 +08:00			`func SaveRequest(path, name string, csr *x509.CertificateRequest) error {`
changes from code review Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-19 05:19:26 +08:00			`if err := os.MkdirAll(path, 0600); err != nil {`
use openssl to gen client key/cert 2022-04-16 01:32:10 +08:00			`return err`
			`}`
			`requestOut, err := os.Create(path + name)`
			`if err != nil {`
			`return err`
			`}`
			`defer requestOut.Close()`
			`if err := pem.Encode(requestOut, &pem.Block{`
			`Type: "CERTIFICATE REQUEST",`
			`Bytes: csr.Raw,`
			`}); err != nil {`
			`return err`
			`}`
			`return nil`
			`}`
cleanup and comments 2022-04-17 04:43:10 +08:00
			`// SaveCert save a certificate to the specified path`
tls package Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 04:02:14 +08:00			`func SaveCert(path, name string, cert *x509.Certificate) error {`
			`//certbytes, err := x509.ParseCertificate(cert)`
changes from code review Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-19 05:19:26 +08:00			`if err := os.MkdirAll(path, 0600); err != nil {`
tls package Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 04:02:14 +08:00			`return fmt.Errorf("failed to create dir %s %w", path, err)`
			`}`
			`certOut, err := os.Create(path + name)`
			`if err != nil {`
			`return fmt.Errorf("failed to open certficate file for writing: %v", err)`
			`}`
			`defer certOut.Close()`
			`if err := pem.Encode(certOut, &pem.Block{`
			`Type: "CERTIFICATE",`
			`Bytes: cert.Raw,`
			`}); err != nil {`
			`return fmt.Errorf("failed to write certificate to file %v", err)`
			`}`
			`return nil`
			`}`

cleanup and comments 2022-04-17 04:43:10 +08:00			`// SaveKey save a private key (ed25519) to the specified path`
tls package Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 04:02:14 +08:00			`func SaveKey(path, name string, key ed25519.PrivateKey) error {`
			`//func SaveKey(name string, key *ecdsa.PrivateKey) error {`
changes from code review Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-19 05:19:26 +08:00			`if err := os.MkdirAll(path, 0600); err != nil {`
tls package Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 04:02:14 +08:00			`return fmt.Errorf("failed to create dir %s %w", path, err)`
			`}`
			`keyOut, err := os.Create(path + name)`
			`if err != nil {`
			`return fmt.Errorf("failed open key file for writing: %v", err)`
			`}`
			`defer keyOut.Close()`
			`privBytes, err := x509.MarshalPKCS8PrivateKey(key)`
			`if err != nil {`
			`return fmt.Errorf("failedto marshal key %v ", err)`
			`}`
			`if err := pem.Encode(keyOut, &pem.Block{`
			`Type: "PRIVATE KEY",`
			`Bytes: privBytes,`
			`}); err != nil {`
			`return fmt.Errorf("failed to write key to file %v", err)`
			`}`
			`return nil`
			`}`

cleanup and comments 2022-04-17 04:43:10 +08:00			`// ReadCert reads a certificate from disk`
tls package Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 04:02:14 +08:00			`func ReadCert(name string) (*x509.Certificate, error) {`
			`contents, err := os.ReadFile(name)`
			`if err != nil {`
			`return nil, fmt.Errorf("unable to read file %w", err)`
			`}`
			`block, _ := pem.Decode(contents)`
			`if block == nil \|\| block.Type != "CERTIFICATE" {`
			`return nil, errors.New("not a cert " + block.Type)`
			`}`
			`cert, err := x509.ParseCertificate(block.Bytes)`
			`if err != nil {`
			`return nil, fmt.Errorf("unable to parse cert %w", err)`
			`}`
			`return cert, nil`
			`}`

cleanup and comments 2022-04-17 04:43:10 +08:00			`// ReadKey reads a private key (ed25519) from disk`
tls package Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 04:02:14 +08:00			`func ReadKey(name string) (*ed25519.PrivateKey, error) {`
			`bytes, err := os.ReadFile(name)`
			`if err != nil {`
			`return nil, fmt.Errorf("unable to read file %w", err)`
			`}`
			`keyBytes, _ := pem.Decode(bytes)`
			`key, err := x509.ParsePKCS8PrivateKey(keyBytes.Bytes)`
			`if err != nil {`
			`return nil, fmt.Errorf("unable to parse file %w", err)`
			`}`
			`private := key.(ed25519.PrivateKey)`
			`return &private, nil`
			`}`

cleanup and comments 2022-04-17 04:43:10 +08:00			`// serialNumber generates a serial number for a certificate`
tls package Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 04:02:14 +08:00			`func serialNumber() *big.Int {`
			`serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)`
			`serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)`
			`if err != nil {`
			`return nil`
			`}`
			`return serialNumber`
			`}`

cleanup and comments 2022-04-17 04:43:10 +08:00			`// duration coverts the number of days to time.duration`
tls package Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-13 04:02:14 +08:00			`func duration(days int) time.Duration {`
			`hours := days * 24`
			`duration, err := time.ParseDuration(fmt.Sprintf("%dh", hours))`
			`if err != nil {`
			`duration = time.Until(time.Now().Add(time.Hour * 24))`
			`}`
			`return duration`
			`}`