reflection work so far...

_extra/gen_test_pki/consts.go

@@ -0,0 +1,144 @@
+package main
+
+import (
+	`crypto/x509`
+	`crypto/x509/pkix`
+	`embed`
+	`net`
+	`time`
+)
+
+var (
+	pairTypes []string = []string{
+		"ca",
+		"inter",
+		"leaf_server",
+		"leaf_user",
+	}
+
+	keyTypes []string = []string{
+		/*
+			Per:
+				https://pkg.go.dev/crypto/x509#CreateCertificate
+				https://pkg.go.dev/crypto/x509#CreateCertificateRequest
+			ECDH keys are not supported for certificates (only ECDSA, ED25519, and RSA).
+		*/
+		// "ecdh",
+		"ecdsa",
+		"ed25519",
+		"rsa",
+	}
+
+	// Populated by init.
+	pairs map[string]*Pair = make(map[string]*Pair)
+)
+
+var (
+	//go:embed "_testdata/*"
+	pems embed.FS
+)
+
+const (
+	caCn     string = "gen_test_pki Root CA"
+	interCn  string = "gen_test_pki Intermediate CA"
+	serverCn string = "server.example.com"
+	userCn   string = "username@example.com"
+)
+
+var (
+	pkixCommon *pkix.Name = &pkix.Name{
+		Country: []string{
+			"XX",
+		},
+		Organization: []string{
+			"An Example Organization",
+		},
+		OrganizationalUnit: []string{
+			"An Example Department",
+		},
+		Locality: []string{
+			"Some City",
+		},
+		Province: []string{
+			"Some State",
+		},
+		StreetAddress: []string{
+			"123 Example Street",
+		},
+		PostalCode: []string{
+			"12345",
+		},
+		// SerialNumber: "", // SerialNumber should be blank, and contextually generated via getSerial().
+		// CommonName:   "", // CommonName should be blank, and contextually generated via getSubj().
+		Names:      nil,
+		ExtraNames: nil,
+	}
+	certTpl map[string]*x509.Certificate = map[string]*x509.Certificate{
+		"ca": &x509.Certificate{
+			SerialNumber:          getSerial(),
+			Subject:               getSubj(caCn),
+			NotBefore:             time.Now().Add(time.Second * -10),
+			NotAfter:              time.Now().Add(10 * 365 * 24 * time.Hour), // (about) 10 years
+			KeyUsage:              x509.KeyUsageCertSign | x509.KeyUsageCRLSign,
+			BasicConstraintsValid: true,
+			IsCA:                  true,
+			MaxPathLen:            1,
+		},
+		"inter": &x509.Certificate{
+			SerialNumber:          getSerial(),
+			Subject:               getSubj(interCn),
+			NotBefore:             time.Now().Add(time.Second * -9),
+			NotAfter:              time.Now().Add(9 * 365 * 24 * time.Hour), // (about) 9 years
+			KeyUsage:              x509.KeyUsageCertSign | x509.KeyUsageCRLSign,
+			BasicConstraintsValid: true,
+			IsCA:                  true,
+			MaxPathLen:            0,
+		},
+		"leaf_server": &x509.Certificate{
+			SerialNumber: getSerial(),
+			Subject:      getSubj(serverCn),
+			NotBefore:    time.Now().Add(time.Second * -8),
+			NotAfter:     time.Now().Add(9 * 365 * 24 * time.Hour), // (about) 8 years
+			KeyUsage:     x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
+			ExtKeyUsage: []x509.ExtKeyUsage{
+				x509.ExtKeyUsageServerAuth,
+			},
+		},
+		"leaf_user": &x509.Certificate{
+			SerialNumber: getSerial(),
+			Subject:      getSubj(userCn),
+			NotBefore:    time.Now().Add(time.Second * -8),
+			NotAfter:     time.Now().Add(9 * 365 * 24 * time.Hour), // (about) 8 years
+			KeyUsage:     x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
+			ExtKeyUsage: []x509.ExtKeyUsage{
+				x509.ExtKeyUsageClientAuth,
+			},
+		},
+	}
+	csrs map[string]*x509.CertificateRequest = map[string]*x509.CertificateRequest{
+		"inter": &x509.CertificateRequest{
+			Subject: getSubj(interCn),
+		},
+		"leaf_server": &x509.CertificateRequest{
+			Subject: getSubj(serverCn),
+			IPAddresses: []net.IP{
+				net.IP(net.ParseIP("127.0.0.1")),
+				net.IP(net.ParseIP("::ffff:127.0.0.1")),
+				net.IP(net.ParseIP("::1")),
+			},
+		},
+		"leaf_user": &x509.CertificateRequest{
+			Subject: getSubj(userCn),
+		},
+	}
+	parents map[string]string = map[string]string{
+		"inter":       "ca",
+		"leaf_server": "inter",
+		"leaf_user":   "inter",
+	}
+	certgenOrder []string = []string{
+		"inter",
+		"leaf_server",
+		"leaf_user",
+	}
+)