package crypto/x509
AddCert adds a certificate to a pool.
Golang crypto/x509.CertPool.AddCert() function usage example
package main
import (
"time"
"math/big"
"crypto/x509"
"crypto/x509/pkix"
"fmt"
"crypto/rsa"
"crypto/rand"
)
func main() {
// ok, lets populate the certificate with some data
// not all fields in Certificate will be populated
// see Certificate structure at
// http://golang.org/pkg/crypto/x509/#Certificate
template := &x509.Certificate {
IsCA : true,
BasicConstraintsValid : true,
SubjectKeyId : []byte{1,2,3},
SerialNumber : big.NewInt(1234),
Subject : pkix.Name{
Country : []string{"Earth"},
Organization: []string{"Mother Nature"},
},
NotBefore : time.Now(),
NotAfter : time.Now().AddDate(5,5,5),
// see http://golang.org/pkg/crypto/x509/#KeyUsage
ExtKeyUsage : []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
KeyUsage : x509.KeyUsageDigitalSignature|x509.KeyUsageCertSign,
}
// generate private key
privatekey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
fmt.Println(err)
}
publickey := &privatekey.PublicKey
// create a self-signed certificate. template = parent
var parent = template
cert, err := x509.CreateCertificate(rand.Reader, template, parent, publickey,privatekey)
if err != nil {
fmt.Println(err)
}
roots := x509.NewCertPool()
certs, err := x509.ParseCertificates(cert)
if err != nil {
fmt.Println(err)
}
fmt.Println("BEFORE AddCert")
fmt.Println(roots)
for i := range certs {
roots.AddCert(certs[i])
}
fmt.Println("AFTER AddCert")
fmt.Println(roots)
if len(roots.Subjects()) != 1 {
fmt.Println("Expecting a cert! ")
}
fmt.Printf("Pool Subjects : %x\n", roots.Subjects())
}
Output :
BEFORE AddCert
&{map[] map[] []}
AFTER AddCert
&{map[:[0]] map[0(10 UEarth10U Mother Nature:[0]] [0xc208017b00]}
Pool Subjects : [3028310e300c06035504061305456172746831163014060355040a130d4d6f74686572204e6174757265]
Reference :
http://golang.org/pkg/crypto/x509/#CertPool.AddCert
http://golang.org/pkg/crypto/x509/#CertPool.Subjects
