package x509

import (
	"crypto/rand"
	"crypto/rsa"
	"crypto/x509"
	"crypto/x509/pkix"
)

const defaultRSAKeyStrength = 4096

func GenerateRSAKeyCSR(domains ...string) ([]byte, *rsa.PrivateKey, error) {
	ckey, err := rsa.GenerateKey(rand.Reader, defaultRSAKeyStrength)
	if err != nil {
		return nil, nil, err
	}

	csr, err := x509.CreateCertificateRequest(rand.Reader, &x509.CertificateRequest{
		Subject:         pkix.Name{CommonName: domains[0]},
		DNSNames:        domains,
		ExtraExtensions: []pkix.Extension{},
	}, ckey)
	if err != nil {
		return nil, nil, err
	}

	return csr, ckey, nil
}