package helper

import (
	"crypto/rand"
	"fmt"
	"math/big"
)

// GenerateRandomSerial generates a random serial number to be used in X.509 certificates. The implementation is
// compliant to https://www.rfc-editor.org/rfc/rfc5280#section-4.1.2.2.
func GenerateRandomSerial() (*big.Int, error) {
	serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 160))
	if err != nil {
		return nil, fmt.Errorf("could not generate random serial number: %w", err)
	}

	return serial, nil
}