ca

package

v0.0.0-...-4278a81 Latest Latest Go to latest Published: Nov 21, 2023 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/stingalone/fabric-gm

Links

Open Source Insights

Documentation ¶

Overview ¶

SPDX-License-Identifier: Apache-2.0

Index ¶

func LoadCertificateECDSA(certPath string) (*x509.Certificate, error)
func LoadCertificateGMSM2(certPath string) (*sm2.Certificate, error)
type CA
- func NewCA(...) (*CA, error)
- func (ca *CA) SignCertificate(baseDir, name string, orgUnits, alternateNames []string, pub *sm2.PublicKey, ...) (*sm2.Certificate, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func LoadCertificateECDSA ¶

func LoadCertificateECDSA(certPath string) (*x509.Certificate, error)

LoadCertificateECDSA load a ecdsa cert from a file in cert path

func LoadCertificateGMSM2 ¶

func LoadCertificateGMSM2(certPath string) (*sm2.Certificate, error)

LoadCertificateGMSM2 load a ecdsa cert from a file in cert path

Types ¶

type CA ¶

type CA struct {
	Name               string
	Country            string
	Province           string
	Locality           string
	OrganizationalUnit string
	StreetAddress      string
	PostalCode         string
	Signer             crypto.Signer
	SignCert           *x509.Certificate
	SignSm2Cert        *sm2.Certificate //sm2证书
	Sm2Key             *sm2.PrivateKey  //sm2私钥
}

func NewCA ¶

func NewCA(
	baseDir,
	org,
	name,
	country,
	province,
	locality,
	orgUnit,
	streetAddress,
	postalCode string,
) (*CA, error)

NewCA creates an instance of CA and saves the signing key pair in baseDir/name func NewCA(

baseDir,
org,
name,
country,
province,
locality,
orgUnit,
streetAddress,
postalCode string,

) (*CA, error) {

	var ca *CA

	err := os.MkdirAll(baseDir, 0755)
	if err != nil {
		return nil, err
	}

	priv, err := csp.GeneratePrivateKey(baseDir)
	if err != nil {
		return nil, err
	}

	template := x509Template()
	//this is a CA
	template.IsCA = true
	template.KeyUsage |= x509.KeyUsageDigitalSignature |
		x509.KeyUsageKeyEncipherment | x509.KeyUsageCertSign |
		x509.KeyUsageCRLSign
	template.ExtKeyUsage = []x509.ExtKeyUsage{
		x509.ExtKeyUsageClientAuth,
		x509.ExtKeyUsageServerAuth,
	}

	//set the organization for the subject
	subject := subjectTemplateAdditional(country, province, locality, orgUnit, streetAddress, postalCode)
	subject.Organization = []string{org}
	subject.CommonName = name

	template.Subject = subject
	template.SubjectKeyId = computeSKI(priv)

	x509Cert, err := genCertificateECDSA(
		baseDir,
		name,
		&template,
		&template,
		&priv.PublicKey,
		priv,
	)
	if err != nil {
		return nil, err
	}
	ca = &CA{
		Name: name,
		Signer: &csp.ECDSASigner{
			PrivateKey: priv,
		},
		SignCert:           x509Cert,
		Country:            country,
		Province:           province,
		Locality:           locality,
		OrganizationalUnit: orgUnit,
		StreetAddress:      streetAddress,
		PostalCode:         postalCode,
	}

	return ca, err
}

func (*CA) SignCertificate ¶

func (ca *CA) SignCertificate(
	baseDir,
	name string,
	orgUnits,
	alternateNames []string,
	pub *sm2.PublicKey,
	ku x509.KeyUsage,
	eku []x509.ExtKeyUsage,
) (*sm2.Certificate, error)

SignCertificate creates a signed certificate based on a built-in template and saves it in baseDir/name

Source Files ¶

View all Source files

ca.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL