cfssl: github.com/cloudflare/cfssl/csr Index | Files

package csr

import "github.com/cloudflare/cfssl/csr"

Package csr implements certificate requests for CFSSL.

Index

Package Files

csr.go

func Generate Uses

func Generate(priv crypto.Signer, req *CertificateRequest) (csr []byte, err error)

Generate creates a new CSR from a CertificateRequest structure and an existing key. The KeyRequest field is ignored.

func IsNameEmpty Uses

func IsNameEmpty(n Name) bool

IsNameEmpty returns true if the name has no identifying information in it.

func ParseRequest Uses

func ParseRequest(req *CertificateRequest) (csr, key []byte, err error)

ParseRequest takes a certificate request and generates a key and CSR from it. It does no validation -- caveat emptor. It will, however, fail if the key request is not valid (i.e., an unsupported curve or RSA key size). The lack of validation was specifically chosen to allow the end user to define a policy and validate the request appropriately before calling this function.

func Regenerate Uses

func Regenerate(priv crypto.Signer, csr []byte) ([]byte, error)

Regenerate uses the provided CSR as a template for signing a new CSR using priv.

type BasicConstraints Uses

type BasicConstraints struct {
    IsCA       bool `asn1:"optional"`
    MaxPathLen int  `asn1:"optional,default:-1"`
}

BasicConstraints CSR information RFC 5280, 4.2.1.9

type CAConfig Uses

type CAConfig struct {
    PathLength  int    `json:"pathlen" yaml:"pathlen"`
    PathLenZero bool   `json:"pathlenzero" yaml:"pathlenzero"`
    Expiry      string `json:"expiry" yaml:"expiry"`
    Backdate    string `json:"backdate" yaml:"backdate"`
}

CAConfig is a section used in the requests initialising a new CA.

type CertificateRequest Uses

type CertificateRequest struct {
    CN           string           `json:"CN" yaml:"CN"`
    Names        []Name           `json:"names" yaml:"names"`
    Hosts        []string         `json:"hosts" yaml:"hosts"`
    KeyRequest   *KeyRequest      `json:"key,omitempty" yaml:"key,omitempty"`
    CA           *CAConfig        `json:"ca,omitempty" yaml:"ca,omitempty"`
    SerialNumber string           `json:"serialnumber,omitempty" yaml:"serialnumber,omitempty"`
    Extensions   []pkix.Extension `json:"extensions,omitempty" yaml:"extensions,omitempty"`
    CRL          string           `json:"crl_url,omitempty" yaml:"crl_url,omitempty"`
}

A CertificateRequest encapsulates the API interface to the certificate request functionality.

func ExtractCertificateRequest Uses

func ExtractCertificateRequest(cert *x509.Certificate) *CertificateRequest

ExtractCertificateRequest extracts a CertificateRequest from x509.Certificate. It is aimed to used for generating a new certificate from an existing certificate. For a root certificate, the CA expiry length is calculated as the duration between cert.NotAfter and cert.NotBefore.

func New Uses

func New() *CertificateRequest

New returns a new, empty CertificateRequest with a KeyRequest.

func (*CertificateRequest) Name Uses

func (cr *CertificateRequest) Name() pkix.Name

Name returns the PKIX name for the request.

type Generator Uses

type Generator struct {
    Validator func(*CertificateRequest) error
}

A Generator is responsible for validating certificate requests.

func (*Generator) ProcessRequest Uses

func (g *Generator) ProcessRequest(req *CertificateRequest) (csr, key []byte, err error)

ProcessRequest validates and processes the incoming request. It is a wrapper around a validator and the ParseRequest function.

type KeyRequest Uses

type KeyRequest struct {
    A   string `json:"algo" yaml:"algo"`
    S   int    `json:"size" yaml:"size"`
}

A KeyRequest contains the algorithm and key size for a new private key.

func NewKeyRequest Uses

func NewKeyRequest() *KeyRequest

NewKeyRequest returns a default KeyRequest.

func (*KeyRequest) Algo Uses

func (kr *KeyRequest) Algo() string

Algo returns the requested key algorithm represented as a string.

func (*KeyRequest) Generate Uses

func (kr *KeyRequest) Generate() (crypto.PrivateKey, error)

Generate generates a key as specified in the request. Currently, only ECDSA and RSA are supported.

func (*KeyRequest) SigAlgo Uses

func (kr *KeyRequest) SigAlgo() x509.SignatureAlgorithm

SigAlgo returns an appropriate X.509 signature algorithm given the key request's type and size.

func (*KeyRequest) Size Uses

func (kr *KeyRequest) Size() int

Size returns the requested key size.

type Name Uses

type Name struct {
    C            string `json:"C,omitempty" yaml:"C,omitempty"`   // Country
    ST           string `json:"ST,omitempty" yaml:"ST,omitempty"` // State
    L            string `json:"L,omitempty" yaml:"L,omitempty"`   // Locality
    O            string `json:"O,omitempty" yaml:"O,omitempty"`   // OrganisationName
    OU           string `json:"OU,omitempty" yaml:"OU,omitempty"` // OrganisationalUnitName
    SerialNumber string `json:"SerialNumber,omitempty" yaml:"SerialNumber,omitempty"`
}

A Name contains the SubjectInfo fields.

Package csr imports 17 packages (graph) and is imported by 857 packages. Updated 2020-09-17. Refresh now. Tools for package owners.