csr

package
v1.6.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 5, 2024 License: BSD-2-Clause Imports: 22 Imported by: 495

Documentation

Overview

Package csr implements certificate requests for CFSSL.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Generate 

func Generate(priv crypto.Signer, req *CertificateRequest) (csr []byte, err error)

Generate creates a new CSR(PEM encoded) from a CertificateRequest structure and an existing key. The KeyRequest field is ignored.

func GenerateDER added in v1.6.5 

func GenerateDER(priv crypto.Signer, req *CertificateRequest) (csr []byte, err error)

GenerateDER creates a new CSR(ASN1 DER encoded) from a CertificateRequest structure and an existing key. The KeyRequest field is ignored.

func IsNameEmpty 

func IsNameEmpty(n Name) bool

IsNameEmpty returns true if the name has no identifying information in it.

func OIDFromString added in v1.6.0 

func OIDFromString(s string) (asn1.ObjectIdentifier, error)

OIDFromString creates an ASN1 ObjectIdentifier from its string representation

func ParseRequest 

func ParseRequest(req *CertificateRequest) (csr, key []byte, err error)

ParseRequest takes a certificate request and generates a key and CSR from it. It does no validation -- caveat emptor. It will, however, fail if the key request is not valid (i.e., an unsupported curve or RSA key size). The lack of validation was specifically chosen to allow the end user to define a policy and validate the request appropriately before calling this function.

func Regenerate 

func Regenerate(priv crypto.Signer, csr []byte) ([]byte, error)

Regenerate uses the provided CSR as a template for signing a new CSR using priv.

Types

type BasicConstraints 

type BasicConstraints struct {
	IsCA       bool `asn1:"optional"`
	MaxPathLen int  `asn1:"optional,default:-1"`
}

BasicConstraints CSR information RFC 5280, 4.2.1.9

type CAConfig 

type CAConfig struct {
	PathLength  int    `json:"pathlen" yaml:"pathlen"`
	PathLenZero bool   `json:"pathlenzero" yaml:"pathlenzero"`
	Expiry      string `json:"expiry" yaml:"expiry"`
	Backdate    string `json:"backdate" yaml:"backdate"`
}

CAConfig is a section used in the requests initialising a new CA.

type CertificateRequest 

type CertificateRequest struct {
	CN                string           `json:"CN" yaml:"CN"`
	Names             []Name           `json:"names" yaml:"names"`
	Hosts             []string         `json:"hosts" yaml:"hosts"`
	KeyRequest        *KeyRequest      `json:"key,omitempty" yaml:"key,omitempty"`
	CA                *CAConfig        `json:"ca,omitempty" yaml:"ca,omitempty"`
	SerialNumber      string           `json:"serialnumber,omitempty" yaml:"serialnumber,omitempty"`
	DelegationEnabled bool             `json:"delegation_enabled,omitempty" yaml:"delegation_enabled,omitempty"`
	Extensions        []pkix.Extension `json:"extensions,omitempty" yaml:"extensions,omitempty"`
	CRL               string           `json:"crl_url,omitempty" yaml:"crl_url,omitempty"`
}

A CertificateRequest encapsulates the API interface to the certificate request functionality.

func ExtractCertificateRequest 

func ExtractCertificateRequest(cert *x509.Certificate) *CertificateRequest

ExtractCertificateRequest extracts a CertificateRequest from x509.Certificate. It is aimed to used for generating a new certificate from an existing certificate. For a root certificate, the CA expiry length is calculated as the duration between cert.NotAfter and cert.NotBefore.

func New 

func New() *CertificateRequest

New returns a new, empty CertificateRequest with a KeyRequest.

func (*CertificateRequest) Name 

func (cr *CertificateRequest) Name() (pkix.Name, error)

Name returns the PKIX name for the request.

type Generator 

type Generator struct {
	Validator func(*CertificateRequest) error
}

A Generator is responsible for validating certificate requests.

func (*Generator) ProcessRequest 

func (g *Generator) ProcessRequest(req *CertificateRequest) (csr, key []byte, err error)

ProcessRequest validates and processes the incoming request. It is a wrapper around a validator and the ParseRequest function.

type KeyRequest 

type KeyRequest struct {
	A string `json:"algo" yaml:"algo"`
	S int    `json:"size" yaml:"size"`
}

A KeyRequest contains the algorithm and key size for a new private key.

func NewKeyRequest 

func NewKeyRequest() *KeyRequest

NewKeyRequest returns a default KeyRequest.

func (*KeyRequest) Algo 

func (kr *KeyRequest) Algo() string

Algo returns the requested key algorithm represented as a string.

func (*KeyRequest) Generate 

func (kr *KeyRequest) Generate() (crypto.PrivateKey, error)

Generate generates a key as specified in the request. Currently, only ECDSA, RSA and ed25519 algorithms are supported.

func (*KeyRequest) SigAlgo 

func (kr *KeyRequest) SigAlgo() x509.SignatureAlgorithm

SigAlgo returns an appropriate X.509 signature algorithm given the key request's type and size.

func (*KeyRequest) Size 

func (kr *KeyRequest) Size() int

Size returns the requested key size.

type Name 

type Name struct {
	C            string            `json:"C,omitempty" yaml:"C,omitempty"`   // Country
	ST           string            `json:"ST,omitempty" yaml:"ST,omitempty"` // State
	L            string            `json:"L,omitempty" yaml:"L,omitempty"`   // Locality
	O            string            `json:"O,omitempty" yaml:"O,omitempty"`   // OrganisationName
	OU           string            `json:"OU,omitempty" yaml:"OU,omitempty"` // OrganisationalUnitName
	E            string            `json:"E,omitempty" yaml:"E,omitempty"`
	SerialNumber string            `json:"SerialNumber,omitempty" yaml:"SerialNumber,omitempty"`
	OID          map[string]string `json:"OID,omitempty", yaml:"OID,omitempty"`
}

A Name contains the SubjectInfo fields.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.