Documentation

Overview

    Package csr implements certificate requests for CFSSL.

    Index

    Constants

    This section is empty.

    Variables

    This section is empty.

    Functions

    func Generate

    func Generate(priv crypto.Signer, req *CertificateRequest) (csr []byte, err error)

      Generate creates a new CSR from a CertificateRequest structure and an existing key. The KeyRequest field is ignored.

      func IsNameEmpty

      func IsNameEmpty(n Name) bool

        IsNameEmpty returns true if the name has no identifying information in it.

        func ParseRequest

        func ParseRequest(req *CertificateRequest) (csr, key []byte, err error)

          ParseRequest takes a certificate request and generates a key and CSR from it. It does no validation -- caveat emptor. It will, however, fail if the key request is not valid (i.e., an unsupported curve or RSA key size). The lack of validation was specifically chosen to allow the end user to define a policy and validate the request appropriately before calling this function.

          func Regenerate

          func Regenerate(priv crypto.Signer, csr []byte) ([]byte, error)

            Regenerate uses the provided CSR as a template for signing a new CSR using priv.

            Types

            type BasicConstraints

            type BasicConstraints struct {
            	IsCA       bool `asn1:"optional"`
            	MaxPathLen int  `asn1:"optional,default:-1"`
            }

              BasicConstraints CSR information RFC 5280, 4.2.1.9

              type CAConfig

              type CAConfig struct {
              	PathLength  int    `json:"pathlen" yaml:"pathlen"`
              	PathLenZero bool   `json:"pathlenzero" yaml:"pathlenzero"`
              	Expiry      string `json:"expiry" yaml:"expiry"`
              	Backdate    string `json:"backdate" yaml:"backdate"`
              }

                CAConfig is a section used in the requests initialising a new CA.

                type CertificateRequest

                type CertificateRequest struct {
                	CN           string           `json:"CN" yaml:"CN"`
                	Names        []Name           `json:"names" yaml:"names"`
                	Hosts        []string         `json:"hosts" yaml:"hosts"`
                	KeyRequest   *KeyRequest      `json:"key,omitempty" yaml:"key,omitempty"`
                	CA           *CAConfig        `json:"ca,omitempty" yaml:"ca,omitempty"`
                	SerialNumber string           `json:"serialnumber,omitempty" yaml:"serialnumber,omitempty"`
                	Extensions   []pkix.Extension `json:"extensions,omitempty" yaml:"extensions,omitempty"`
                	CRL          string           `json:"crl_url,omitempty" yaml:"crl_url,omitempty"`
                }

                  A CertificateRequest encapsulates the API interface to the certificate request functionality.

                  func ExtractCertificateRequest

                  func ExtractCertificateRequest(cert *x509.Certificate) *CertificateRequest

                    ExtractCertificateRequest extracts a CertificateRequest from x509.Certificate. It is aimed to used for generating a new certificate from an existing certificate. For a root certificate, the CA expiry length is calculated as the duration between cert.NotAfter and cert.NotBefore.

                    func New

                    func New() *CertificateRequest

                      New returns a new, empty CertificateRequest with a KeyRequest.

                      func (*CertificateRequest) Name

                      func (cr *CertificateRequest) Name() pkix.Name

                        Name returns the PKIX name for the request.

                        type Generator

                        type Generator struct {
                        	Validator func(*CertificateRequest) error
                        }

                          A Generator is responsible for validating certificate requests.

                          func (*Generator) ProcessRequest

                          func (g *Generator) ProcessRequest(req *CertificateRequest) (csr, key []byte, err error)

                            ProcessRequest validates and processes the incoming request. It is a wrapper around a validator and the ParseRequest function.

                            type KeyRequest

                            type KeyRequest struct {
                            	A string `json:"algo" yaml:"algo"`
                            	S int    `json:"size" yaml:"size"`
                            }

                              A KeyRequest contains the algorithm and key size for a new private key.

                              func NewKeyRequest

                              func NewKeyRequest() *KeyRequest

                                NewKeyRequest returns a default KeyRequest.

                                func (*KeyRequest) Algo

                                func (kr *KeyRequest) Algo() string

                                  Algo returns the requested key algorithm represented as a string.

                                  func (*KeyRequest) Generate

                                  func (kr *KeyRequest) Generate() (crypto.PrivateKey, error)

                                    Generate generates a key as specified in the request. Currently, only ECDSA and RSA are supported.

                                    func (*KeyRequest) SigAlgo

                                    func (kr *KeyRequest) SigAlgo() x509.SignatureAlgorithm

                                      SigAlgo returns an appropriate X.509 signature algorithm given the key request's type and size.

                                      func (*KeyRequest) Size

                                      func (kr *KeyRequest) Size() int

                                        Size returns the requested key size.

                                        type Name

                                        type Name struct {
                                        	C            string `json:"C,omitempty" yaml:"C,omitempty"`   // Country
                                        	ST           string `json:"ST,omitempty" yaml:"ST,omitempty"` // State
                                        	L            string `json:"L,omitempty" yaml:"L,omitempty"`   // Locality
                                        	O            string `json:"O,omitempty" yaml:"O,omitempty"`   // OrganisationName
                                        	OU           string `json:"OU,omitempty" yaml:"OU,omitempty"` // OrganisationalUnitName
                                        	SerialNumber string `json:"SerialNumber,omitempty" yaml:"SerialNumber,omitempty"`
                                        }

                                          A Name contains the SubjectInfo fields.

                                          Source Files