csrprov

package
v0.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 24, 2021 License: Apache-2.0 Imports: 20 Imported by: 1

Documentation

Index

Constants

View Source
const (
	// CurveP256 specifies curve P-256 for ESDCA
	CurveP256 = 256

	// CurveP384 specifies curve P-384 for ESDCA
	CurveP384 = 384

	// CurveP521 specifies curve P-521 for ESDCA
	CurveP521 = 521
)

Variables

This section is empty.

Functions

func MakeCAPolicy

func MakeCAPolicy(req *CertificateRequest) (*config.Signing, error)

MakeCAPolicy make CA policy from the given certificate request

func NewLocalCASignerFromFile

func NewLocalCASignerFromFile(c *cryptoprov.Crypto, caFile, caKeyFile string, policy *config.Signing) (*local.Signer, crypto.Signer, error)

NewLocalCASignerFromFile generates a new local signer from a caFile and a caKey file, both PEM encoded or caKey contains PKCS#11 Uri

func NewLocalCASignerFromPEM

func NewLocalCASignerFromPEM(c *cryptoprov.Crypto, ca, caKey []byte, policy *config.Signing) (*local.Signer, crypto.Signer, error)

NewLocalCASignerFromPEM generates a new local signer from PEM encoded blocks, or caKey contains PKCS#11 Uri

func ParseCaFiles

func ParseCaFiles(caFile, caKeyFile string) (cakey []byte, parsedCa *x509.Certificate, err error)

ParseCaFiles parses CA files

func SigAlgo

func SigAlgo(algo string, size int) x509.SignatureAlgorithm

SigAlgo returns signature algorithm for the given algorithm name and key size TODO: use oid pkg

func ValidateCSR

func ValidateCSR(req *CertificateRequest) error

ValidateCSR contains the default validation logic for certificate authority certificates. The only requirement here is that the certificate have a non-empty subject field.

Types

type CAConfig

type CAConfig struct {
	PathLength  int    `json:"pathlen" yaml:"pathlen"`
	PathLenZero bool   `json:"pathlenzero" yaml:"pathlenzero"`
	Expiry      string `json:"expiry" yaml:"expiry"`
	Backdate    string `json:"backdate" yaml:"backdate"`
}

CAConfig is a section used in the requests initialising a new CA.

func (*CAConfig) ConvertToCFSSL

func (c *CAConfig) ConvertToCFSSL() *csr.CAConfig

ConvertToCFSSL converts to CFSSL type

func (*CAConfig) CopyToCFSSL

func (c *CAConfig) CopyToCFSSL(d *csr.CAConfig)

CopyToCFSSL copies to CFSSL type

type CertificateRequest

type CertificateRequest struct {
	CN           string
	Names        []X509Name `json:"names" yaml:"names"`
	Hosts        []string   `json:"hosts" yaml:"hosts"`
	KeyRequest   KeyRequest `json:"key,omitempty" yaml:"key,omitempty"`
	CA           *CAConfig  `json:"ca,omitempty" yaml:"ca,omitempty"`
	SerialNumber string     `json:"serialnumber,omitempty" yaml:"serialnumber,omitempty"`
}

A CertificateRequest encapsulates the API interface to the certificate request functionality.

func (*CertificateRequest) Name

func (cr *CertificateRequest) Name() pkix.Name

Name returns the PKIX name for the request.

type KeyPurpose

type KeyPurpose int

KeyPurpose declares the purpose for keys

const (
	// Undefined purpose of key
	Undefined KeyPurpose = 0
	// Signing specifies the purpose of key to be used in signing/verification operations
	Signing KeyPurpose = 1
	// Encryption specifies the purpose of key to be used in encryption/decryption operations
	Encryption KeyPurpose = 2
)

type KeyRequest

type KeyRequest interface {
	Algo() string
	Label() string
	Size() int
	Generate() (crypto.PrivateKey, error)
	SigAlgo() x509.SignatureAlgorithm
	Purpose() int
}

KeyRequest contains the algorithm and key size for a new private key.

func NewKeyRequest

func NewKeyRequest(prov cryptoprov.Provider, label, algo string, keySize int, purpose KeyPurpose) KeyRequest

NewKeyRequest returns KeyRequest from given parameters

type Provider

type Provider struct {
	// contains filtered or unexported fields
}

Provider extends cryptoprov.Crypto functionality to support CSP procesing and certificate signing

func New

func New(provider cryptoprov.Provider) *Provider

New returns an instance of CSR provider

func (*Provider) NewKeyRequest

func (c *Provider) NewKeyRequest(label, algo string, keySize int, purpose KeyPurpose) KeyRequest

NewKeyRequest returns KeyRequest from given parameters

func (*Provider) NewRoot

func (c *Provider) NewRoot(req *CertificateRequest) (cert, csrPEM, key []byte, err error)

NewRoot creates a new root certificate from the certificate request.

func (*Provider) NewSigningCertificateRequest

func (c *Provider) NewSigningCertificateRequest(
	keyLabel, algo string, keySize int,
	CN string,
	names []X509Name,
	hosts []string,
) *CertificateRequest

NewSigningCertificateRequest creates new request for signing certificate

func (*Provider) ParseCsrRequest

func (c *Provider) ParseCsrRequest(req *CertificateRequest) (csr []byte, priv crypto.PrivateKey, keyID string, err error)

ParseCsrRequest takes a certificate request and generates a key and CSR from it. It does no validation -- caveat emptor. It will, however, fail if the key request is not valid (i.e., an unsupported curve or RSA key size). The lack of validation was specifically chosen to allow the end user to define a policy and validate the request appropriately before calling this function.

func (*Provider) ProcessCsrRequest

func (c *Provider) ProcessCsrRequest(req *CertificateRequest) (csrPEM, key []byte, keyID string, pub crypto.PublicKey, err error)

ProcessCsrRequest takes a certificate request and generates a key and CSR from it.

type X509Name

type X509Name struct {
	C            string // Country
	ST           string // State
	L            string // Locality
	O            string // OrganisationName
	OU           string // OrganisationalUnitName
	SerialNumber string
}

X509Name contains the SubjectInfo fields.

func (*X509Name) ConvertToCFSSL

func (c *X509Name) ConvertToCFSSL() *csr.Name

ConvertToCFSSL converts to CFSSL type

func (*X509Name) CopyToCFSSL

func (c *X509Name) CopyToCFSSL(d *csr.Name)

CopyToCFSSL copies to CFSSL type

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL