certificates/x509util/certificate_request.go
2020-07-21 14:18:05 -07:00

68 lines
2.1 KiB
Go

package x509util
import (
"crypto/rsa"
"crypto/x509"
)
type CertificateRequest struct {
Version int `json:"version"`
Subject Subject `json:"subject"`
DNSNames MultiString `json:"dnsNames"`
EmailAddresses MultiString `json:"emailAddresses"`
IPAddresses MultiIP `json:"ipAddresses"`
URIs MultiURL `json:"uris"`
Extensions []Extension `json:"extensions"`
PublicKey interface{} `json:"-"`
PublicKeyAlgorithm x509.PublicKeyAlgorithm `json:"-"`
Signature []byte `json:"-"`
SignatureAlgorithm x509.SignatureAlgorithm `json:"-"`
}
func newCertificateRequest(cr *x509.CertificateRequest) *CertificateRequest {
extensions := make([]Extension, len(cr.Extensions))
for i, e := range cr.Extensions {
extensions[i] = newExtension(e)
}
return &CertificateRequest{
Version: cr.Version,
Subject: newSubject(cr.Subject),
DNSNames: cr.DNSNames,
EmailAddresses: cr.EmailAddresses,
IPAddresses: cr.IPAddresses,
URIs: cr.URIs,
Extensions: extensions,
PublicKey: cr.PublicKey,
PublicKeyAlgorithm: cr.PublicKeyAlgorithm,
Signature: cr.Signature,
SignatureAlgorithm: cr.SignatureAlgorithm,
}
}
func (c *CertificateRequest) GetCertificate() *Certificate {
return &Certificate{
Subject: c.Subject,
DNSNames: c.DNSNames,
EmailAddresses: c.EmailAddresses,
IPAddresses: c.IPAddresses,
URIs: c.URIs,
Extensions: c.Extensions,
PublicKey: c.PublicKey,
PublicKeyAlgorithm: c.PublicKeyAlgorithm,
}
}
func (c *CertificateRequest) GetLeafCertificate() *Certificate {
keyUsage := x509.KeyUsageDigitalSignature
if _, ok := c.PublicKey.(*rsa.PublicKey); ok {
keyUsage |= x509.KeyUsageKeyEncipherment
}
cert := c.GetCertificate()
cert.KeyUsage = KeyUsage(keyUsage)
cert.ExtKeyUsage = ExtKeyUsage([]x509.ExtKeyUsage{
x509.ExtKeyUsageServerAuth,
x509.ExtKeyUsageClientAuth,
}
return cert
}