forked from TrueCloudLab/certificates
Fix creation of certificate without templates.
This commit is contained in:
parent
3c84453cf4
commit
a7e2ebb7d2
3 changed files with 36 additions and 4 deletions
|
@ -48,9 +48,10 @@ func NewCertificate(cr *x509.CertificateRequest, opts ...Option) (*Certificate,
|
|||
return nil, err
|
||||
}
|
||||
|
||||
// If no template use only the certificate request.
|
||||
// If no template use only the certificate request with the default leaf key
|
||||
// usages.
|
||||
if o.CertBuffer == nil {
|
||||
return newCertificateRequest(cr).GetCertificate(), nil
|
||||
return newCertificateRequest(cr).GetLeafCertificate(), nil
|
||||
}
|
||||
|
||||
// With templates
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
package x509util
|
||||
|
||||
import "crypto/x509"
|
||||
import (
|
||||
"crypto/rsa"
|
||||
"crypto/x509"
|
||||
)
|
||||
|
||||
type CertificateRequest struct {
|
||||
Version int `json:"version"`
|
||||
|
@ -17,6 +20,10 @@ type CertificateRequest struct {
|
|||
}
|
||||
|
||||
func newCertificateRequest(cr *x509.CertificateRequest) *CertificateRequest {
|
||||
extensions := make([]Extension, len(cr.Extensions))
|
||||
for i, e := range cr.Extensions {
|
||||
extensions[i] = newExtension(e)
|
||||
}
|
||||
return &CertificateRequest{
|
||||
Version: cr.Version,
|
||||
Subject: newSubject(cr.Subject),
|
||||
|
@ -24,7 +31,7 @@ func newCertificateRequest(cr *x509.CertificateRequest) *CertificateRequest {
|
|||
EmailAddresses: cr.EmailAddresses,
|
||||
IPAddresses: cr.IPAddresses,
|
||||
URIs: cr.URIs,
|
||||
Extensions: nil,
|
||||
Extensions: extensions,
|
||||
PublicKey: cr.PublicKey,
|
||||
PublicKeyAlgorithm: cr.PublicKeyAlgorithm,
|
||||
Signature: cr.Signature,
|
||||
|
@ -44,3 +51,18 @@ func (c *CertificateRequest) GetCertificate() *Certificate {
|
|||
PublicKeyAlgorithm: c.PublicKeyAlgorithm,
|
||||
}
|
||||
}
|
||||
|
||||
func (c *CertificateRequest) GetLeafCertificate() *Certificate {
|
||||
keyUsage := x509.KeyUsageDigitalSignature
|
||||
if _, ok := c.PublicKey.(*rsa.PublicKey); ok {
|
||||
keyUsage |= x509.KeyUsageKeyEncipherment
|
||||
}
|
||||
|
||||
cert := c.GetCertificate()
|
||||
cert.KeyUsage = KeyUsage(keyUsage)
|
||||
cert.ExtKeyUsage = ExtKeyUsage([]x509.ExtKeyUsage{
|
||||
x509.ExtKeyUsageServerAuth,
|
||||
x509.ExtKeyUsageClientAuth,
|
||||
}
|
||||
return cert
|
||||
}
|
||||
|
|
|
@ -54,6 +54,15 @@ type Extension struct {
|
|||
Value []byte `json:"value"`
|
||||
}
|
||||
|
||||
// newExtensions creates an Extension from a standard pkix.Extension.
|
||||
func newExtension(e pkix.Extension) Extension {
|
||||
return Extension{
|
||||
ID: ObjectIdentifier(e.Id),
|
||||
Critical: e.Critical,
|
||||
Value: e.Value,
|
||||
}
|
||||
}
|
||||
|
||||
// Set adds the extension to the given X509 certificate.
|
||||
func (e Extension) Set(c *x509.Certificate) {
|
||||
c.ExtraExtensions = append(c.ExtraExtensions, pkix.Extension{
|
||||
|
|
Loading…
Reference in a new issue