mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Fix creation of certificate without templates.

Browse source
This commit is contained in:
Mariano Cano 2020-07-09 15:17:59 -07:00
parent 3c84453cf4
commit a7e2ebb7d2
3 changed files with 36 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
x509util/certificate.go
View file

@ -48,9 +48,10 @@ func NewCertificate(cr *x509.CertificateRequest, opts ...Option) (*Certificate,
return nil, err return nil, err
} }
// If no template use only the certificate request. // If no template use only the certificate request with the default leaf key
// usages.
if o.CertBuffer == nil { if o.CertBuffer == nil {
return newCertificateRequest(cr).GetCertificate(), nil return newCertificateRequest(cr).GetLeafCertificate(), nil
} }
// With templates // With templates

26
x509util/certificate_request.go
View file

@ -1,6 +1,9 @@
package x509util package x509util
import "crypto/x509" import (
"crypto/rsa"
"crypto/x509"
)
type CertificateRequest struct { type CertificateRequest struct {
Version int `json:"version"` Version int `json:"version"`
@ -17,6 +20,10 @@ type CertificateRequest struct {
} }
func newCertificateRequest(cr *x509.CertificateRequest) *CertificateRequest { func newCertificateRequest(cr *x509.CertificateRequest) *CertificateRequest {
extensions := make([]Extension, len(cr.Extensions))
for i, e := range cr.Extensions {
extensions[i] = newExtension(e)
}
return &CertificateRequest{ return &CertificateRequest{
Version: cr.Version, Version: cr.Version,
Subject: newSubject(cr.Subject), Subject: newSubject(cr.Subject),
@ -24,7 +31,7 @@ func newCertificateRequest(cr *x509.CertificateRequest) *CertificateRequest {
EmailAddresses: cr.EmailAddresses, EmailAddresses: cr.EmailAddresses,
IPAddresses: cr.IPAddresses, IPAddresses: cr.IPAddresses,
URIs: cr.URIs, URIs: cr.URIs,
Extensions: nil, Extensions: extensions,
PublicKey: cr.PublicKey, PublicKey: cr.PublicKey,
PublicKeyAlgorithm: cr.PublicKeyAlgorithm, PublicKeyAlgorithm: cr.PublicKeyAlgorithm,
Signature: cr.Signature, Signature: cr.Signature,
@ -44,3 +51,18 @@ func (c *CertificateRequest) GetCertificate() *Certificate {
PublicKeyAlgorithm: c.PublicKeyAlgorithm, PublicKeyAlgorithm: c.PublicKeyAlgorithm,
} }
} }
func (c *CertificateRequest) GetLeafCertificate() *Certificate {
keyUsage := x509.KeyUsageDigitalSignature
if _, ok := c.PublicKey.(*rsa.PublicKey); ok {
keyUsage |= x509.KeyUsageKeyEncipherment
}
cert := c.GetCertificate()
cert.KeyUsage = KeyUsage(keyUsage)
cert.ExtKeyUsage = ExtKeyUsage([]x509.ExtKeyUsage{
x509.ExtKeyUsageServerAuth,
x509.ExtKeyUsageClientAuth,
}
return cert
}

9
x509util/extensions.go
View file

@ -54,6 +54,15 @@ type Extension struct {
Value []byte `json:"value"` Value []byte `json:"value"`
} }
// newExtensions creates an Extension from a standard pkix.Extension.
func newExtension(e pkix.Extension) Extension {
return Extension{
ID: ObjectIdentifier(e.Id),
Critical: e.Critical,
Value: e.Value,
}
}
// Set adds the extension to the given X509 certificate. // Set adds the extension to the given X509 certificate.
func (e Extension) Set(c *x509.Certificate) { func (e Extension) Set(c *x509.Certificate) {
c.ExtraExtensions = append(c.ExtraExtensions, pkix.Extension{ c.ExtraExtensions = append(c.ExtraExtensions, pkix.Extension{