Documentation ¶
Overview ¶
Package csr implements certificate requests for CFSSL.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var DefaultKeyRequest = KeyRequest{
Algo: "ecdsa",
Size: curveP256,
}
The DefaultKeyRequest is used when no key request data is provided in the request. This should be a safe default.
Functions ¶
func IsNameEmpty ¶
IsNameEmpty returns true if the name has no identifying information in it.
func ParseRequest ¶
func ParseRequest(req *CertificateRequest) (csr, key []byte, err error)
ParseRequest takes a certificate request and generates a key and CSR from it. It does no validation -- caveat emptor. It will, however, fail if the key request is not valid (i.e., an unsupported curve or RSA key size). The lack of validation was specifically chosen to allow the end user to define a policy and validate the request appropriately before calling this function.
Types ¶
type CertificateRequest ¶
type CertificateRequest struct { CN string Names []Name `json:"names"` Hosts []string `json:"hosts"` KeyRequest *KeyRequest `json:"key,omitempty"` CA *CAConfig `json:"ca,omitempty"` }
A CertificateRequest encapsulates the API interface to the certificate request functionality.
func (*CertificateRequest) Name ¶
func (cr *CertificateRequest) Name() pkix.Name
Name returns the PKIX name for the request.
type Generator ¶
type Generator struct {
Validator func(*CertificateRequest) error
}
A Generator is responsible for validating certificate requests.
func (*Generator) ProcessRequest ¶
func (g *Generator) ProcessRequest(req *CertificateRequest) (csr, key []byte, err error)
ProcessRequest validates and processes the incoming request. It is a wrapper around a validator and the ParseRequest function.
type KeyRequest ¶
A KeyRequest contains the algorithm and key size for a new private key.
func (*KeyRequest) Generate ¶
func (kr *KeyRequest) Generate() (interface{}, error)
Generate generates a key as specified in the request. Currently, only ECDSA and RSA are supported.
func (*KeyRequest) SigAlgo ¶
func (kr *KeyRequest) SigAlgo() x509.SignatureAlgorithm
SigAlgo returns an appropriate X.509 signature algorithm given the key request's type and size.