Documentation ¶
Overview ¶
Package csr implements certificate requests for CFSSL.
Index ¶
- func Generate(priv crypto.Signer, req *CertificateRequest) (csr []byte, err error)
- func IsNameEmpty(n Name) bool
- func ParseRequest(req *CertificateRequest) (csr, key []byte, err error)
- func Regenerate(priv crypto.Signer, csr []byte) ([]byte, error)
- type BasicConstraints
- type BasicKeyRequest
- type CAConfig
- type CertificateRequest
- type Generator
- type KeyRequest
- type Name
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Generate ¶
func Generate(priv crypto.Signer, req *CertificateRequest) (csr []byte, err error)
Generate creates a new CSR from a CertificateRequest structure and an existing key. The KeyRequest field is ignored.
func IsNameEmpty ¶
IsNameEmpty returns true if the name has no identifying information in it.
func ParseRequest ¶
func ParseRequest(req *CertificateRequest) (csr, key []byte, err error)
ParseRequest takes a certificate request and generates a key and CSR from it. It does no validation -- caveat emptor. It will, however, fail if the key request is not valid (i.e., an unsupported curve or RSA key size). The lack of validation was specifically chosen to allow the end user to define a policy and validate the request appropriately before calling this function.
Types ¶
type BasicConstraints ¶
type BasicConstraints struct { IsCA bool `asn1:"optional"` MaxPathLen int `asn1:"optional,default:-1"` }
BasicConstraints CSR information RFC 5280, 4.2.1.9
type BasicKeyRequest ¶
A BasicKeyRequest contains the algorithm and key size for a new private key.
func NewBasicKeyRequest ¶
func NewBasicKeyRequest() *BasicKeyRequest
NewBasicKeyRequest returns a default BasicKeyRequest.
func (*BasicKeyRequest) Algo ¶
func (kr *BasicKeyRequest) Algo() string
Algo returns the requested key algorithm represented as a string.
func (*BasicKeyRequest) Generate ¶
func (kr *BasicKeyRequest) Generate() (crypto.PrivateKey, error)
Generate generates a key as specified in the request. Currently, only ECDSA and RSA are supported.
func (*BasicKeyRequest) SigAlgo ¶
func (kr *BasicKeyRequest) SigAlgo() x509.SignatureAlgorithm
SigAlgo returns an appropriate X.509 signature algorithm given the key request's type and size.
func (*BasicKeyRequest) Size ¶
func (kr *BasicKeyRequest) Size() int
Size returns the requested key size.
type CAConfig ¶
type CAConfig struct { PathLength int `json:"pathlen"` PathLenZero bool `json:"pathlenzero"` Expiry string `json:"expiry"` }
CAConfig is a section used in the requests initialising a new CA.
type CertificateRequest ¶
type CertificateRequest struct { CN string Names []Name `json:"names"` Hosts []string `json:"hosts"` KeyRequest KeyRequest `json:"key,omitempty"` CA *CAConfig `json:"ca,omitempty"` SerialNumber string `json:"serialnumber,omitempty"` }
A CertificateRequest encapsulates the API interface to the certificate request functionality.
func ExtractCertificateRequest ¶
func ExtractCertificateRequest(cert *x509.Certificate) *CertificateRequest
ExtractCertificateRequest extracts a CertificateRequest from x509.Certificate. It is aimed to used for generating a new certificate from an existing certificate. For a root certificate, the CA expiry length is calculated as the duration between cert.NotAfter and cert.NotBefore.
func New ¶
func New() *CertificateRequest
New returns a new, empty CertificateRequest with a BasicKeyRequest.
func (*CertificateRequest) Name ¶
func (cr *CertificateRequest) Name() pkix.Name
Name returns the PKIX name for the request.
type Generator ¶
type Generator struct {
Validator func(*CertificateRequest) error
}
A Generator is responsible for validating certificate requests.
func (*Generator) ProcessRequest ¶
func (g *Generator) ProcessRequest(req *CertificateRequest) (csr, key []byte, err error)
ProcessRequest validates and processes the incoming request. It is a wrapper around a validator and the ParseRequest function.
type KeyRequest ¶
type KeyRequest interface { Algo() string Size() int Generate() (crypto.PrivateKey, error) SigAlgo() x509.SignatureAlgorithm }
A KeyRequest is a generic request for a new key.