csr

package
v0.0.0-...-5fd94f2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 29, 2015 License: BSD-2-Clause Imports: 12 Imported by: 0

Documentation

Overview

Package csr implements certificate requests for CFSSL.

Index

Constants

This section is empty.

Variables

View Source
var DefaultKeyRequest = KeyRequest{
	Algo: "ecdsa",
	Size: curveP256,
}

The DefaultKeyRequest is used when no key request data is provided in the request. This should be a safe default.

Functions

func IsNameEmpty

func IsNameEmpty(n Name) bool

IsNameEmpty returns true if the name has no identifying information in it.

func ParseRequest

func ParseRequest(req *CertificateRequest) (csr, key []byte, err error)

ParseRequest takes a certificate request and generates a key and CSR from it. It does no validation -- caveat emptor. It will, however, fail if the key request is not valid (i.e., an unsupported curve or RSA key size). The lack of validation was specifically chosen to allow the end user to define a policy and validate the request appropriately before calling this function.

Types

type CAConfig

type CAConfig struct {
	PathLength int    `json:"pathlen"`
	Expiry     string `json:"expiry"`
}

CAConfig is a section used in the requests initialising a new CA.

type CertificateRequest

type CertificateRequest struct {
	CN         string
	Names      []Name      `json:"names"`
	Hosts      []string    `json:"hosts"`
	KeyRequest *KeyRequest `json:"key,omitempty"`
	CA         *CAConfig   `json:"ca,omitempty"`
}

A CertificateRequest encapsulates the API interface to the certificate request functionality.

func (*CertificateRequest) Name

func (cr *CertificateRequest) Name() pkix.Name

Name returns the PKIX name for the request.

type Generator

type Generator struct {
	Validator func(*CertificateRequest) error
}

A Generator is responsible for validating certificate requests.

func (*Generator) ProcessRequest

func (g *Generator) ProcessRequest(req *CertificateRequest) (csr, key []byte, err error)

ProcessRequest validates and processes the incoming request. It is a wrapper around a validator and the ParseRequest function.

type KeyRequest

type KeyRequest struct {
	Algo string `json:"algo"`
	Size int    `json:"size"`
}

A KeyRequest contains the algorithm and key size for a new private key.

func (*KeyRequest) Generate

func (kr *KeyRequest) Generate() (interface{}, error)

Generate generates a key as specified in the request. Currently, only ECDSA and RSA are supported.

func (*KeyRequest) SigAlgo

func (kr *KeyRequest) SigAlgo() x509.SignatureAlgorithm

SigAlgo returns an appropriate X.509 signature algorithm given the key request's type and size.

type Name

type Name struct {
	C  string // Country
	ST string // State
	L  string // Locality
	O  string // OrganisationName
	OU string // OrganisationalUnitName
}

A Name contains the SubjectInfo fields.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL