Documentation ¶
Overview ¶
Package signer implements certificate signature functionality for CF-SSL.
Index ¶
- Variables
- func CheckSignature(csr *x509.CertificateRequest, algo x509.SignatureAlgorithm, ...) error
- func ComputeSKI(template *x509.Certificate) ([]byte, error)
- func DefaultSigAlgo(priv crypto.Signer) x509.SignatureAlgorithm
- func FillTemplate(template *x509.Certificate, defaultProfile, profile *config.SigningProfile, ...) error
- func ParseCertificateRequest(s Signer, csrBytes []byte) (template *x509.Certificate, err error)
- func SplitHosts(hostList string) []string
- type SignRequest
- type Signer
- type Subject
- type Whitelist
Constants ¶
This section is empty.
Variables ¶
var MaxPathLen = 2
MaxPathLen is the default path length for a new CA certificate.
Functions ¶
func CheckSignature ¶
func CheckSignature(csr *x509.CertificateRequest, algo x509.SignatureAlgorithm, signed, signature []byte) error
CheckSignature verifies a signature made by the key on a CSR, such as on the CSR itself.
func ComputeSKI ¶
func ComputeSKI(template *x509.Certificate) ([]byte, error)
ComputeSKI derives an SKI from the certificate's public key in a standard manner. This is done by computing the SHA-1 digest of the SubjectPublicKeyInfo component of the certificate.
func DefaultSigAlgo ¶
func DefaultSigAlgo(priv crypto.Signer) x509.SignatureAlgorithm
DefaultSigAlgo returns an appropriate X.509 signature algorithm given the CA's private key.
func FillTemplate ¶
func FillTemplate(template *x509.Certificate, defaultProfile, profile *config.SigningProfile, serialSeq string) error
FillTemplate is a utility function that tries to load as much of the certificate template as possible from the profiles and current template. It fills in the key uses, expiration, revocation URLs, serial number, and SKI.
func ParseCertificateRequest ¶
func ParseCertificateRequest(s Signer, csrBytes []byte) (template *x509.Certificate, err error)
ParseCertificateRequest takes an incoming certificate request and builds a certificate template from it.
func SplitHosts ¶
SplitHosts takes a comma-spearated list of hosts and returns a slice with the hosts split
Types ¶
type SignRequest ¶
type SignRequest struct { Hosts []string `json:"hosts"` Request string `json:"certificate_request"` Subject *Subject `json:"subject,omitempty"` Profile string `json:"profile"` Label string `json:"label"` SerialSeq string `json:"serial_sequence,omitempty"` }
SignRequest stores a signature request, which contains the hostname, the CSR, optional subject information, and the signature profile.
type Signer ¶
type Signer interface { Certificate(label, profile string) (*x509.Certificate, error) Policy() *config.Signing SetPolicy(*config.Signing) SigAlgo() x509.SignatureAlgorithm Sign(req SignRequest) (cert []byte, err error) }
A Signer contains a CA's certificate and private key for signing certificates, a Signing policy to refer to and a SignatureAlgorithm.
Directories ¶
Path | Synopsis |
---|---|
Package local implements certificate signature functionality for CF-SSL.
|
Package local implements certificate signature functionality for CF-SSL. |
Package pkcs11 implements support for PKCS #11 signers.
|
Package pkcs11 implements support for PKCS #11 signers. |
Package universal implements a signer that can do remote or local
|
Package universal implements a signer that can do remote or local |