Documentation ¶
Overview ¶
Package csr implements certificate requests for CFSSL.
Index ¶
- func Generate(priv crypto.Signer, req *CertificateRequest) (csr []byte, err error)
- func GenerateDER(priv crypto.Signer, req *CertificateRequest) (csr []byte, err error)
- func IsNameEmpty(n Name) bool
- func OIDFromString(s string) (asn1.ObjectIdentifier, error)
- func ParseRequest(req *CertificateRequest) (csr, key []byte, err error)
- func Regenerate(priv crypto.Signer, csr []byte) ([]byte, error)
- type BasicConstraints
- type CAConfig
- type CertificateRequest
- type Generator
- type KeyRequest
- type Name
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Generate ¶
func Generate(priv crypto.Signer, req *CertificateRequest) (csr []byte, err error)
Generate creates a new CSR(PEM encoded) from a CertificateRequest structure and an existing key. The KeyRequest field is ignored.
func GenerateDER ¶
func GenerateDER(priv crypto.Signer, req *CertificateRequest) (csr []byte, err error)
GenerateDER creates a new CSR(ASN1 DER encoded) from a CertificateRequest structure and an existing key. The KeyRequest field is ignored.
func IsNameEmpty ¶
IsNameEmpty returns true if the name has no identifying information in it.
func OIDFromString ¶
func OIDFromString(s string) (asn1.ObjectIdentifier, error)
OIDFromString creates an ASN1 ObjectIdentifier from its string representation
func ParseRequest ¶
func ParseRequest(req *CertificateRequest) (csr, key []byte, err error)
ParseRequest takes a certificate request and generates a key and CSR from it. It does no validation -- caveat emptor. It will, however, fail if the key request is not valid (i.e., an unsupported curve or RSA key size). The lack of validation was specifically chosen to allow the end user to define a policy and validate the request appropriately before calling this function.
Types ¶
type BasicConstraints ¶
type BasicConstraints struct { IsCA bool `asn1:"optional"` MaxPathLen int `asn1:"optional,default:-1"` }
BasicConstraints CSR information RFC 5280, 4.2.1.9
type CAConfig ¶
type CAConfig struct { PathLength int `json:"pathlen" yaml:"pathlen"` PathLenZero bool `json:"pathlenzero" yaml:"pathlenzero"` Expiry string `json:"expiry" yaml:"expiry"` Backdate string `json:"backdate" yaml:"backdate"` }
CAConfig is a section used in the requests initialising a new CA.
type CertificateRequest ¶
type CertificateRequest struct { CN string `json:"CN" yaml:"CN"` Names []Name `json:"names" yaml:"names"` Hosts []string `json:"hosts" yaml:"hosts"` KeyRequest *KeyRequest `json:"key,omitempty" yaml:"key,omitempty"` CA *CAConfig `json:"ca,omitempty" yaml:"ca,omitempty"` SerialNumber string `json:"serialnumber,omitempty" yaml:"serialnumber,omitempty"` DelegationEnabled bool `json:"delegation_enabled,omitempty" yaml:"delegation_enabled,omitempty"` Extensions []pkix.Extension `json:"extensions,omitempty" yaml:"extensions,omitempty"` CRL string `json:"crl_url,omitempty" yaml:"crl_url,omitempty"` }
A CertificateRequest encapsulates the API interface to the certificate request functionality.
func ExtractCertificateRequest ¶
func ExtractCertificateRequest(cert *x509.Certificate) *CertificateRequest
ExtractCertificateRequest extracts a CertificateRequest from x509.Certificate. It is aimed to used for generating a new certificate from an existing certificate. For a root certificate, the CA expiry length is calculated as the duration between cert.NotAfter and cert.NotBefore.
func New ¶
func New() *CertificateRequest
New returns a new, empty CertificateRequest with a KeyRequest.
type Generator ¶
type Generator struct {
Validator func(*CertificateRequest) error
}
A Generator is responsible for validating certificate requests.
func (*Generator) ProcessRequest ¶
func (g *Generator) ProcessRequest(req *CertificateRequest) (csr, key []byte, err error)
ProcessRequest validates and processes the incoming request. It is a wrapper around a validator and the ParseRequest function.
type KeyRequest ¶
A KeyRequest contains the algorithm and key size for a new private key.
func (*KeyRequest) Algo ¶
func (kr *KeyRequest) Algo() string
Algo returns the requested key algorithm represented as a string.
func (*KeyRequest) Generate ¶
func (kr *KeyRequest) Generate() (crypto.PrivateKey, error)
Generate generates a key as specified in the request. Currently, only ECDSA, RSA and ed25519 algorithms are supported.
func (*KeyRequest) SigAlgo ¶
func (kr *KeyRequest) SigAlgo() x509.SignatureAlgorithm
SigAlgo returns an appropriate X.509 signature algorithm given the key request's type and size.
type Name ¶
type Name struct { C string `json:"C,omitempty" yaml:"C,omitempty"` // Country ST string `json:"ST,omitempty" yaml:"ST,omitempty"` // State L string `json:"L,omitempty" yaml:"L,omitempty"` // Locality O string `json:"O,omitempty" yaml:"O,omitempty"` // OrganisationName OU string `json:"OU,omitempty" yaml:"OU,omitempty"` // OrganisationalUnitName E string `json:"E,omitempty" yaml:"E,omitempty"` SerialNumber string `json:"SerialNumber,omitempty" yaml:"SerialNumber,omitempty"` OID map[string]string `json:"OID,omitempty", yaml:"OID,omitempty"` }
A Name contains the SubjectInfo fields.