Documentation ¶
Overview ¶
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func LoadCertificateECDSA ¶
func LoadCertificateECDSA(certPath string) (*x509.Certificate, error)
LoadCertificateECDSA load a ecdsa cert from a file in cert path
func LoadCertificateGMSM2 ¶
func LoadCertificateGMSM2(certPath string) (*sm2.Certificate, error)
LoadCertificateGMSM2 load a ecdsa cert from a file in cert path
Types ¶
type CA ¶
type CA struct { Name string Country string Province string Locality string OrganizationalUnit string StreetAddress string PostalCode string Signer crypto.Signer SignCert *x509.Certificate SignSm2Cert *sm2.Certificate //sm2证书 Sm2Key *sm2.PrivateKey //sm2私钥 }
func NewCA ¶
func NewCA( baseDir, org, name, country, province, locality, orgUnit, streetAddress, postalCode string, ) (*CA, error)
NewCA creates an instance of CA and saves the signing key pair in baseDir/name func NewCA(
baseDir, org, name, country, province, locality, orgUnit, streetAddress, postalCode string,
) (*CA, error) {
var ca *CA err := os.MkdirAll(baseDir, 0755) if err != nil { return nil, err } priv, err := csp.GeneratePrivateKey(baseDir) if err != nil { return nil, err } template := x509Template() //this is a CA template.IsCA = true template.KeyUsage |= x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment | x509.KeyUsageCertSign | x509.KeyUsageCRLSign template.ExtKeyUsage = []x509.ExtKeyUsage{ x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth, } //set the organization for the subject subject := subjectTemplateAdditional(country, province, locality, orgUnit, streetAddress, postalCode) subject.Organization = []string{org} subject.CommonName = name template.Subject = subject template.SubjectKeyId = computeSKI(priv) x509Cert, err := genCertificateECDSA( baseDir, name, &template, &template, &priv.PublicKey, priv, ) if err != nil { return nil, err } ca = &CA{ Name: name, Signer: &csp.ECDSASigner{ PrivateKey: priv, }, SignCert: x509Cert, Country: country, Province: province, Locality: locality, OrganizationalUnit: orgUnit, StreetAddress: streetAddress, PostalCode: postalCode, } return ca, err }
func (*CA) SignCertificate ¶
func (ca *CA) SignCertificate( baseDir, name string, orgUnits, alternateNames []string, pub *sm2.PublicKey, ku x509.KeyUsage, eku []x509.ExtKeyUsage, ) (*sm2.Certificate, error)
SignCertificate creates a signed certificate based on a built-in template and saves it in baseDir/name
Click to show internal directories.
Click to hide internal directories.