signer

package
v0.0.0-...-62e6a5e Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 27, 2015 License: MPL-2.0 Imports: 18 Imported by: 0

Documentation

Overview

Package signer implements certificate signature functionality for CF-SSL.

Index

Constants

This section is empty.

Variables

View Source
var MaxPathLen = 2

MaxPathLen is the default path length for a new CA certificate.

Functions

func CheckSignature

func CheckSignature(csr *x509.CertificateRequest, algo x509.SignatureAlgorithm, signed, signature []byte) error

CheckSignature verifies a signature made by the key on a CSR, such as on the CSR itself.

func ComputeSKI

func ComputeSKI(template *x509.Certificate) ([]byte, error)

ComputeSKI derives an SKI from the certificate's public key in a standard manner. This is done by computing the SHA-1 digest of the SubjectPublicKeyInfo component of the certificate.

func DefaultSigAlgo

func DefaultSigAlgo(priv crypto.Signer) x509.SignatureAlgorithm

DefaultSigAlgo returns an appropriate X.509 signature algorithm given the CA's private key.

func FillTemplate

func FillTemplate(template *x509.Certificate, defaultProfile, profile *config.SigningProfile, serialSeq string) error

FillTemplate is a utility function that tries to load as much of the certificate template as possible from the profiles and current template. It fills in the key uses, expiration, revocation URLs, serial number, and SKI.

func ParseCertificateRequest

func ParseCertificateRequest(s Signer, csrBytes []byte) (template *x509.Certificate, err error)

ParseCertificateRequest takes an incoming certificate request and builds a certificate template from it.

func SplitHosts

func SplitHosts(hostList string) []string

SplitHosts takes a comma-spearated list of hosts and returns a slice with the hosts split

Types

type SignRequest

type SignRequest struct {
	Hosts     []string `json:"hosts"`
	Request   string   `json:"certificate_request"`
	Subject   *Subject `json:"subject,omitempty"`
	Profile   string   `json:"profile"`
	Label     string   `json:"label"`
	SerialSeq string   `json:"serial_sequence,omitempty"`
}

SignRequest stores a signature request, which contains the hostname, the CSR, optional subject information, and the signature profile.

type Signer

type Signer interface {
	Certificate(label, profile string) (*x509.Certificate, error)
	Policy() *config.Signing
	SetPolicy(*config.Signing)
	SigAlgo() x509.SignatureAlgorithm
	Sign(req SignRequest) (cert []byte, err error)
}

A Signer contains a CA's certificate and private key for signing certificates, a Signing policy to refer to and a SignatureAlgorithm.

type Subject

type Subject struct {
	CN        string
	Names     []csr.Name `json:"names"`
	Whitelist *Whitelist `json:"whitelist,omitempty"`
}

Subject contains the information that should be used to override the subject information when signing a certificate.

func (*Subject) Name

func (s *Subject) Name() pkix.Name

Name returns the PKIX name for the subject.

type Whitelist

type Whitelist struct {
	CN, C, ST, L, O, OU bool
}

A Whitelist marks which fields should be set. As a bool's default value is false, a whitelist should only keep those fields marked true.

Directories

Path Synopsis
Package local implements certificate signature functionality for CF-SSL.
Package local implements certificate signature functionality for CF-SSL.
Package pkcs11 implements support for PKCS #11 signers.
Package pkcs11 implements support for PKCS #11 signers.
Package universal implements a signer that can do remote or local
Package universal implements a signer that can do remote or local

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL