add more flags to certificate options

This adds the IsCA and ca length options to define, if the resulting certificate should be a CA.
2015-03-24 21:19:44 +01:00 · 2015-03-24 21:19:44 +01:00 · a11b67a64e
parent 6b355e272b
commit a11b67a64e
1 changed files with 13 additions and 0 deletions
--- a/certificate.go
+++ b/certificate.go
@ -32,6 +32,10 @@ type (
    SerialNumber        *big.Int
    NotBefore           time.Time
    NotAfter            time.Time // Validity bounds.
+    IsCA                bool
+    // how many sub ca are allowed between this ca and the end/final certificate
+    // if it is -1, then no limit will be set
+    CALength            int
    KeyUsage            x509.KeyUsage
  }
 )
@ -92,6 +96,15 @@ func (c *CertificateRequest) ToCertificate(private_key PrivateKey,
  template.NotBefore    = cert_opts.NotBefore
  template.NotAfter     = cert_opts.NotAfter
  template.KeyUsage     = cert_opts.KeyUsage
+  template.IsCA         = cert_opts.IsCA
+  if cert_opts.IsCA {
+    template.BasicConstraintsValid = true
+  }
+  if cert_opts.CALength >= 0 {
+    template.MaxPathLen   = cert_opts.CALength
+    template.MaxPathLenZero = true
+    template.BasicConstraintsValid = true
+  }
  template.SerialNumber = cert_opts.SerialNumber

  var cert_asn1 []byte