add certificate functionality

2015-03-15 21:38:04 +01:00 · 2015-03-15 21:38:04 +01:00 · d4d2d4c09b
parent e0ec6b1bef
commit d4d2d4c09b
1 changed files with 33 additions and 3 deletions
--- a/certificate.go
+++ b/certificate.go
@ -23,6 +23,10 @@ type (
  CertificateRequest x509.CertificateRequest
 )

+func NewCertificateData() *CertificateData {
+  return &CertificateData{Subject: pkix.Name{}}
+}
+
 // Create a certificate sign request from the input data and the private key of
 // the request creator.
 func (c *CertificateData) ToCertificateRequest(private_key PrivateKey) (*CertificateRequest, error) {
@ -40,16 +44,42 @@ func (c *CertificateData) ToCertificateRequest(private_key PrivateKey) (*Certifi

 // Load a certificate sign request from its asn1 representation.
 func LoadCertificateSignRequest(raw []byte) (*CertificateRequest, error) {
-  csr, err = x509.ParseCertificateRequest(csr_asn1)
+  csr, err := x509.ParseCertificateRequest(raw)
  if err != nil { return nil, err }
  return (*CertificateRequest)(csr), nil
 }

 // Return the certificate sign request as a pem block.
 func (c *CertificateRequest) MarshalPem() (marshalledPemBlock, error) {
-  block := pem.Block{Type: PemLabelCertificateRequest, Bytes: c.Raw}
+  block := &pem.Block{Type: PemLabelCertificateRequest, Bytes: c.Raw}
  return pem.EncodeToMemory(block), nil
 }

-func (c *CertificateRequest) ToCertificate() {
+// Convert the certificate sign request to a certificate using the private key
+// of the signer and the certificate of the signer.
+// If the certificate is null, the sign request will be used to sign itself.
+// For more information, please read http://golang.org/pkg/crypto/x509/#CreateCertificate
+func (c *CertificateRequest) ToCertificate(private_key PrivateKey, ca *Certificate) (*Certificate, error) {
+  template := &x509.Certificate{}
+  template.Subject        = c.Subject
+  template.DNSNames       = c.DNSNames
+  template.IPAddresses    = c.IPAddresses
+  template.EmailAddresses = c.EmailAddresses
+
+  var cert_asn1 []byte
+  var err  error
+  if ca == nil {
+    cert_asn1, err = x509.CreateCertificate(rand.Reader, template, template, c.PublicKey, private_key)
+  } else {
+    cert_asn1, err = x509.CreateCertificate(rand.Reader, template, (*x509.Certificate)(ca), c.PublicKey, private_key)
+  }
+  if err != nil { return nil, err }
+  return LoadCertificate(cert_asn1)
+}
+
+// Load a certificate from its asn1 representation.
+func LoadCertificate(raw []byte) (*Certificate, error) {
+  cert, err := x509.ParseCertificate(raw)
+  if err != nil { return nil, err }
+  return (*Certificate)(cert), nil
 }