diff options
| -rw-r--r-- | certificate.go | 36 |
1 files changed, 33 insertions, 3 deletions
diff --git a/certificate.go b/certificate.go index 452c3ee..b597834 100644 --- a/certificate.go +++ b/certificate.go @@ -23,6 +23,10 @@ type ( CertificateRequest x509.CertificateRequest ) +func NewCertificateData() *CertificateData { + return &CertificateData{Subject: pkix.Name{}} +} + // Create a certificate sign request from the input data and the private key of // the request creator. func (c *CertificateData) ToCertificateRequest(private_key PrivateKey) (*CertificateRequest, error) { @@ -40,16 +44,42 @@ func (c *CertificateData) ToCertificateRequest(private_key PrivateKey) (*Certifi // Load a certificate sign request from its asn1 representation. func LoadCertificateSignRequest(raw []byte) (*CertificateRequest, error) { - csr, err = x509.ParseCertificateRequest(csr_asn1) + csr, err := x509.ParseCertificateRequest(raw) if err != nil { return nil, err } return (*CertificateRequest)(csr), nil } // Return the certificate sign request as a pem block. func (c *CertificateRequest) MarshalPem() (marshalledPemBlock, error) { - block := pem.Block{Type: PemLabelCertificateRequest, Bytes: c.Raw} + block := &pem.Block{Type: PemLabelCertificateRequest, Bytes: c.Raw} return pem.EncodeToMemory(block), nil } -func (c *CertificateRequest) ToCertificate() { +// Convert the certificate sign request to a certificate using the private key +// of the signer and the certificate of the signer. +// If the certificate is null, the sign request will be used to sign itself. +// For more information, please read http://golang.org/pkg/crypto/x509/#CreateCertificate +func (c *CertificateRequest) ToCertificate(private_key PrivateKey, ca *Certificate) (*Certificate, error) { + template := &x509.Certificate{} + template.Subject = c.Subject + template.DNSNames = c.DNSNames + template.IPAddresses = c.IPAddresses + template.EmailAddresses = c.EmailAddresses + + var cert_asn1 []byte + var err error + if ca == nil { + cert_asn1, err = x509.CreateCertificate(rand.Reader, template, template, c.PublicKey, private_key) + } else { + cert_asn1, err = x509.CreateCertificate(rand.Reader, template, (*x509.Certificate)(ca), c.PublicKey, private_key) + } + if err != nil { return nil, err } + return LoadCertificate(cert_asn1) +} + +// Load a certificate from its asn1 representation. +func LoadCertificate(raw []byte) (*Certificate, error) { + cert, err := x509.ParseCertificate(raw) + if err != nil { return nil, err } + return (*Certificate)(cert), nil } |