@@ -12,9 +12,11 @@ import (
12 12
"encoding/asn1"
13 13
"encoding/pem"
14 14
"errors"
15 +
"fmt"
15 16
"net"
16 17
"net/mail"
17 18
"net/url"
19 +
"strconv"
18 20
"strings"
19 21 20 22
cferr "github.com/cloudflare/cfssl/errors"
@@ -30,12 +32,13 @@ const (
30 32 31 33
// A Name contains the SubjectInfo fields.
32 34
type Name struct {
33 -
C string `json:"C,omitempty" yaml:"C,omitempty"` // Country
34 -
ST string `json:"ST,omitempty" yaml:"ST,omitempty"` // State
35 -
L string `json:"L,omitempty" yaml:"L,omitempty"` // Locality
36 -
O string `json:"O,omitempty" yaml:"O,omitempty"` // OrganisationName
37 -
OU string `json:"OU,omitempty" yaml:"OU,omitempty"` // OrganisationalUnitName
38 -
SerialNumber string `json:"SerialNumber,omitempty" yaml:"SerialNumber,omitempty"`
35 +
C string `json:"C,omitempty" yaml:"C,omitempty"` // Country
36 +
ST string `json:"ST,omitempty" yaml:"ST,omitempty"` // State
37 +
L string `json:"L,omitempty" yaml:"L,omitempty"` // Locality
38 +
O string `json:"O,omitempty" yaml:"O,omitempty"` // OrganisationName
39 +
OU string `json:"OU,omitempty" yaml:"OU,omitempty"` // OrganisationalUnitName
40 +
SerialNumber string `json:"SerialNumber,omitempty" yaml:"SerialNumber,omitempty"`
41 +
OID map[string]string `json:"OID,omitempty", yaml:"OID,omitempty"`
39 42
}
40 43 41 44
// A KeyRequest contains the algorithm and key size for a new private key.
@@ -157,8 +160,24 @@ func appendIf(s string, a *[]string) {
157 160
}
158 161
}
159 162 163 +
func OIDFromString(s string) (asn1.ObjectIdentifier, error) {
164 +
var oid []int
165 +
parts := strings.Split(s, ".")
166 +
if len(parts) < 1 {
167 +
return oid, fmt.Errorf("invalid OID string: %s", s)
168 +
}
169 +
for _, p := range parts {
170 +
i, err := strconv.Atoi(p)
171 +
if err != nil {
172 +
return nil, fmt.Errorf("invalid OID part %s", p)
173 +
}
174 +
oid = append(oid, i)
175 +
}
176 +
return oid, nil
177 +
}
178 + 160 179
// Name returns the PKIX name for the request.
161 -
func (cr *CertificateRequest) Name() pkix.Name {
180 +
func (cr *CertificateRequest) Name() (pkix.Name, error) {
162 181
var name pkix.Name
163 182
name.CommonName = cr.CN
164 183
@@ -168,9 +187,16 @@ func (cr *CertificateRequest) Name() pkix.Name {
168 187
appendIf(n.L, &name.Locality)
169 188
appendIf(n.O, &name.Organization)
170 189
appendIf(n.OU, &name.OrganizationalUnit)
190 +
for k, v := range n.OID {
191 +
oid, err := OIDFromString(k)
192 +
if err != nil {
193 +
return name, err
194 +
}
195 +
name.ExtraNames = append(name.ExtraNames, pkix.AttributeTypeAndValue{Type: oid, Value: v})
196 +
}
171 197
}
172 198
name.SerialNumber = cr.SerialNumber
173 -
return name
199 +
return name, nil
174 200
}
175 201 176 202
// BasicConstraints CSR information RFC 5280, 4.2.1.9
@@ -234,6 +260,7 @@ func ParseRequest(req *CertificateRequest) (csr, key []byte, err error) {
234 260
// from an existing certificate. For a root certificate, the CA expiry
235 261
// length is calculated as the duration between cert.NotAfter and cert.NotBefore.
236 262
func ExtractCertificateRequest(cert *x509.Certificate) *CertificateRequest {
263 +
fmt.Printf("ExctractCertificateRequest %+v\n", *cert)
237 264
req := New()
238 265
req.CN = cert.Subject.CommonName
239 266
req.Names = getNames(cert.Subject)
@@ -367,8 +394,13 @@ func Generate(priv crypto.Signer, req *CertificateRequest) (csr []byte, err erro
367 394
return nil, cferr.New(cferr.PrivateKeyError, cferr.Unavailable)
368 395
}
369 396 397 +
subj, err := req.Name()
398 +
if err != nil {
399 +
return nil, err
400 +
}
401 + 370 402
var tpl = x509.CertificateRequest{
371 -
Subject: req.Name(),
403 +
Subject: subj,
372 404
SignatureAlgorithm: sigAlgo,
373 405
}
374 406 RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4