-
Notifications
You must be signed in to change notification settings - Fork 1
/
x509_rsa_cert_issuor.go
76 lines (65 loc) · 1.92 KB
/
x509_rsa_cert_issuor.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
package signer
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"math/big"
rd "math/rand"
)
type x509RSACertIssuor struct {
root RSACert
priKey *rsa.PrivateKey
}
func Newx509RSACertIssuor(root RSACert, priKey *rsa.PrivateKey) RSACertIssuor {
return &x509RSACertIssuor{
root: root,
priKey: priKey,
}
}
func (issuor *x509RSACertIssuor) GetRootCert() RSACert {
return issuor.root
}
func (issuor *x509RSACertIssuor) Issue(subject *X509Subject) (RSACert, error) {
cer := issuor.buildCertificate(subject)
ca, err := x509.CreateCertificate(rand.Reader, cer, issuor.GetRootCert().GetCertificate(), &issuor.priKey.PublicKey, issuor.GetRootCert().GetPrivateKey())
if err != nil {
return nil, err
}
caPem := &pem.Block{
Type: "CERTIFICATE",
Bytes: ca,
}
ca = pem.EncodeToMemory(caPem)
buf := x509.MarshalPKCS1PrivateKey(issuor.priKey)
keyPem := &pem.Block{
Type: "PRIVATE KEY",
Bytes: buf,
}
key := pem.EncodeToMemory(keyPem)
cert, err := Parsex509RSACert(ca, key)
if err != nil {
return nil, err
}
return cert, nil
}
func (issuor *x509RSACertIssuor) buildCertificate(subject *X509Subject) *x509.Certificate {
return &x509.Certificate{
SerialNumber: big.NewInt(rd.Int63()), //证书序列号
Subject: pkix.Name{
Country: subject.Country,
Organization: subject.Orianization,
OrganizationalUnit: subject.OrianizationalUnit,
Province: subject.Province,
CommonName: subject.CommonName,
Locality: subject.Locality,
},
NotBefore: subject.NotBefore, //证书有效期开始时间
NotAfter: subject.NotAfter, //证书有效期结束时间
BasicConstraintsValid: true, //基本的有效性约束
IsCA: subject.IsRoot, //是否是根证书
ExtKeyUsage: subject.ExtKeyUsage, //证书用途(客户端认证,数据加密)
KeyUsage: subject.KeyUsage,
}
}