Add support for dynamic set of sub CAs

This commit is contained in:
Jan Dittberner 2020-12-16 07:21:48 +01:00
parent b16ca196f1
commit 6e3e84c70d
2 changed files with 9 additions and 5 deletions

View file

@ -122,8 +122,8 @@ func (registry *SigningRequestRegistry) sign(request *SigningRequestAttributes)
time.Sleep(5 * time.Second) time.Sleep(5 * time.Second)
opensslCommand := exec.Command( opensslCommand := exec.Command(
"openssl", "ca", "-config", "ca.cnf", "openssl", "ca", "-config", "ca.cnf", "-name", "email_ca",
"-policy", "policy_match", "-extensions", "client_ext", "-policy", "policy_match", "-extensions", "email_ext",
"-batch", "-subj", subjectDN, "-utf8", "-rand_serial", "-in", csrFile.Name()) "-batch", "-subj", subjectDN, "-utf8", "-rand_serial", "-in", csrFile.Name())
var out, cmdErr bytes.Buffer var out, cmdErr bytes.Buffer
opensslCommand.Stdout = &out opensslCommand.Stdout = &out

10
main.go
View file

@ -11,6 +11,7 @@ import (
"net/http" "net/http"
"os" "os"
"os/signal" "os/signal"
"path/filepath"
"strings" "strings"
"syscall" "syscall"
"time" "time"
@ -47,7 +48,6 @@ func main() {
CipherSuites: []uint16{ CipherSuites: []uint16{
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
}, },
NextProtos: []string{"h2"}, NextProtos: []string{"h2"},
PreferServerCipherSuites: true, PreferServerCipherSuites: true,
@ -124,8 +124,12 @@ func generateRandomBytes(count int) []byte {
func loadCACertificates() (caCertificates []*x509.Certificate) { func loadCACertificates() (caCertificates []*x509.Certificate) {
var err error var err error
caCertificates = make([]*x509.Certificate, 2) caFiles, err := filepath.Glob("example_ca/*/ca.crt.pem")
for index, certFile := range []string{"example_ca/sub/ca.crt.pem", "example_ca/root/ca.crt.pem"} { if err != nil {
log.Panic(err)
}
caCertificates = make([]*x509.Certificate, len(caFiles))
for index, certFile := range caFiles {
var certBytes []byte var certBytes []byte
if certBytes, err = ioutil.ReadFile(certFile); err != nil { if certBytes, err = ioutil.ReadFile(certFile); err != nil {
log.Panic(err) log.Panic(err)