cacert-gosigner/x509/signing/signing.go

package signing

import (
	"crypto/x509"
	"crypto/x509/pkix"
	"fmt"
	"time"
)

type X509Signing struct {
	signer Signer
	repo   Repository
}

func NewX509Signing(signer Signer, repo Repository) *X509Signing {
	return &X509Signing{signer: signer, repo: repo}
}

type CertificatePolicyId int

type RequestSignature struct {
	rawCSRData         []byte
	subjectCommonName  string
	emails             []string
	dnsNames           []string
	duration           time.Duration
	signatureAlgorithm x509.SignatureAlgorithm
}

func NewRequestSignature(
	csrBytes []byte,
	cn string,
	emails, dnsNames []string,
	duration time.Duration,
	signatureAlgorithm x509.SignatureAlgorithm,
) *RequestSignature {
	return &RequestSignature{
		rawCSRData:         csrBytes,
		subjectCommonName:  cn,
		emails:             emails,
		dnsNames:           dnsNames,
		duration:           duration,
		signatureAlgorithm: signatureAlgorithm,
	}
}

type CertificateSigned struct {
	certificate *x509.Certificate
}

func (c CertificateSigned) Certificate() *x509.Certificate {
	return c.certificate
}

func (x *X509Signing) Sign(signingRequest *RequestSignature) (*CertificateSigned, error) {
	// validate request content
	csr, err := x509.ParseCertificateRequest(signingRequest.rawCSRData)
	if err != nil {
		return nil, fmt.Errorf("could not parse CSR data: %w", err)
	}

	certificateFromSigner, err := x.signer.SignCertificate(
		NewSignerRequest(
			csr,
			pkix.Name{CommonName: signingRequest.subjectCommonName},
			signingRequest.emails,
			signingRequest.dnsNames,
			signingRequest.duration,
			signingRequest.signatureAlgorithm,
		),
	)
	if err != nil {
		return nil, err
	}

	result := NewCertificateSigned(certificateFromSigner)
	err = x.repo.StoreCertificate(result)
	if err != nil {
		return nil, err
	}

	return result, nil
}

func NewCertificateSigned(signed SignerResponse) *CertificateSigned {
	return &CertificateSigned{certificate: signed.Certificate()}
}
First DDD based signer implementation parts 2021-08-23 18:53:43 +00:00			`package signing`

Implement signing test and domain logic 2021-08-24 20:02:14 +00:00			`import (`
			`"crypto/x509"`
			`"crypto/x509/pkix"`
			`"fmt"`
			`"time"`
			`)`
First DDD based signer implementation parts 2021-08-23 18:53:43 +00:00
Implement signing test and domain logic 2021-08-24 20:02:14 +00:00			`type X509Signing struct {`
			`signer Signer`
			`repo Repository`
			`}`

			`func NewX509Signing(signer Signer, repo Repository) *X509Signing {`
			`return &X509Signing{signer: signer, repo: repo}`
			`}`

			`type CertificatePolicyId int`

			`type RequestSignature struct {`
			`rawCSRData []byte`
			`subjectCommonName string`
			`emails []string`
			`dnsNames []string`
			`duration time.Duration`
			`signatureAlgorithm x509.SignatureAlgorithm`
			`}`

			`func NewRequestSignature(`
			`csrBytes []byte,`
			`cn string,`
			`emails, dnsNames []string,`
			`duration time.Duration,`
			`signatureAlgorithm x509.SignatureAlgorithm,`
			`) *RequestSignature {`
			`return &RequestSignature{`
			`rawCSRData: csrBytes,`
			`subjectCommonName: cn,`
			`emails: emails,`
			`dnsNames: dnsNames,`
			`duration: duration,`
			`signatureAlgorithm: signatureAlgorithm,`
			`}`
			`}`
First DDD based signer implementation parts 2021-08-23 18:53:43 +00:00
Implement signing test and domain logic 2021-08-24 20:02:14 +00:00			`type CertificateSigned struct {`
			`certificate *x509.Certificate`
			`}`

			`func (c CertificateSigned) Certificate() *x509.Certificate {`
			`return c.certificate`
			`}`

			`func (x X509Signing) Sign(signingRequest RequestSignature) (*CertificateSigned, error) {`
			`// validate request content`
			`csr, err := x509.ParseCertificateRequest(signingRequest.rawCSRData)`
			`if err != nil {`
			`return nil, fmt.Errorf("could not parse CSR data: %w", err)`
			`}`

			`certificateFromSigner, err := x.signer.SignCertificate(`
			`NewSignerRequest(`
			`csr,`
			`pkix.Name{CommonName: signingRequest.subjectCommonName},`
			`signingRequest.emails,`
			`signingRequest.dnsNames,`
			`signingRequest.duration,`
			`signingRequest.signatureAlgorithm,`
			`),`
			`)`
			`if err != nil {`
			`return nil, err`
			`}`

			`result := NewCertificateSigned(certificateFromSigner)`
			`err = x.repo.StoreCertificate(result)`
			`if err != nil {`
			`return nil, err`
			`}`

			`return result, nil`
			`}`
First DDD based signer implementation parts 2021-08-23 18:53:43 +00:00
Implement signing test and domain logic 2021-08-24 20:02:14 +00:00			`func NewCertificateSigned(signed SignerResponse) *CertificateSigned {`
			`return &CertificateSigned{certificate: signed.Certificate()}`
First DDD based signer implementation parts 2021-08-23 18:53:43 +00:00			`}`