cacert-gosigner/pkg/x509/signing/signing.go

83 lines
1.8 KiB
Go
Raw Normal View History

package signing
import (
"crypto/x509"
"crypto/x509/pkix"
"fmt"
"time"
)
type X509Signing struct {
signer Signer
repo Repository
}
func NewX509Signing(signer Signer, repo Repository) *X509Signing {
return &X509Signing{signer: signer, repo: repo}
}
type CertificatePolicyId int
type RequestSignature struct {
rawCSRData []byte
subjectCommonName string
emails []string
dnsNames []string
duration time.Duration
signatureAlgorithm x509.SignatureAlgorithm
}
func NewRequestSignature(
csrBytes []byte,
cn string,
emails, dnsNames []string,
duration time.Duration,
signatureAlgorithm x509.SignatureAlgorithm,
) *RequestSignature {
return &RequestSignature{
rawCSRData: csrBytes,
subjectCommonName: cn,
emails: emails,
dnsNames: dnsNames,
duration: duration,
signatureAlgorithm: signatureAlgorithm,
}
}
type CertificateSigned struct {
certificate *x509.Certificate
}
func (c CertificateSigned) Certificate() *x509.Certificate {
return c.certificate
}
func (x *X509Signing) Sign(signingRequest *RequestSignature) (*CertificateSigned, error) {
// validate request content
csr, err := x509.ParseCertificateRequest(signingRequest.rawCSRData)
if err != nil {
return nil, fmt.Errorf("could not parse CSR data: %w", err)
}
certificateFromSigner, err := x.signer.SignCertificate(
NewSignerRequest(
csr,
pkix.Name{CommonName: signingRequest.subjectCommonName},
signingRequest.emails,
signingRequest.dnsNames,
signingRequest.duration,
signingRequest.signatureAlgorithm,
),
)
if err != nil {
return nil, err
}
err = x.repo.StoreCertificate(certificateFromSigner.Certificate)
if err != nil {
return nil, err
}
return &CertificateSigned{certificate: certificateFromSigner.Certificate}, nil
}