|
|
@ -20,6 +20,11 @@ import (
|
|
|
|
"github.com/ThalesIgnite/crypto11"
|
|
|
|
"github.com/ThalesIgnite/crypto11"
|
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
var (
|
|
|
|
|
|
|
|
// 1.3.6.1.4.1.18506.2.3.1 Class3 Policy Version 1
|
|
|
|
|
|
|
|
oidCAcertClass3PolicyV1 = []int{1, 3, 6, 1, 4, 1, 18506, 2, 3, 1}
|
|
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
func GetRootCACertificate(p11Context *crypto11.Context, settings *config.Settings, caCert *config.CaCertificateEntry) (*x509.Certificate, crypto.Signer, error) {
|
|
|
|
func GetRootCACertificate(p11Context *crypto11.Context, settings *config.Settings, caCert *config.CaCertificateEntry) (*x509.Certificate, crypto.Signer, error) {
|
|
|
|
keyPair, err := getKeyPair(p11Context, caCert.Label, caCert.KeyInfo)
|
|
|
|
keyPair, err := getKeyPair(p11Context, caCert.Label, caCert.KeyInfo)
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
@ -112,7 +117,7 @@ func GetIntermediaryCACertificate(
|
|
|
|
CRLDistributionPoints: []string{settings.BuildCRLUrl(caCert.Parent)},
|
|
|
|
CRLDistributionPoints: []string{settings.BuildCRLUrl(caCert.Parent)},
|
|
|
|
PolicyIdentifiers: []asn1.ObjectIdentifier{
|
|
|
|
PolicyIdentifiers: []asn1.ObjectIdentifier{
|
|
|
|
// use policy identifiers from http://wiki.cacert.org/OidAllocation
|
|
|
|
// use policy identifiers from http://wiki.cacert.org/OidAllocation
|
|
|
|
{1, 3, 6, 1, 4, 1, 18506, 2, 3, 1}, // 1.3.6.1.4.1.18506.2.3.1 Class3 Policy Version 1
|
|
|
|
oidCAcertClass3PolicyV1,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
)
|
|
|
|
)
|
|
|
|