本文整理汇总了Golang中crypto/x509.CreateCertificateRequest函数的典型用法代码示例。如果您正苦于以下问题:Golang CreateCertificateRequest函数的具体用法?Golang CreateCertificateRequest怎么用?Golang CreateCertificateRequest使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了CreateCertificateRequest函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: newCSR
func newCSR(key crypto.PrivateKey) ([]byte, error) {
subject := pkix.Name{Country: []string{country}, Province: []string{stateProvince}, Locality: []string{locality},
Organization: []string{org}, OrganizationalUnit: []string{orgUnit}, CommonName: flag.Args()[0]}
template := x509.CertificateRequest{Subject: subject, DNSNames: flag.Args()}
return x509.CreateCertificateRequest(rand.Reader, &template, key)
}
示例2: TestCertificateKeyNotEqualAccountKey
func TestCertificateKeyNotEqualAccountKey(t *testing.T) {
_, _, sa, ra, cleanUp := initAuthorities(t)
defer cleanUp()
authz := core.Authorization{}
authz, _ = sa.NewPendingAuthorization(authz)
authz.Identifier = core.AcmeIdentifier{
Type: core.IdentifierDNS,
Value: "www.example.com",
}
csr := x509.CertificateRequest{
SignatureAlgorithm: x509.SHA256WithRSA,
PublicKey: AccountKeyA.Key,
DNSNames: []string{"www.example.com"},
}
csrBytes, err := x509.CreateCertificateRequest(rand.Reader, &csr, AccountPrivateKey.Key)
test.AssertNotError(t, err, "Failed to sign CSR")
parsedCSR, err := x509.ParseCertificateRequest(csrBytes)
test.AssertNotError(t, err, "Failed to parse CSR")
sa.UpdatePendingAuthorization(authz)
sa.FinalizeAuthorization(authz)
certRequest := core.CertificateRequest{
CSR: parsedCSR,
}
// Registration id 1 has key == AccountKeyA
_, err = ra.NewCertificate(certRequest, 1)
test.AssertError(t, err, "Should have rejected cert with key = account key")
test.AssertEquals(t, err.Error(), "Certificate public key must be different than account key")
t.Log("DONE TestCertificateKeyNotEqualAccountKey")
}
示例3: MakeCSR
// MakeCSR generates a PEM-encoded CSR using the supplied private key, subject, and SANs.
// All key types that are implemented via crypto.Signer are supported (This includes *rsa.PrivateKey and *ecdsa.PrivateKey.)
func MakeCSR(privateKey interface{}, subject *pkix.Name, dnsSANs []string, ipSANs []net.IP) (csr []byte, err error) {
// Customize the signature for RSA keys, depending on the key size
var sigType x509.SignatureAlgorithm
if privateKey, ok := privateKey.(*rsa.PrivateKey); ok {
keySize := privateKey.N.BitLen()
switch {
case keySize >= 4096:
sigType = x509.SHA512WithRSA
case keySize >= 3072:
sigType = x509.SHA384WithRSA
default:
sigType = x509.SHA256WithRSA
}
}
template := &x509.CertificateRequest{
Subject: *subject,
SignatureAlgorithm: sigType,
DNSNames: dnsSANs,
IPAddresses: ipSANs,
}
csr, err = x509.CreateCertificateRequest(cryptorand.Reader, template, privateKey)
if err != nil {
return nil, err
}
csrPemBlock := &pem.Block{
Type: "CERTIFICATE REQUEST",
Bytes: csr,
}
return pem.EncodeToMemory(csrPemBlock), nil
}
示例4: createCSR
func (r *reconcile) createCSR(t *storage.Target) ([]byte, error) {
csr := &x509.CertificateRequest{
DNSNames: t.Request.Names,
}
if t.Request.OCSPMustStaple {
csr.Extensions = append(csr.Extensions, pkix.Extension{
Id: oidTLSFeature,
Value: mustStapleFeatureValue,
})
}
pk, err := r.generateOrGetKey(&t.Request.Key)
if err != nil {
log.Errore(err, "could not generate key while generating CSR for %v", t)
return nil, err
}
_, err = r.store.ImportKey(pk)
if err != nil {
log.Errore(err, "could not import freshly generated key while generating CSR for %v", t)
return nil, err
}
csr.SignatureAlgorithm, err = signatureAlgorithmFromKey(pk)
if err != nil {
return nil, err
}
return x509.CreateCertificateRequest(rand.Reader, csr, pk)
}
示例5: newCSR
func newCSR(domain string, bits int) (*x509.CertificateRequest, *rsa.PrivateKey, error) {
l := log.WithField("domain", domain)
l.Infof("Generating %d-bit RSA key", bits)
certKey, err := rsa.GenerateKey(rand.Reader, bits)
if err != nil {
return nil, nil, err
}
template := &x509.CertificateRequest{
SignatureAlgorithm: x509.SHA256WithRSA,
PublicKeyAlgorithm: x509.RSA,
PublicKey: &certKey.PublicKey,
Subject: pkix.Name{CommonName: domain},
DNSNames: []string{domain},
}
l.Debugln("Generating CSR")
csrDER, err := x509.CreateCertificateRequest(rand.Reader, template, certKey)
if err != nil {
return nil, nil, err
}
csr, err := x509.ParseCertificateRequest(csrDER)
if err != nil {
return nil, nil, err
}
return csr, certKey, nil
}
示例6: main
func main() {
block, _ := pem.Decode([]byte(rsaPrivateKey))
rsaPriv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
log.Fatalf("Failed to parse private key: %s", err)
}
req := &x509.CertificateRequest{
Subject: pkix.Name{
CommonName: "CapiTalizedLetters.com",
},
DNSNames: []string{
"moreCAPs.com",
"morecaps.com",
"evenMOREcaps.com",
"Capitalizedletters.COM",
},
}
csr, err := x509.CreateCertificateRequest(rand.Reader, req, rsaPriv)
if err != nil {
log.Fatalf("unable to create CSR: %s", err)
}
_, err = os.Stdout.Write(csr)
if err != nil {
log.Fatalf("unable to write to stdout: %s", err)
}
}
示例7: CreateCertificateRequest
// CreateCertificateRequest generates a new certificate request
func CreateCertificateRequest(logger log.Logger, key *rsa.PrivateKey, name, org, country, hostList string) (*x509.CertificateRequest, []byte, error) {
// Create template
logger.Info("Creating Certificate template")
template := &x509.CertificateRequest{
Subject: pkix.Name{
Country: []string{country},
Organization: []string{org},
OrganizationalUnit: []string{name},
},
}
// Associate hosts
logger.Info("Adding Hosts to Certificate")
hosts := strings.Split(hostList, ",")
for _, h := range hosts {
if ip := net.ParseIP(h); ip != nil {
template.IPAddresses = append(template.IPAddresses, ip)
} else {
template.DNSNames = append(template.DNSNames, h)
}
}
// Create cert
logger.Info("Generating Certificate")
cert, err := x509.CreateCertificateRequest(rand.Reader, template, key)
if err != nil {
return nil, nil, err
}
return template, cert, nil
}
示例8: signWithCSR
// signWithCSR creates a new root certificate from signing a X509.CertificateRequest
// by a crypto.Signer.
func signWithCSR(tpl *x509.CertificateRequest, priv crypto.Signer, policy *config.Signing) (cert, csrPEM []byte, err error) {
if policy == nil {
policy = CAPolicy()
}
csrPEM, err = x509.CreateCertificateRequest(rand.Reader, tpl, priv)
if err != nil {
log.Errorf("failed to generate a CSR: %v", err)
// The use of CertificateError was a matter of some
// debate; it is the one edge case in which a new
// error category specifically for CSRs might be
// useful, but it was deemed that one edge case did
// not a new category justify.
err = cferr.Wrap(cferr.CertificateError, cferr.BadRequest, err)
return
}
p := &pem.Block{
Type: "CERTIFICATE REQUEST",
Bytes: csrPEM,
}
csrPEM = pem.EncodeToMemory(p)
s, err := local.NewSigner(priv, nil, signer.DefaultSigAlgo(priv), nil)
if err != nil {
log.Errorf("failed to create signer: %v", err)
return
}
s.SetPolicy(policy)
signReq := signer.SignRequest{Request: string(csrPEM)}
cert, err = s.Sign(signReq)
return
}
示例9: certRequest
// certRequest creates a certificate request for the given common name cn
// and optional SANs.
func certRequest(key crypto.Signer, cn string, san ...string) ([]byte, error) {
req := &x509.CertificateRequest{
Subject: pkix.Name{CommonName: cn},
DNSNames: san,
}
return x509.CreateCertificateRequest(rand.Reader, req, key)
}
示例10: ToCsr
func (this *Csr) ToCsr() {
data := &x509.CertificateRequest{}
data.Subject.Country = []string{
this.Country,
}
data.Subject.Province = []string{
this.State,
}
data.Subject.Locality = []string{
this.Locality,
}
if len(this.OrganizationalName) > 0 {
data.Subject.Organization = []string{
this.OrganizationalName,
}
}
if len(this.OrganizationalUnit) > 0 {
data.Subject.OrganizationalUnit = []string{
this.OrganizationalUnit,
}
}
data.Subject.CommonName = this.CommonName
if this.CsrAlgorithm == "sha256" {
data.SignatureAlgorithm = x509.SHA256WithRSA
} else {
data.SignatureAlgorithm = x509.SHA1WithRSA
}
data.Signature = this.priv
this.csr, _ = x509.CreateCertificateRequest(rand.Reader, data, this.privRsa)
this.CsrString = CSR_PREFIX + "\n" + this.keyTo(this.csr) + "\n" + CSR_SUFFIX
}
示例11: CreateCertificateSigningRequest
// CreateCertificateSigningRequest sets up a request to create a csr file with the given parameters
func CreateCertificateSigningRequest(key *Key, organizationalUnit string, ipList []net.IP, domainList []string, organization string, country string, province string, locality string, commonName string) (*CertificateSigningRequest, error) {
csrPkixName.CommonName = commonName
if len(organizationalUnit) > 0 {
csrPkixName.OrganizationalUnit = []string{organizationalUnit}
}
if len(organization) > 0 {
csrPkixName.Organization = []string{organization}
}
if len(country) > 0 {
csrPkixName.Country = []string{country}
}
if len(province) > 0 {
csrPkixName.Province = []string{province}
}
if len(locality) > 0 {
csrPkixName.Locality = []string{locality}
}
csrTemplate := &x509.CertificateRequest{
Subject: csrPkixName,
IPAddresses: ipList,
DNSNames: domainList,
}
csrBytes, err := x509.CreateCertificateRequest(rand.Reader, csrTemplate, key.Private)
if err != nil {
return nil, err
}
return NewCertificateSigningRequestFromDER(csrBytes), nil
}
示例12: Generate
// Generate creates a new CSR from a CertificateRequest structure and
// an existing key. The KeyRequest field is ignored.
func Generate(priv crypto.Signer, req *CertificateRequest) (csr []byte, err error) {
sigAlgo := helpers.SignerAlgo(priv, crypto.SHA256)
if sigAlgo == x509.UnknownSignatureAlgorithm {
return nil, cferr.New(cferr.PrivateKeyError, cferr.Unavailable)
}
var tpl = x509.CertificateRequest{
Subject: req.Name(),
SignatureAlgorithm: sigAlgo,
}
for i := range req.Hosts {
if ip := net.ParseIP(req.Hosts[i]); ip != nil {
tpl.IPAddresses = append(tpl.IPAddresses, ip)
} else {
tpl.DNSNames = append(tpl.DNSNames, req.Hosts[i])
}
}
csr, err = x509.CreateCertificateRequest(rand.Reader, &tpl, priv)
if err != nil {
log.Errorf("failed to generate a CSR: %v", err)
err = cferr.Wrap(cferr.CSRError, cferr.BadRequest, err)
return
}
block := pem.Block{
Type: "CERTIFICATE REQUEST",
Bytes: csr,
}
log.Info("encoded CSR")
csr = pem.EncodeToMemory(&block)
return
}
示例13: CreateCertificateSigningRequest
func CreateCertificateSigningRequest(key *Key, name string, ip_list string, domain_list string, organization string, country string) (*CertificateSigningRequest, error) {
// Sanity check on the ip values
ips, err := ParseAndValidateIPs(ip_list)
if err != nil {
return nil, err
}
domains := strings.Split(domain_list, ",")
if domain_list == "" {
domains = nil
}
csrPkixName.OrganizationalUnit = []string{name}
if len(domains) != 0 {
csrPkixName.CommonName = domains[0]
} else if len(ips) != 0 {
csrPkixName.CommonName = ips[0].String()
} else {
return nil, errors.New("no valided domain nor ip provided")
}
csrPkixName.Organization = []string{organization}
csrPkixName.Country = []string{country}
csrTemplate := &x509.CertificateRequest{
Subject: csrPkixName,
IPAddresses: ips,
DNSNames: domains,
}
csrBytes, err := x509.CreateCertificateRequest(rand.Reader, csrTemplate, key.Private)
if err != nil {
return nil, err
}
return NewCertificateSigningRequestFromDER(csrBytes), nil
}
示例14: MakeCertSignReq
// Creates a certificate signing request for the specified FQDN. Defaults to SHA256WithRSA.
func MakeCertSignReq(fqdn string) []byte {
// Populate the subject data.
subject := pkix.Name{
Country: []string{"US"},
Organization: []string{"Microfocus International"},
OrganizationalUnit: []string{"Identity and Access Management"},
Locality: []string{"Provo"},
Province: []string{"Utah"},
CommonName: fqdn,
}
// Populate the cert request template.
certificateRequest := &x509.CertificateRequest{
Subject: subject,
SignatureAlgorithm: 4,
DNSNames: []string{fqdn},
EmailAddresses: []string{"[email protected]"},
}
// Create a private key.
privatekey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
fmt.Println(err)
}
// Create signing request and return byte slice if no errors were encountered.
certSignReq, err := x509.CreateCertificateRequest(rand.Reader, certificateRequest, privatekey)
if err != nil {
fmt.Println(err)
}
return certSignReq
}
示例15: issue
func (c *RootCA) issue(commonName string, vaildFor time.Duration, rsaBits int) error {
certFile := c.toFilename(commonName, ".crt")
csrTemplate := &x509.CertificateRequest{
Signature: []byte(commonName),
Subject: pkix.Name{
Country: []string{"CN"},
Organization: []string{commonName},
OrganizationalUnit: []string{c.name},
CommonName: commonName,
},
SignatureAlgorithm: x509.SHA256WithRSA,
}
priv, err := rsa.GenerateKey(rand.Reader, rsaBits)
if err != nil {
return err
}
csrBytes, err := x509.CreateCertificateRequest(rand.Reader, csrTemplate, priv)
if err != nil {
return err
}
csr, err := x509.ParseCertificateRequest(csrBytes)
if err != nil {
return err
}
certTemplate := &x509.Certificate{
Subject: csr.Subject,
PublicKeyAlgorithm: csr.PublicKeyAlgorithm,
PublicKey: csr.PublicKey,
SerialNumber: big.NewInt(time.Now().UnixNano()),
SignatureAlgorithm: x509.SHA256WithRSA,
NotBefore: time.Now().Add(-time.Duration(10 * time.Minute)).UTC(),
NotAfter: time.Now().Add(vaildFor),
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
ExtKeyUsage: []x509.ExtKeyUsage{
x509.ExtKeyUsageServerAuth,
x509.ExtKeyUsageClientAuth,
},
}
certBytes, err := x509.CreateCertificate(rand.Reader, certTemplate, c.ca, csr.PublicKey, c.priv)
if err != nil {
return err
}
outFile, err := os.Create(certFile)
defer outFile.Close()
if err != nil {
return err
}
pem.Encode(outFile, &pem.Block{Type: "CERTIFICATE", Bytes: certBytes})
pem.Encode(outFile, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
return nil
}