-
Notifications
You must be signed in to change notification settings - Fork 0
/
gmca.go
89 lines (80 loc) · 2.37 KB
/
gmca.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
package lib
import (
"crypto"
"crypto/x509/pkix"
"encoding/asn1"
"fmt"
"github.com/aiguo186/fabric-sdk-go-gm/cfssl/csr"
"github.com/aiguo186/fabric-sdk-go-gm/cfssl/log"
"github.com/aiguo186/fabric-sdk-go-gm/internal/github.com/aiguo186/fabric/bccsp"
"github.com/aiguo186/fabric-sdk-go-gm/internal/github.com/aiguo186/fabric/bccsp/gm"
"github.com/aiguo186/fabric-sdk-go-gm/internal/github.com/tjfoc/gmsm/sm2"
"net"
"net/mail"
)
// cloudflare 证书请求 转成 国密证书请求
func generate(priv crypto.Signer, req *csr.CertificateRequest, key bccsp.Key) (csr []byte, err error) {
log.Info("xx entry generate")
sigAlgo := signerAlgo(priv)
if sigAlgo == sm2.UnknownSignatureAlgorithm {
return nil, fmt.Errorf("Private key is unavailable")
}
log.Info("xx begin create sm2.CertificateRequest")
var tpl = sm2.CertificateRequest{
Subject: req.Name(),
SignatureAlgorithm: sigAlgo,
}
for i := range req.Hosts {
if ip := net.ParseIP(req.Hosts[i]); ip != nil {
tpl.IPAddresses = append(tpl.IPAddresses, ip)
} else if email, err := mail.ParseAddress(req.Hosts[i]); err == nil && email != nil {
tpl.EmailAddresses = append(tpl.EmailAddresses, email.Address)
} else {
tpl.DNSNames = append(tpl.DNSNames, req.Hosts[i])
}
}
if req.CA != nil {
err = appendCAInfoToCSRSm2(req.CA, &tpl)
if err != nil {
err = fmt.Errorf("sm2 GenerationFailed")
return
}
}
if req.SerialNumber != "" {
}
csr, err = gm.CreateSm2CertificateRequestToMem(&tpl, key)
log.Info("xx exit generate")
return
}
func signerAlgo(priv crypto.Signer) sm2.SignatureAlgorithm {
switch pub := priv.Public().(type) {
case *sm2.PublicKey:
switch pub.Curve {
case sm2.P256Sm2():
return sm2.SM2WithSM3
default:
return sm2.SM2WithSM3
}
default:
return sm2.UnknownSignatureAlgorithm
}
}
// appendCAInfoToCSRSm2 appends CAConfig BasicConstraint extension to a CSR
func appendCAInfoToCSRSm2(reqConf *csr.CAConfig, csreq *sm2.CertificateRequest) error {
pathlen := reqConf.PathLength
if pathlen == 0 && !reqConf.PathLenZero {
pathlen = -1
}
val, err := asn1.Marshal(csr.BasicConstraints{true, pathlen})
if err != nil {
return err
}
csreq.ExtraExtensions = []pkix.Extension{
{
Id: asn1.ObjectIdentifier{2, 5, 29, 19},
Value: val,
Critical: true,
},
}
return nil
}