-
Notifications
You must be signed in to change notification settings - Fork 163
/
certtemplate.go
94 lines (87 loc) · 3.42 KB
/
certtemplate.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
package crypto
import (
"crypto/x509"
"encoding/asn1"
"encoding/json"
"net"
"net/url"
"github.com/scylladb/scylla-operator/pkg/helpers"
)
type pkixName struct {
Country, Organization, OrganizationalUnit []string
Locality, Province []string
StreetAddress, PostalCode []string
CommonName string
}
// DesiredCertTemplate holds desired fields from a certificate that are not dependent on time.
type DesiredCertTemplate struct {
Subject pkixName
KeyUsage x509.KeyUsage
ExtKeyUsage []x509.ExtKeyUsage
BasicConstraintsValid bool
IsCA bool
MaxPathLen int
MaxPathLenZero bool
// RFC 5280, 4.2.2.1 (Authority Information Access)
OCSPServer []string
IssuingCertificateURL []string
// Subject Alternate Name values.
DNSNames []string
EmailAddresses []string
IPAddresses []net.IP
URIs []*url.URL
// Name constraints
PermittedDNSDomainsCritical bool // if true then the name constraints are marked critical.
PermittedDNSDomains []string
ExcludedDNSDomains []string
PermittedIPRanges []*net.IPNet
ExcludedIPRanges []*net.IPNet
PermittedEmailAddresses []string
ExcludedEmailAddresses []string
PermittedURIDomains []string
ExcludedURIDomains []string
// CRL Distribution Points
CRLDistributionPoints []string
PolicyIdentifiers []asn1.ObjectIdentifier
}
func (t *DesiredCertTemplate) ToJson() ([]byte, error) {
return json.Marshal(t)
}
func (t *DesiredCertTemplate) StringOrDie() string {
return string(helpers.Must(t.ToJson()))
}
func ExtractDesiredFieldsFromTemplate(template *x509.Certificate) *DesiredCertTemplate {
return &DesiredCertTemplate{
Subject: pkixName{
Country: template.Subject.Country,
Organization: template.Subject.Organization,
OrganizationalUnit: template.Subject.OrganizationalUnit,
Locality: template.Subject.Locality,
Province: template.Subject.Province,
StreetAddress: template.Subject.StreetAddress,
PostalCode: template.Subject.PostalCode,
CommonName: template.Subject.CommonName,
},
KeyUsage: template.KeyUsage,
ExtKeyUsage: template.ExtKeyUsage,
BasicConstraintsValid: template.BasicConstraintsValid,
IsCA: template.IsCA,
OCSPServer: template.OCSPServer,
IssuingCertificateURL: template.IssuingCertificateURL,
DNSNames: template.DNSNames,
EmailAddresses: template.EmailAddresses,
IPAddresses: helpers.NormalizeIPs(template.IPAddresses),
URIs: template.URIs,
PermittedDNSDomainsCritical: template.PermittedDNSDomainsCritical,
PermittedDNSDomains: template.PermittedDNSDomains,
ExcludedDNSDomains: template.ExcludedDNSDomains,
PermittedIPRanges: template.PermittedIPRanges,
ExcludedIPRanges: template.ExcludedIPRanges,
PermittedEmailAddresses: template.PermittedEmailAddresses,
ExcludedEmailAddresses: template.ExcludedEmailAddresses,
PermittedURIDomains: template.PermittedURIDomains,
ExcludedURIDomains: template.ExcludedURIDomains,
CRLDistributionPoints: template.CRLDistributionPoints,
PolicyIdentifiers: template.PolicyIdentifiers,
}
}