-
Notifications
You must be signed in to change notification settings - Fork 413
/
extension.go
62 lines (55 loc) · 1.89 KB
/
extension.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
package apiv1
import (
"crypto/x509"
"crypto/x509/pkix"
"encoding/asn1"
"github.com/pkg/errors"
)
var (
oidStepRoot = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 37476, 9000, 64}
oidStepCertificateAuthority = append(asn1.ObjectIdentifier(nil), append(oidStepRoot, 2)...)
)
// CertificateAuthorityExtension type is used to encode the certificate
// authority extension.
type CertificateAuthorityExtension struct {
Type string
CertificateID string `asn1:"optional,omitempty"`
KeyValuePairs []string `asn1:"optional,omitempty"`
}
// CreateCertificateAuthorityExtension returns a X.509 extension that shows the
// CAS type, id and a list of optional key value pairs.
func CreateCertificateAuthorityExtension(typ Type, certificateID string, keyValuePairs ...string) (pkix.Extension, error) {
b, err := asn1.Marshal(CertificateAuthorityExtension{
Type: typ.String(),
CertificateID: certificateID,
KeyValuePairs: keyValuePairs,
})
if err != nil {
return pkix.Extension{}, errors.Wrapf(err, "error marshaling certificate id extension")
}
return pkix.Extension{
Id: oidStepCertificateAuthority,
Critical: false,
Value: b,
}, nil
}
// FindCertificateAuthorityExtension returns the certificate authority extension
// from a signed certificate.
func FindCertificateAuthorityExtension(cert *x509.Certificate) (pkix.Extension, bool) {
for _, ext := range cert.Extensions {
if ext.Id.Equal(oidStepCertificateAuthority) {
return ext, true
}
}
return pkix.Extension{}, false
}
// RemoveCertificateAuthorityExtension removes the certificate authority
// extension from a certificate template.
func RemoveCertificateAuthorityExtension(cert *x509.Certificate) {
for i, ext := range cert.ExtraExtensions {
if ext.Id.Equal(oidStepCertificateAuthority) {
cert.ExtraExtensions = append(cert.ExtraExtensions[:i], cert.ExtraExtensions[i+1:]...)
return
}
}
}