Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(1377)

Delta Between Two Patch Sets: src/crypto/x509/x509.go

Issue 145910043: code review 145910043: x509: implement crypto.Signer (Closed)
Left Patch Set: diff -r 6b163ec2122a172030284060788f535ab3b9d0e3 https://code.google.com/p/go Created 9 years, 6 months ago
Right Patch Set: diff -r f60b128afd41217fa34662a5cbe1eb0b8c546e71 https://code.google.com/p/go Created 9 years, 4 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
Left: Side by side diff | Download
Right: Side by side diff | Download
« no previous file with change/comment | « no previous file | no next file » | no next file with change/comment »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
LEFTRIGHT
1 // Copyright 2009 The Go Authors. All rights reserved. 1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style 2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file. 3 // license that can be found in the LICENSE file.
4 4
5 // Package x509 parses X.509-encoded keys and certificates. 5 // Package x509 parses X.509-encoded keys and certificates.
6 package x509 6 package x509
7 7
8 import ( 8 import (
9 "bytes" 9 "bytes"
10 "crypto" 10 "crypto"
(...skipping 476 matching lines...) Expand 10 before | Expand all | Expand 10 after
487 // otherwise be produced based on the other fields. The ExtraExtensions 487 // otherwise be produced based on the other fields. The ExtraExtensions
488 // field is not populated when parsing certificates, see Extensions. 488 // field is not populated when parsing certificates, see Extensions.
489 ExtraExtensions []pkix.Extension 489 ExtraExtensions []pkix.Extension
490 490
491 ExtKeyUsage []ExtKeyUsage // Sequence of extended key u sages. 491 ExtKeyUsage []ExtKeyUsage // Sequence of extended key u sages.
492 UnknownExtKeyUsage []asn1.ObjectIdentifier // Encountered extended key u sages unknown to this package. 492 UnknownExtKeyUsage []asn1.ObjectIdentifier // Encountered extended key u sages unknown to this package.
493 493
494 BasicConstraintsValid bool // if true then the next two fields are valid . 494 BasicConstraintsValid bool // if true then the next two fields are valid .
495 IsCA bool 495 IsCA bool
496 MaxPathLen int 496 MaxPathLen int
497 // MaxPathLenZero indicates that BasicConstraintsValid==true and
498 // MaxPathLen==0 should be interpreted as an actual maximum path length
499 // of zero. Otherwise, that combination is interpreted as MaxPathLen
500 // not being set.
501 MaxPathLenZero bool
497 502
498 SubjectKeyId []byte 503 SubjectKeyId []byte
499 AuthorityKeyId []byte 504 AuthorityKeyId []byte
500 505
501 // RFC 5280, 4.2.2.1 (Authority Information Access) 506 // RFC 5280, 4.2.2.1 (Authority Information Access)
502 OCSPServer []string 507 OCSPServer []string
503 IssuingCertificateURL []string 508 IssuingCertificateURL []string
504 509
505 // Subject Alternate Name values 510 // Subject Alternate Name values
506 DNSNames []string 511 DNSNames []string
(...skipping 399 matching lines...) Expand 10 before | Expand all | Expand 10 after
906 } 911 }
907 case 19: 912 case 19:
908 // RFC 5280, 4.2.1.9 913 // RFC 5280, 4.2.1.9
909 var constraints basicConstraints 914 var constraints basicConstraints
910 _, err := asn1.Unmarshal(e.Value, &constraints) 915 _, err := asn1.Unmarshal(e.Value, &constraints)
911 916
912 if err == nil { 917 if err == nil {
913 out.BasicConstraintsValid = true 918 out.BasicConstraintsValid = true
914 out.IsCA = constraints.IsCA 919 out.IsCA = constraints.IsCA
915 out.MaxPathLen = constraints.MaxPathLen 920 out.MaxPathLen = constraints.MaxPathLen
921 out.MaxPathLenZero = out.MaxPathLen == 0
916 continue 922 continue
917 } 923 }
918 case 17: 924 case 17:
919 out.DNSNames, out.EmailAddresses, out.IPAddresse s, err = parseSANExtension(e.Value) 925 out.DNSNames, out.EmailAddresses, out.IPAddresse s, err = parseSANExtension(e.Value)
920 if err != nil { 926 if err != nil {
921 return nil, err 927 return nil, err
922 } 928 }
923 929
924 if len(out.DNSNames) > 0 || len(out.EmailAddress es) > 0 || len(out.IPAddresses) > 0 { 930 if len(out.DNSNames) > 0 || len(out.EmailAddress es) > 0 || len(out.IPAddresses) > 0 {
925 continue 931 continue
(...skipping 294 matching lines...) Expand 10 before | Expand all | Expand 10 after
1220 oids = append(oids, template.UnknownExtKeyUsage...) 1226 oids = append(oids, template.UnknownExtKeyUsage...)
1221 1227
1222 ret[n].Value, err = asn1.Marshal(oids) 1228 ret[n].Value, err = asn1.Marshal(oids)
1223 if err != nil { 1229 if err != nil {
1224 return 1230 return
1225 } 1231 }
1226 n++ 1232 n++
1227 } 1233 }
1228 1234
1229 if template.BasicConstraintsValid && !oidInExtensions(oidExtensionBasicC onstraints, template.ExtraExtensions) { 1235 if template.BasicConstraintsValid && !oidInExtensions(oidExtensionBasicC onstraints, template.ExtraExtensions) {
1236 // Leaving MaxPathLen as zero indicates that no maximum path
1237 // length is desired, unless MaxPathLenZero is set. A value of
1238 // -1 causes encoding/asn1 to omit the value as desired.
1239 maxPathLen := template.MaxPathLen
1240 if maxPathLen == 0 && !template.MaxPathLenZero {
1241 maxPathLen = -1
1242 }
1230 ret[n].Id = oidExtensionBasicConstraints 1243 ret[n].Id = oidExtensionBasicConstraints
1231 » » ret[n].Value, err = asn1.Marshal(basicConstraints{template.IsCA, template.MaxPathLen}) 1244 » » ret[n].Value, err = asn1.Marshal(basicConstraints{template.IsCA, maxPathLen})
1232 ret[n].Critical = true 1245 ret[n].Critical = true
1233 if err != nil { 1246 if err != nil {
1234 return 1247 return
1235 } 1248 }
1236 n++ 1249 n++
1237 } 1250 }
1238 1251
1239 if len(template.SubjectKeyId) > 0 && !oidInExtensions(oidExtensionSubjec tKeyId, template.ExtraExtensions) { 1252 if len(template.SubjectKeyId) > 0 && !oidInExtensions(oidExtensionSubjec tKeyId, template.ExtraExtensions) {
1240 ret[n].Id = oidExtensionSubjectKeyId 1253 ret[n].Id = oidExtensionSubjectKeyId
1241 ret[n].Value, err = asn1.Marshal(template.SubjectKeyId) 1254 ret[n].Value, err = asn1.Marshal(template.SubjectKeyId)
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after
1321 if len(template.CRLDistributionPoints) > 0 && 1334 if len(template.CRLDistributionPoints) > 0 &&
1322 !oidInExtensions(oidExtensionCRLDistributionPoints, template.Ext raExtensions) { 1335 !oidInExtensions(oidExtensionCRLDistributionPoints, template.Ext raExtensions) {
1323 ret[n].Id = oidExtensionCRLDistributionPoints 1336 ret[n].Id = oidExtensionCRLDistributionPoints
1324 1337
1325 var crlDp []distributionPoint 1338 var crlDp []distributionPoint
1326 for _, name := range template.CRLDistributionPoints { 1339 for _, name := range template.CRLDistributionPoints {
1327 rawFullName, _ := asn1.Marshal(asn1.RawValue{Tag: 6, Cla ss: 2, Bytes: []byte(name)}) 1340 rawFullName, _ := asn1.Marshal(asn1.RawValue{Tag: 6, Cla ss: 2, Bytes: []byte(name)})
1328 1341
1329 dp := distributionPoint{ 1342 dp := distributionPoint{
1330 DistributionPoint: distributionPointName{ 1343 DistributionPoint: distributionPointName{
1331 » » » » » FullName: asn1.RawValue{Tag: 0, Class: 2 , Bytes: rawFullName}, 1344 » » » » » FullName: asn1.RawValue{Tag: 0, Class: 2 , IsCompound: true, Bytes: rawFullName},
1332 }, 1345 },
1333 } 1346 }
1334 crlDp = append(crlDp, dp) 1347 crlDp = append(crlDp, dp)
1335 } 1348 }
1336 1349
1337 ret[n].Value, err = asn1.Marshal(crlDp) 1350 ret[n].Value, err = asn1.Marshal(crlDp)
1338 if err != nil { 1351 if err != nil {
1339 return 1352 return
1340 } 1353 }
1341 n++ 1354 n++
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
1378 hashFunc = crypto.SHA384 1391 hashFunc = crypto.SHA384
1379 sigAlgo.Algorithm = oidSignatureECDSAWithSHA384 1392 sigAlgo.Algorithm = oidSignatureECDSAWithSHA384
1380 case elliptic.P521(): 1393 case elliptic.P521():
1381 hashFunc = crypto.SHA512 1394 hashFunc = crypto.SHA512
1382 sigAlgo.Algorithm = oidSignatureECDSAWithSHA512 1395 sigAlgo.Algorithm = oidSignatureECDSAWithSHA512
1383 default: 1396 default:
1384 err = errors.New("x509: unknown elliptic curve") 1397 err = errors.New("x509: unknown elliptic curve")
1385 } 1398 }
1386 1399
1387 default: 1400 default:
1388 » » err = errors.New("x509: only RSA and ECDSA public keys supported ") 1401 » » err = errors.New("x509: only RSA and ECDSA keys supported")
1389 } 1402 }
1390 1403
1391 if err != nil { 1404 if err != nil {
1392 return 1405 return
1393 } 1406 }
1394 1407
1395 if requestedSigAlgo == 0 { 1408 if requestedSigAlgo == 0 {
1396 return 1409 return
1397 } 1410 }
1398 1411
(...skipping 26 matching lines...) Expand all
1425 // NotAfter, KeyUsage, ExtKeyUsage, UnknownExtKeyUsage, BasicConstraintsValid, 1438 // NotAfter, KeyUsage, ExtKeyUsage, UnknownExtKeyUsage, BasicConstraintsValid,
1426 // IsCA, MaxPathLen, SubjectKeyId, DNSNames, PermittedDNSDomainsCritical, 1439 // IsCA, MaxPathLen, SubjectKeyId, DNSNames, PermittedDNSDomainsCritical,
1427 // PermittedDNSDomains, SignatureAlgorithm. 1440 // PermittedDNSDomains, SignatureAlgorithm.
1428 // 1441 //
1429 // The certificate is signed by parent. If parent is equal to template then the 1442 // The certificate is signed by parent. If parent is equal to template then the
1430 // certificate is self-signed. The parameter pub is the public key of the 1443 // certificate is self-signed. The parameter pub is the public key of the
1431 // signee and priv is the private key of the signer. 1444 // signee and priv is the private key of the signer.
1432 // 1445 //
1433 // The returned slice is the certificate in DER encoding. 1446 // The returned slice is the certificate in DER encoding.
1434 // 1447 //
1435 // The only supported key types are RSA and ECDSA (*rsa.PublicKey or 1448 // All keys types that are implemented via crypto.Signer are supported (This
1436 // *ecdsa.PublicKey for pub, *rsa.PrivateKey or *ecdsa.PrivateKey for priv). 1449 // includes *rsa.PublicKey and *ecdsa.PublicKey.)
1437 func CreateCertificate(rand io.Reader, template, parent *Certificate, pub interf ace{}, priv interface{}) (cert []byte, err error) { 1450 func CreateCertificate(rand io.Reader, template, parent *Certificate, pub interf ace{}, priv interface{}) (cert []byte, err error) {
1438 » hashFunc, signatureAlgorithm, err := signingParamsForPublicKey(pub, temp late.SignatureAlgorithm) 1451 » key, ok := priv.(crypto.Signer)
1452 » if !ok {
1453 » » err = errors.New("x509: certificate private key does not impleme nt crypto.Signer")
1454 » » return
1455 » }
1456
1457 » hashFunc, signatureAlgorithm, err := signingParamsForPublicKey(key.Publi c(), template.SignatureAlgorithm)
1439 if err != nil { 1458 if err != nil {
1440 return nil, err 1459 return nil, err
1441 } 1460 }
1442 1461
1443 publicKeyBytes, publicKeyAlgorithm, err := marshalPublicKey(pub) 1462 publicKeyBytes, publicKeyAlgorithm, err := marshalPublicKey(pub)
1444 if err != nil { 1463 if err != nil {
1445 return nil, err 1464 return nil, err
1446 }
1447
1448 if err != nil {
1449 return
1450 } 1465 }
1451 1466
1452 if len(parent.SubjectKeyId) > 0 { 1467 if len(parent.SubjectKeyId) > 0 {
1453 template.AuthorityKeyId = parent.SubjectKeyId 1468 template.AuthorityKeyId = parent.SubjectKeyId
1454 } 1469 }
1455 1470
1456 extensions, err := buildExtensions(template) 1471 extensions, err := buildExtensions(template)
1457 if err != nil { 1472 if err != nil {
1458 return 1473 return
1459 } 1474 }
(...skipping 25 matching lines...) Expand all
1485 return 1500 return
1486 } 1501 }
1487 1502
1488 c.Raw = tbsCertContents 1503 c.Raw = tbsCertContents
1489 1504
1490 h := hashFunc.New() 1505 h := hashFunc.New()
1491 h.Write(tbsCertContents) 1506 h.Write(tbsCertContents)
1492 digest := h.Sum(nil) 1507 digest := h.Sum(nil)
1493 1508
1494 var signature []byte 1509 var signature []byte
1495
1496 key, ok := priv.(crypto.Signer)
1497 if !ok {
1498 err = errors.New("x509: certificate private key does not impleme nt crypto.Signer")
1499 return
1500 }
1501 signature, err = key.Sign(rand, digest, hashFunc) 1510 signature, err = key.Sign(rand, digest, hashFunc)
1502
1503 if err != nil { 1511 if err != nil {
1504 return 1512 return
1505 } 1513 }
1506 1514
1507 cert, err = asn1.Marshal(certificate{ 1515 cert, err = asn1.Marshal(certificate{
1508 nil, 1516 nil,
1509 c, 1517 c,
1510 signatureAlgorithm, 1518 signatureAlgorithm,
1511 asn1.BitString{Bytes: signature, BitLength: len(signature) * 8}, 1519 asn1.BitString{Bytes: signature, BitLength: len(signature) * 8},
1512 }) 1520 })
(...skipping 27 matching lines...) Expand all
1540 _, err = asn1.Unmarshal(derBytes, certList) 1548 _, err = asn1.Unmarshal(derBytes, certList)
1541 if err != nil { 1549 if err != nil {
1542 certList = nil 1550 certList = nil
1543 } 1551 }
1544 return 1552 return
1545 } 1553 }
1546 1554
1547 // CreateCRL returns a DER encoded CRL, signed by this Certificate, that 1555 // CreateCRL returns a DER encoded CRL, signed by this Certificate, that
1548 // contains the given list of revoked certificates. 1556 // contains the given list of revoked certificates.
1549 func (c *Certificate) CreateCRL(rand io.Reader, priv interface{}, revokedCerts [ ]pkix.RevokedCertificate, now, expiry time.Time) (crlBytes []byte, err error) { 1557 func (c *Certificate) CreateCRL(rand io.Reader, priv interface{}, revokedCerts [ ]pkix.RevokedCertificate, now, expiry time.Time) (crlBytes []byte, err error) {
1550 » hashFunc, signatureAlgorithm, err := signingParamsForPublicKey(c.PublicK ey, 0) 1558 » key, ok := priv.(crypto.Signer)
1559 » if !ok {
1560 » » err = errors.New("x509: certificate private key does not impleme nt crypto.Signer")
1561 » » return
1562 » }
1563
1564 » hashFunc, signatureAlgorithm, err := signingParamsForPublicKey(key.Publi c(), 0)
1551 if err != nil { 1565 if err != nil {
1552 return nil, err 1566 return nil, err
1553 } 1567 }
1554 1568
1555 tbsCertList := pkix.TBSCertificateList{ 1569 tbsCertList := pkix.TBSCertificateList{
1556 » » Version: 2, 1570 » » Version: 2,
1557 » » Signature: pkix.AlgorithmIdentifier{ 1571 » » Signature: signatureAlgorithm,
1558 » » » Algorithm: oidSignatureSHA1WithRSA,
1559 » » },
1560 Issuer: c.Subject.ToRDNSequence(), 1572 Issuer: c.Subject.ToRDNSequence(),
1561 ThisUpdate: now.UTC(), 1573 ThisUpdate: now.UTC(),
1562 NextUpdate: expiry.UTC(), 1574 NextUpdate: expiry.UTC(),
1563 RevokedCertificates: revokedCerts, 1575 RevokedCertificates: revokedCerts,
1564 } 1576 }
1565 1577
1566 tbsCertListContents, err := asn1.Marshal(tbsCertList) 1578 tbsCertListContents, err := asn1.Marshal(tbsCertList)
1567 if err != nil { 1579 if err != nil {
1568 return 1580 return
1569 } 1581 }
1570 1582
1571 h := hashFunc.New() 1583 h := hashFunc.New()
1572 h.Write(tbsCertListContents) 1584 h.Write(tbsCertListContents)
1573 digest := h.Sum(nil) 1585 digest := h.Sum(nil)
1574 1586
1575 var signature []byte 1587 var signature []byte
1576
1577 key, ok := priv.(crypto.Signer)
1578 if !ok {
1579 err = errors.New("x509: certificate private key does not impleme nt crypto.Signer")
1580 return
1581 }
1582 signature, err = key.Sign(rand, digest, hashFunc) 1588 signature, err = key.Sign(rand, digest, hashFunc)
1583 if err != nil { 1589 if err != nil {
1584 return 1590 return
1585 } 1591 }
1586 1592
1587 return asn1.Marshal(pkix.CertificateList{ 1593 return asn1.Marshal(pkix.CertificateList{
1588 TBSCertList: tbsCertList, 1594 TBSCertList: tbsCertList,
1589 SignatureAlgorithm: signatureAlgorithm, 1595 SignatureAlgorithm: signatureAlgorithm,
1590 SignatureValue: asn1.BitString{Bytes: signature, BitLength: len(signature) * 8}, 1596 SignatureValue: asn1.BitString{Bytes: signature, BitLength: len(signature) * 8},
1591 }) 1597 })
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after
1649 SignatureAlgorithm pkix.AlgorithmIdentifier 1655 SignatureAlgorithm pkix.AlgorithmIdentifier
1650 SignatureValue asn1.BitString 1656 SignatureValue asn1.BitString
1651 } 1657 }
1652 1658
1653 // oidExtensionRequest is a PKCS#9 OBJECT IDENTIFIER that indicates requested 1659 // oidExtensionRequest is a PKCS#9 OBJECT IDENTIFIER that indicates requested
1654 // extensions in a CSR. 1660 // extensions in a CSR.
1655 var oidExtensionRequest = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 14} 1661 var oidExtensionRequest = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 14}
1656 1662
1657 // CreateCertificateRequest creates a new certificate based on a template. The 1663 // CreateCertificateRequest creates a new certificate based on a template. The
1658 // following members of template are used: Subject, Attributes, 1664 // following members of template are used: Subject, Attributes,
1659 // SignatureAlgorithm, Extension, DNSNames, EmailAddresses, and IPAddresses. 1665 // SignatureAlgorithm, Extensions, DNSNames, EmailAddresses, and IPAddresses.
1660 // The private key is the private key of the signer. 1666 // The private key is the private key of the signer.
1661 // 1667 //
1662 // The returned slice is the certificate request in DER encoding. 1668 // The returned slice is the certificate request in DER encoding.
1663 // 1669 //
1664 // The only supported key types are RSA (*rsa.PrivateKey) and ECDSA 1670 // All keys types that are implemented via crypto.Signer are supported (This
1665 // (*ecdsa.PrivateKey). 1671 // includes *rsa.PublicKey and *ecdsa.PublicKey.)
1666 func CreateCertificateRequest(rand io.Reader, template *CertificateRequest, priv interface{}) (csr []byte, err error) { 1672 func CreateCertificateRequest(rand io.Reader, template *CertificateRequest, priv interface{}) (csr []byte, err error) {
1673 key, ok := priv.(crypto.Signer)
1674 if !ok {
1675 err = errors.New("x509: certificate private key does not impleme nt crypto.Signer")
1676 return
1677 }
1678
1667 var hashFunc crypto.Hash 1679 var hashFunc crypto.Hash
1668 var sigAlgo pkix.AlgorithmIdentifier 1680 var sigAlgo pkix.AlgorithmIdentifier
1669 1681 » hashFunc, sigAlgo, err = signingParamsForPublicKey(key.Public(), templat e.SignatureAlgorithm)
1670 » switch priv := priv.(type) {
1671 » case *rsa.PrivateKey:
1672 » » hashFunc, sigAlgo, err = signingParamsForPublicKey(&priv.PublicK ey, template.SignatureAlgorithm)
1673 » case *ecdsa.PrivateKey:
1674 » » hashFunc, sigAlgo, err = signingParamsForPublicKey(&priv.PublicK ey, template.SignatureAlgorithm)
1675 » default:
1676 » » panic("internal error")
1677 » }
1678
1679 if err != nil { 1682 if err != nil {
1680 return nil, err 1683 return nil, err
1681 } 1684 }
1682 1685
1683 var publicKeyBytes []byte 1686 var publicKeyBytes []byte
1684 var publicKeyAlgorithm pkix.AlgorithmIdentifier 1687 var publicKeyAlgorithm pkix.AlgorithmIdentifier
1685 1688 » publicKeyBytes, publicKeyAlgorithm, err = marshalPublicKey(key.Public())
1686 » switch priv := priv.(type) {
1687 » case *rsa.PrivateKey:
1688 » » publicKeyBytes, publicKeyAlgorithm, err = marshalPublicKey(&priv .PublicKey)
1689 » case *ecdsa.PrivateKey:
1690 » » publicKeyBytes, publicKeyAlgorithm, err = marshalPublicKey(&priv .PublicKey)
1691 » default:
1692 » » panic("internal error")
1693 » }
1694
1695 if err != nil { 1689 if err != nil {
1696 return nil, err 1690 return nil, err
1697 } 1691 }
1698 1692
1699 var extensions []pkix.Extension 1693 var extensions []pkix.Extension
1700 1694
1701 if (len(template.DNSNames) > 0 || len(template.EmailAddresses) > 0 || le n(template.IPAddresses) > 0) && 1695 if (len(template.DNSNames) > 0 || len(template.EmailAddresses) > 0 || le n(template.IPAddresses) > 0) &&
1702 !oidInExtensions(oidExtensionSubjectAltName, template.ExtraExten sions) { 1696 !oidInExtensions(oidExtensionSubjectAltName, template.ExtraExten sions) {
1703 sanBytes, err := marshalSANs(template.DNSNames, template.EmailAd dresses, template.IPAddresses) 1697 sanBytes, err := marshalSANs(template.DNSNames, template.EmailAd dresses, template.IPAddresses)
1704 if err != nil { 1698 if err != nil {
(...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after
1796 if err != nil { 1790 if err != nil {
1797 return 1791 return
1798 } 1792 }
1799 tbsCSR.Raw = tbsCSRContents 1793 tbsCSR.Raw = tbsCSRContents
1800 1794
1801 h := hashFunc.New() 1795 h := hashFunc.New()
1802 h.Write(tbsCSRContents) 1796 h.Write(tbsCSRContents)
1803 digest := h.Sum(nil) 1797 digest := h.Sum(nil)
1804 1798
1805 var signature []byte 1799 var signature []byte
1806 » switch priv := priv.(type) { 1800 » signature, err = key.Sign(rand, digest, hashFunc)
1807 » case *rsa.PrivateKey:
1808 » » signature, err = rsa.SignPKCS1v15(rand, priv, hashFunc, digest)
1809 » case *ecdsa.PrivateKey:
1810 » » var r, s *big.Int
1811 » » if r, s, err = ecdsa.Sign(rand, priv, digest); err == nil {
1812 » » » signature, err = asn1.Marshal(ecdsaSignature{r, s})
1813 » » }
1814 » default:
1815 » » panic("internal error")
1816 » }
1817
1818 if err != nil { 1801 if err != nil {
1819 return 1802 return
1820 } 1803 }
1821 1804
1822 return asn1.Marshal(certificateRequest{ 1805 return asn1.Marshal(certificateRequest{
1823 TBSCSR: tbsCSR, 1806 TBSCSR: tbsCSR,
1824 SignatureAlgorithm: sigAlgo, 1807 SignatureAlgorithm: sigAlgo,
1825 SignatureValue: asn1.BitString{ 1808 SignatureValue: asn1.BitString{
1826 Bytes: signature, 1809 Bytes: signature,
1827 BitLength: len(signature) * 8, 1810 BitLength: len(signature) * 8,
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after
1904 out.DNSNames, out.EmailAddresses, out.IPAddresse s, err = parseSANExtension(value) 1887 out.DNSNames, out.EmailAddresses, out.IPAddresse s, err = parseSANExtension(value)
1905 if err != nil { 1888 if err != nil {
1906 return nil, err 1889 return nil, err
1907 } 1890 }
1908 } 1891 }
1909 } 1892 }
1910 } 1893 }
1911 1894
1912 return out, nil 1895 return out, nil
1913 } 1896 }
LEFTRIGHT
« no previous file | no next file » | Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Toggle Comments ('s')

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b