func parseDN(dn string) *pkix.Name {
name := pkix.Name{}
matches := dnRegexp.FindAllStringSubmatch(dn, -1)
for _, match := range matches {
val := match[2]
if val == "" {
continue
}
switch match[1] {
case "C":
name.Country = append(name.Country, val)
case "O":
name.Organization = append(name.Organization, val)
case "OU":
name.OrganizationalUnit = append(name.OrganizationalUnit, val)
case "L":
name.Locality = append(name.Locality, val)
case "ST":
name.Province = append(name.Province, val)
case "SN":
name.SerialNumber = val
case "CN":
name.CommonName = val
}
}
return &name
}
func (info *HostCertificateInfo) toName(s string) *pkix.Name {
var name pkix.Name
for _, pair := range strings.Split(s, ",") {
attr := strings.SplitN(pair, "=", 2)
if len(attr) != 2 {
continue
}
v := attr[1]
switch strings.ToLower(attr[0]) {
case "cn":
name.CommonName = v
case "ou":
name.OrganizationalUnit = append(name.OrganizationalUnit, v)
case "o":
name.Organization = append(name.Organization, v)
case "l":
name.Locality = append(name.Locality, v)
case "st":
name.Province = append(name.Province, v)
case "c":
name.Country = append(name.Country, v)
case "emailaddress":
name.Names = append(name.Names, pkix.AttributeTypeAndValue{Type: emailAddressOID, Value: v})
}
}
return &name
}
// Name returns the PKIX name for the request.
func (cr *CertificateRequest) Name() pkix.Name {
var name pkix.Name
name.CommonName = cr.CN
for _, n := range cr.Names {
appendIf(n.C, &name.Country)
appendIf(n.ST, &name.Province)
appendIf(n.L, &name.Locality)
appendIf(n.O, &name.Organization)
appendIf(n.OU, &name.OrganizationalUnit)
}
return name
}
// Name returns the PKIX name for the subject.
func (s *Subject) Name() pkix.Name {
var name pkix.Name
name.CommonName = s.CN
for _, n := range s.Names {
appendIf(n.C, &name.Country)
appendIf(n.ST, &name.Province)
appendIf(n.L, &name.Locality)
appendIf(n.O, &name.Organization)
appendIf(n.OU, &name.OrganizationalUnit)
}
return name
}
// GenerateKeys initializes a new tls key, confirms certificate details with the
// user, obtains a signed certificate from the default ca, and stores the
// resulting keys and certificates in kdir. This is meant to be called from
// user-facing apps.
func GenerateKeys(name *pkix.Name, addr, kdir string) *tao.Keys {
host, _, err := net.SplitHostPort(addr)
options.FailIf(err, "bad address: %s", addr)
name.CommonName = host
if ConfirmNames {
fmt.Printf(""+
"Initializing fresh HTTP/TLS server key. Provide the following information,\n"+
"to be include in a CA-signed x509 certificate. Leave the response blank to\n"+
"accept the default value.\n\n"+
"The key and certificates will be stored in:\n %s\n\n", kdir)
name = ConfirmName(name)
}
keys, err := tao.InitOnDiskTaoSealedKeys(tao.Signing, name, tao.Parent(), kdir, tao.SealPolicyDefault)
options.FailIf(err, "can't create tao-sealed HTTPS/TLS keys")
csr := NewCertificateSigningRequest(keys.VerifyingKey, name)
SubmitAndInstall(keys, csr)
return keys
}
func parsePkixName(s string) (*pkix.Name, error) {
name := new(pkix.Name)
tokens := strings.Split(s, ",")
for _, token := range tokens {
token = strings.TrimSpace(token)
kv := strings.SplitN(token, "=", 2)
if len(kv) != 2 {
return nil, fmt.Errorf("unrecognized token (expected k=v): %q", token)
}
k := strings.ToLower(kv[0])
v := kv[1]
switch k {
case "cn":
name.CommonName = v
default:
return nil, fmt.Errorf("unrecognized key %q in token %q", k, token)
}
}
return name, nil
}
func Unmarshal(dn string) (pkix.Name, error) {
var output pkix.Name
segments := strings.Split(dn, ",")
for segment := range segments {
identifier := strings.SplitN(segments[segment], "=", 2)
if identifier[0] == "CN" {
output.CommonName = identifier[1]
} else if identifier[0] == "C" {
output.Country = append(output.Country, identifier[1])
} else if identifier[0] == "L" {
output.Locality = append(output.Locality, identifier[1])
} else if identifier[0] == "ST" {
output.Province = append(output.Province, identifier[1])
} else if identifier[0] == "SA" {
output.StreetAddress = append(output.StreetAddress, identifier[1])
} else if identifier[0] == "O" {
output.Organization = append(output.Organization, identifier[1])
} else if identifier[0] == "OU" {
output.OrganizationalUnit = append(output.OrganizationalUnit, identifier[1])
}
}
return output, nil
}
// Name returns the subject info as a PKIX name strucutre for a
// certificate.
func (si *SubjectInfo) Name() pkix.Name {
var name pkix.Name
if si.Country != "" {
name.Country = []string{si.Country}
}
if si.OrgName != "" {
name.Organization = []string{si.OrgName}
}
if si.OrgUnitName != "" {
name.OrganizationalUnit = []string{si.OrgUnitName}
}
if si.Locality != "" {
name.Locality = []string{si.Locality}
}
if si.StateOrProvince != "" {
name.Province = []string{si.StateOrProvince}
}
if si.CommonName != "" {
name.CommonName = si.CommonName
}
if si.Email != "" {
name.Names = []pkix.AttributeTypeAndValue{
pkix.AttributeTypeAndValue{
Type: asn1EmailAddress,
Value: si.Email,
},
}
}
return name
}