// NewFromSigner creates a new root certificate from a crypto.Signer. func NewFromSigner(req *csr.CertificateRequest, priv crypto.Signer) (cert, csrPEM []byte, err error) { policy := CAPolicy() if req.CA != nil { if req.CA.Expiry != "" { policy.Default.ExpiryString = req.CA.Expiry policy.Default.Expiry, err = time.ParseDuration(req.CA.Expiry) if err != nil { return nil, nil, err } } signer.MaxPathLen = req.CA.PathLength if req.CA.PathLength != 0 && req.CA.PathLenZero == true { log.Infof("ignore invalid 'pathlenzero' value") } else { signer.MaxPathLenZero = req.CA.PathLenZero } } csrPEM, err = csr.Generate(priv, req) if err != nil { return nil, nil, err } s, err := local.NewSigner(priv, nil, signer.DefaultSigAlgo(priv), nil) if err != nil { log.Errorf("failed to create signer: %v", err) return } s.SetPolicy(policy) signReq := signer.SignRequest{Request: string(csrPEM)} cert, err = s.Sign(signReq) return }
// CertificateRequest takes some metadata about a certificate request, // and attempts to produce a certificate signing request suitable for // sending to a certificate authority. func (sp *StandardProvider) CertificateRequest(req *csr.CertificateRequest) ([]byte, error) { if sp.internal.priv == nil { if req.KeyRequest == nil { return nil, errors.New("transport: invalid key request in csr.CertificateRequest") } sp.Generate(req.KeyRequest.Algo(), req.KeyRequest.Size()) } return csr.Generate(sp.internal.priv, req) }
// CertificateRequest takes some metadata about a certificate request, // and attempts to produce a certificate signing request suitable for // sending to a certificate authority. func (sp *StandardProvider) CertificateRequest(req *csr.CertificateRequest) ([]byte, error) { return csr.Generate(sp.internal.priv, req) }