func parseDN(dn string) *pkix.Name { name := pkix.Name{} matches := dnRegexp.FindAllStringSubmatch(dn, -1) for _, match := range matches { val := match[2] if val == "" { continue } switch match[1] { case "C": name.Country = append(name.Country, val) case "O": name.Organization = append(name.Organization, val) case "OU": name.OrganizationalUnit = append(name.OrganizationalUnit, val) case "L": name.Locality = append(name.Locality, val) case "ST": name.Province = append(name.Province, val) case "SN": name.SerialNumber = val case "CN": name.CommonName = val } } return &name }
func (info *HostCertificateInfo) toName(s string) *pkix.Name { var name pkix.Name for _, pair := range strings.Split(s, ",") { attr := strings.SplitN(pair, "=", 2) if len(attr) != 2 { continue } v := attr[1] switch strings.ToLower(attr[0]) { case "cn": name.CommonName = v case "ou": name.OrganizationalUnit = append(name.OrganizationalUnit, v) case "o": name.Organization = append(name.Organization, v) case "l": name.Locality = append(name.Locality, v) case "st": name.Province = append(name.Province, v) case "c": name.Country = append(name.Country, v) case "emailaddress": name.Names = append(name.Names, pkix.AttributeTypeAndValue{Type: emailAddressOID, Value: v}) } } return &name }
// Name returns the PKIX name for the request. func (cr *CertificateRequest) Name() pkix.Name { var name pkix.Name name.CommonName = cr.CN for _, n := range cr.Names { appendIf(n.C, &name.Country) appendIf(n.ST, &name.Province) appendIf(n.L, &name.Locality) appendIf(n.O, &name.Organization) appendIf(n.OU, &name.OrganizationalUnit) } return name }
// Name returns the PKIX name for the subject. func (s *Subject) Name() pkix.Name { var name pkix.Name name.CommonName = s.CN for _, n := range s.Names { appendIf(n.C, &name.Country) appendIf(n.ST, &name.Province) appendIf(n.L, &name.Locality) appendIf(n.O, &name.Organization) appendIf(n.OU, &name.OrganizationalUnit) } return name }
// GenerateKeys initializes a new tls key, confirms certificate details with the // user, obtains a signed certificate from the default ca, and stores the // resulting keys and certificates in kdir. This is meant to be called from // user-facing apps. func GenerateKeys(name *pkix.Name, addr, kdir string) *tao.Keys { host, _, err := net.SplitHostPort(addr) options.FailIf(err, "bad address: %s", addr) name.CommonName = host if ConfirmNames { fmt.Printf(""+ "Initializing fresh HTTP/TLS server key. Provide the following information,\n"+ "to be include in a CA-signed x509 certificate. Leave the response blank to\n"+ "accept the default value.\n\n"+ "The key and certificates will be stored in:\n %s\n\n", kdir) name = ConfirmName(name) } keys, err := tao.InitOnDiskTaoSealedKeys(tao.Signing, name, tao.Parent(), kdir, tao.SealPolicyDefault) options.FailIf(err, "can't create tao-sealed HTTPS/TLS keys") csr := NewCertificateSigningRequest(keys.VerifyingKey, name) SubmitAndInstall(keys, csr) return keys }
func parsePkixName(s string) (*pkix.Name, error) { name := new(pkix.Name) tokens := strings.Split(s, ",") for _, token := range tokens { token = strings.TrimSpace(token) kv := strings.SplitN(token, "=", 2) if len(kv) != 2 { return nil, fmt.Errorf("unrecognized token (expected k=v): %q", token) } k := strings.ToLower(kv[0]) v := kv[1] switch k { case "cn": name.CommonName = v default: return nil, fmt.Errorf("unrecognized key %q in token %q", k, token) } } return name, nil }
func Unmarshal(dn string) (pkix.Name, error) { var output pkix.Name segments := strings.Split(dn, ",") for segment := range segments { identifier := strings.SplitN(segments[segment], "=", 2) if identifier[0] == "CN" { output.CommonName = identifier[1] } else if identifier[0] == "C" { output.Country = append(output.Country, identifier[1]) } else if identifier[0] == "L" { output.Locality = append(output.Locality, identifier[1]) } else if identifier[0] == "ST" { output.Province = append(output.Province, identifier[1]) } else if identifier[0] == "SA" { output.StreetAddress = append(output.StreetAddress, identifier[1]) } else if identifier[0] == "O" { output.Organization = append(output.Organization, identifier[1]) } else if identifier[0] == "OU" { output.OrganizationalUnit = append(output.OrganizationalUnit, identifier[1]) } } return output, nil }
// Name returns the subject info as a PKIX name strucutre for a // certificate. func (si *SubjectInfo) Name() pkix.Name { var name pkix.Name if si.Country != "" { name.Country = []string{si.Country} } if si.OrgName != "" { name.Organization = []string{si.OrgName} } if si.OrgUnitName != "" { name.OrganizationalUnit = []string{si.OrgUnitName} } if si.Locality != "" { name.Locality = []string{si.Locality} } if si.StateOrProvince != "" { name.Province = []string{si.StateOrProvince} } if si.CommonName != "" { name.CommonName = si.CommonName } if si.Email != "" { name.Names = []pkix.AttributeTypeAndValue{ pkix.AttributeTypeAndValue{ Type: asn1EmailAddress, Value: si.Email, }, } } return name }