// CreateCertificate requests the creation of a new enrollment certificate by the TLSCA.
//
func (tlscap *TLSCAP) CreateCertificate(ctx context.Context, in *pb.TLSCertCreateReq) (*pb.TLSCertCreateResp, error) {
Trace.Println("grpc TLSCAP:CreateCertificate")
id := in.Id.Id
sig := in.Sig
in.Sig = nil
r, s := big.NewInt(0), big.NewInt(0)
r.UnmarshalText(sig.R)
s.UnmarshalText(sig.S)
raw := in.Pub.Key
if in.Pub.Type != pb.CryptoType_ECDSA {
return nil, errors.New("unsupported key type")
}
pub, err := x509.ParsePKIXPublicKey(in.Pub.Key)
if err != nil {
return nil, err
}
hash := utils.NewHash()
raw, _ = proto.Marshal(in)
hash.Write(raw)
if ecdsa.Verify(pub.(*ecdsa.PublicKey), hash.Sum(nil), r, s) == false {
return nil, errors.New("signature does not verify")
}
if raw, err = tlscap.tlsca.createCertificate(id, pub.(*ecdsa.PublicKey), x509.KeyUsageDigitalSignature, in.Ts.Seconds, nil); err != nil {
Error.Println(err)
return nil, err
}
return &pb.TLSCertCreateResp{&pb.Cert{raw}, &pb.Cert{tlscap.tlsca.raw}}, nil
}
// CreateCertificate requests the creation of a new enrollment certificate by the TLSCA.
//
func (tlscap *TLSCAP) CreateCertificate(ctx context.Context, req *pb.TLSCertCreateReq) (*pb.Cert, error) {
Trace.Println("grpc TLSCA_P:CreateCertificate")
id := req.Id.Id
sig := req.Sig
req.Sig = nil
r, s := big.NewInt(0), big.NewInt(0)
r.UnmarshalText(sig.R)
s.UnmarshalText(sig.S)
raw := req.Pub.Key
if req.Pub.Type != pb.CryptoType_ECDSA {
Error.Println("unsupported key type")
return nil, errors.New("unsupported key type")
}
pub, err := x509.ParsePKIXPublicKey(req.Pub.Key)
if err != nil {
Error.Println(err)
return nil, err
}
hash := sha3.New384()
raw, _ = proto.Marshal(req)
hash.Write(raw)
if ecdsa.Verify(pub.(*ecdsa.PublicKey), hash.Sum(nil), r, s) == false {
Error.Println("signature does not verify")
return nil, errors.New("signature does not verify")
}
if raw, err = tlscap.tlsca.newCertificate(id, pub.(*ecdsa.PublicKey), time.Now().UnixNano()); err != nil {
Error.Println(err)
return nil, err
}
return &pb.Cert{raw}, nil
}