diff options
author | Adam Langley <agl@golang.org> | 2010-06-30 18:02:31 -0400 |
---|---|---|
committer | Adam Langley <agl@golang.org> | 2010-06-30 18:02:31 -0400 |
commit | 9c09ed13d28474ef76a73c533dc75da586f657d3 (patch) | |
tree | 953e4b91fbf18664f7cc34ecb0fe8f6743ba8853 | |
parent | 400f7a6ba569cd9835f4b0e7852f5cb9b4a7c9ab (diff) | |
download | go-9c09ed13d28474ef76a73c533dc75da586f657d3.tar.gz go-9c09ed13d28474ef76a73c533dc75da586f657d3.zip |
x509: support non-self-signed certs.
For generating non-self-signed certs we need to be able to specify a
public key (for the signee) which is different from the private key (of
the signer).
R=rsc
CC=golang-dev
https://golang.org/cl/1741045
-rw-r--r-- | src/pkg/crypto/x509/x509.go | 11 | ||||
-rw-r--r-- | src/pkg/crypto/x509/x509_test.go | 2 |
2 files changed, 7 insertions, 6 deletions
diff --git a/src/pkg/crypto/x509/x509.go b/src/pkg/crypto/x509/x509.go index 45197497cc..c4c79eb0de 100644 --- a/src/pkg/crypto/x509/x509.go +++ b/src/pkg/crypto/x509/x509.go @@ -761,19 +761,20 @@ var ( // MaxPathLen, SubjectKeyId, DNSNames. // // The certificate is signed by parent. If parent is equal to template then the -// certificate is self-signed. +// certificate is self-signed. pub is the public key of the signee. priv is the +// private key of the signer. // // The returned slice is the certificate in DER encoding. -func CreateCertificate(rand io.Reader, template, parent *Certificate, priv *rsa.PrivateKey) (cert []byte, err os.Error) { +func CreateCertificate(rand io.Reader, template, parent *Certificate, pub *rsa.PublicKey, priv *rsa.PrivateKey) (cert []byte, err os.Error) { asn1PublicKey, err := asn1.MarshalToMemory(rsaPublicKey{ - N: asn1.RawValue{Tag: 2, Bytes: priv.PublicKey.N.Bytes()}, - E: priv.PublicKey.E, + N: asn1.RawValue{Tag: 2, Bytes: pub.N.Bytes()}, + E: pub.E, }) if err != nil { return } - if len(template.SubjectKeyId) > 0 && len(parent.SubjectKeyId) > 0 { + if len(parent.SubjectKeyId) > 0 { template.AuthorityKeyId = parent.SubjectKeyId } diff --git a/src/pkg/crypto/x509/x509_test.go b/src/pkg/crypto/x509/x509_test.go index 85e9e1bc83..23ce1ad11f 100644 --- a/src/pkg/crypto/x509/x509_test.go +++ b/src/pkg/crypto/x509/x509_test.go @@ -174,7 +174,7 @@ func TestCreateSelfSignedCertificate(t *testing.T) { DNSNames: []string{"test.example.com"}, } - derBytes, err := CreateCertificate(urandom, &template, &template, priv) + derBytes, err := CreateCertificate(urandom, &template, &template, &priv.PublicKey, priv) if err != nil { t.Errorf("Failed to create certificate: %s", err) return |