Commit 9c09ed13 authored by Adam Langley's avatar Adam Langley

x509: support non-self-signed certs.

For generating non-self-signed certs we need to be able to specify a
public key (for the signee) which is different from the private key (of
the signer).

R=rsc
CC=golang-dev
https://golang.org/cl/1741045
parent 400f7a6b
...@@ -761,19 +761,20 @@ var ( ...@@ -761,19 +761,20 @@ var (
// MaxPathLen, SubjectKeyId, DNSNames. // MaxPathLen, SubjectKeyId, DNSNames.
// //
// The certificate is signed by parent. If parent is equal to template then the // The certificate is signed by parent. If parent is equal to template then the
// certificate is self-signed. // certificate is self-signed. pub is the public key of the signee. priv is the
// private key of the signer.
// //
// The returned slice is the certificate in DER encoding. // The returned slice is the certificate in DER encoding.
func CreateCertificate(rand io.Reader, template, parent *Certificate, priv *rsa.PrivateKey) (cert []byte, err os.Error) { func CreateCertificate(rand io.Reader, template, parent *Certificate, pub *rsa.PublicKey, priv *rsa.PrivateKey) (cert []byte, err os.Error) {
asn1PublicKey, err := asn1.MarshalToMemory(rsaPublicKey{ asn1PublicKey, err := asn1.MarshalToMemory(rsaPublicKey{
N: asn1.RawValue{Tag: 2, Bytes: priv.PublicKey.N.Bytes()}, N: asn1.RawValue{Tag: 2, Bytes: pub.N.Bytes()},
E: priv.PublicKey.E, E: pub.E,
}) })
if err != nil { if err != nil {
return return
} }
if len(template.SubjectKeyId) > 0 && len(parent.SubjectKeyId) > 0 { if len(parent.SubjectKeyId) > 0 {
template.AuthorityKeyId = parent.SubjectKeyId template.AuthorityKeyId = parent.SubjectKeyId
} }
......
...@@ -174,7 +174,7 @@ func TestCreateSelfSignedCertificate(t *testing.T) { ...@@ -174,7 +174,7 @@ func TestCreateSelfSignedCertificate(t *testing.T) {
DNSNames: []string{"test.example.com"}, DNSNames: []string{"test.example.com"},
} }
derBytes, err := CreateCertificate(urandom, &template, &template, priv) derBytes, err := CreateCertificate(urandom, &template, &template, &priv.PublicKey, priv)
if err != nil { if err != nil {
t.Errorf("Failed to create certificate: %s", err) t.Errorf("Failed to create certificate: %s", err)
return return
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment