1
2
3
4
5
6 package x509
7
8 import (
9 "bytes"
10 "crypto"
11 "crypto/dsa"
12 "crypto/ecdsa"
13 "crypto/ed25519"
14 "crypto/elliptic"
15 "crypto/rsa"
16 "crypto/sha1"
17 "crypto/x509/pkix"
18 "encoding/asn1"
19 "encoding/pem"
20 "errors"
21 "fmt"
22 "io"
23 "math/big"
24 "net"
25 "net/url"
26 "strconv"
27 "strings"
28 "time"
29 "unicode"
30
31
32
33 _ "crypto/sha1"
34 _ "crypto/sha256"
35 _ "crypto/sha512"
36
37 "golang.org/x/crypto/cryptobyte"
38 cryptobyte_asn1 "golang.org/x/crypto/cryptobyte/asn1"
39 )
40
41
42
43 type pkixPublicKey struct {
44 Algo pkix.AlgorithmIdentifier
45 BitString asn1.BitString
46 }
47
48
49
50
51
52
53
54
55
56 func ParsePKIXPublicKey(derBytes []byte) (pub interface{}, err error) {
57 var pki publicKeyInfo
58 if rest, err := asn1.Unmarshal(derBytes, &pki); err != nil {
59 if _, err := asn1.Unmarshal(derBytes, &pkcs1PublicKey{}); err == nil {
60 return nil, errors.New("x509: failed to parse public key (use ParsePKCS1PublicKey instead for this key format)")
61 }
62 return nil, err
63 } else if len(rest) != 0 {
64 return nil, errors.New("x509: trailing data after ASN.1 of public-key")
65 }
66 algo := getPublicKeyAlgorithmFromOID(pki.Algorithm.Algorithm)
67 if algo == UnknownPublicKeyAlgorithm {
68 return nil, errors.New("x509: unknown public key algorithm")
69 }
70 return parsePublicKey(algo, &pki)
71 }
72
73 func marshalPublicKey(pub interface{}) (publicKeyBytes []byte, publicKeyAlgorithm pkix.AlgorithmIdentifier, err error) {
74 switch pub := pub.(type) {
75 case *rsa.PublicKey:
76 publicKeyBytes, err = asn1.Marshal(pkcs1PublicKey{
77 N: pub.N,
78 E: pub.E,
79 })
80 if err != nil {
81 return nil, pkix.AlgorithmIdentifier{}, err
82 }
83 publicKeyAlgorithm.Algorithm = oidPublicKeyRSA
84
85
86 publicKeyAlgorithm.Parameters = asn1.NullRawValue
87 case *ecdsa.PublicKey:
88 publicKeyBytes = elliptic.Marshal(pub.Curve, pub.X, pub.Y)
89 oid, ok := oidFromNamedCurve(pub.Curve)
90 if !ok {
91 return nil, pkix.AlgorithmIdentifier{}, errors.New("x509: unsupported elliptic curve")
92 }
93 publicKeyAlgorithm.Algorithm = oidPublicKeyECDSA
94 var paramBytes []byte
95 paramBytes, err = asn1.Marshal(oid)
96 if err != nil {
97 return
98 }
99 publicKeyAlgorithm.Parameters.FullBytes = paramBytes
100 case ed25519.PublicKey:
101 publicKeyBytes = pub
102 publicKeyAlgorithm.Algorithm = oidPublicKeyEd25519
103 default:
104 return nil, pkix.AlgorithmIdentifier{}, fmt.Errorf("x509: unsupported public key type: %T", pub)
105 }
106
107 return publicKeyBytes, publicKeyAlgorithm, nil
108 }
109
110
111
112
113
114
115
116
117
118 func MarshalPKIXPublicKey(pub interface{}) ([]byte, error) {
119 var publicKeyBytes []byte
120 var publicKeyAlgorithm pkix.AlgorithmIdentifier
121 var err error
122
123 if publicKeyBytes, publicKeyAlgorithm, err = marshalPublicKey(pub); err != nil {
124 return nil, err
125 }
126
127 pkix := pkixPublicKey{
128 Algo: publicKeyAlgorithm,
129 BitString: asn1.BitString{
130 Bytes: publicKeyBytes,
131 BitLength: 8 * len(publicKeyBytes),
132 },
133 }
134
135 ret, _ := asn1.Marshal(pkix)
136 return ret, nil
137 }
138
139
140
141 type certificate struct {
142 Raw asn1.RawContent
143 TBSCertificate tbsCertificate
144 SignatureAlgorithm pkix.AlgorithmIdentifier
145 SignatureValue asn1.BitString
146 }
147
148 type tbsCertificate struct {
149 Raw asn1.RawContent
150 Version int `asn1:"optional,explicit,default:0,tag:0"`
151 SerialNumber *big.Int
152 SignatureAlgorithm pkix.AlgorithmIdentifier
153 Issuer asn1.RawValue
154 Validity validity
155 Subject asn1.RawValue
156 PublicKey publicKeyInfo
157 UniqueId asn1.BitString `asn1:"optional,tag:1"`
158 SubjectUniqueId asn1.BitString `asn1:"optional,tag:2"`
159 Extensions []pkix.Extension `asn1:"optional,explicit,tag:3"`
160 }
161
162 type dsaAlgorithmParameters struct {
163 P, Q, G *big.Int
164 }
165
166 type validity struct {
167 NotBefore, NotAfter time.Time
168 }
169
170 type publicKeyInfo struct {
171 Raw asn1.RawContent
172 Algorithm pkix.AlgorithmIdentifier
173 PublicKey asn1.BitString
174 }
175
176
177 type authKeyId struct {
178 Id []byte `asn1:"optional,tag:0"`
179 }
180
181 type SignatureAlgorithm int
182
183 const (
184 UnknownSignatureAlgorithm SignatureAlgorithm = iota
185
186 MD2WithRSA
187 MD5WithRSA
188 SHA1WithRSA
189 SHA256WithRSA
190 SHA384WithRSA
191 SHA512WithRSA
192 DSAWithSHA1
193 DSAWithSHA256
194 ECDSAWithSHA1
195 ECDSAWithSHA256
196 ECDSAWithSHA384
197 ECDSAWithSHA512
198 SHA256WithRSAPSS
199 SHA384WithRSAPSS
200 SHA512WithRSAPSS
201 PureEd25519
202 )
203
204 func (algo SignatureAlgorithm) isRSAPSS() bool {
205 switch algo {
206 case SHA256WithRSAPSS, SHA384WithRSAPSS, SHA512WithRSAPSS:
207 return true
208 default:
209 return false
210 }
211 }
212
213 func (algo SignatureAlgorithm) String() string {
214 for _, details := range signatureAlgorithmDetails {
215 if details.algo == algo {
216 return details.name
217 }
218 }
219 return strconv.Itoa(int(algo))
220 }
221
222 type PublicKeyAlgorithm int
223
224 const (
225 UnknownPublicKeyAlgorithm PublicKeyAlgorithm = iota
226 RSA
227 DSA
228 ECDSA
229 Ed25519
230 )
231
232 var publicKeyAlgoName = [...]string{
233 RSA: "RSA",
234 DSA: "DSA",
235 ECDSA: "ECDSA",
236 Ed25519: "Ed25519",
237 }
238
239 func (algo PublicKeyAlgorithm) String() string {
240 if 0 < algo && int(algo) < len(publicKeyAlgoName) {
241 return publicKeyAlgoName[algo]
242 }
243 return strconv.Itoa(int(algo))
244 }
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301 var (
302 oidSignatureMD2WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 2}
303 oidSignatureMD5WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 4}
304 oidSignatureSHA1WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5}
305 oidSignatureSHA256WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11}
306 oidSignatureSHA384WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 12}
307 oidSignatureSHA512WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 13}
308 oidSignatureRSAPSS = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10}
309 oidSignatureDSAWithSHA1 = asn1.ObjectIdentifier{1, 2, 840, 10040, 4, 3}
310 oidSignatureDSAWithSHA256 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 3, 2}
311 oidSignatureECDSAWithSHA1 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 1}
312 oidSignatureECDSAWithSHA256 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 2}
313 oidSignatureECDSAWithSHA384 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 3}
314 oidSignatureECDSAWithSHA512 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 4}
315 oidSignatureEd25519 = asn1.ObjectIdentifier{1, 3, 101, 112}
316
317 oidSHA256 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 1}
318 oidSHA384 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 2}
319 oidSHA512 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 3}
320
321 oidMGF1 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 8}
322
323
324
325
326 oidISOSignatureSHA1WithRSA = asn1.ObjectIdentifier{1, 3, 14, 3, 2, 29}
327 )
328
329 var signatureAlgorithmDetails = []struct {
330 algo SignatureAlgorithm
331 name string
332 oid asn1.ObjectIdentifier
333 pubKeyAlgo PublicKeyAlgorithm
334 hash crypto.Hash
335 }{
336 {MD2WithRSA, "MD2-RSA", oidSignatureMD2WithRSA, RSA, crypto.Hash(0) },
337 {MD5WithRSA, "MD5-RSA", oidSignatureMD5WithRSA, RSA, crypto.MD5},
338 {SHA1WithRSA, "SHA1-RSA", oidSignatureSHA1WithRSA, RSA, crypto.SHA1},
339 {SHA1WithRSA, "SHA1-RSA", oidISOSignatureSHA1WithRSA, RSA, crypto.SHA1},
340 {SHA256WithRSA, "SHA256-RSA", oidSignatureSHA256WithRSA, RSA, crypto.SHA256},
341 {SHA384WithRSA, "SHA384-RSA", oidSignatureSHA384WithRSA, RSA, crypto.SHA384},
342 {SHA512WithRSA, "SHA512-RSA", oidSignatureSHA512WithRSA, RSA, crypto.SHA512},
343 {SHA256WithRSAPSS, "SHA256-RSAPSS", oidSignatureRSAPSS, RSA, crypto.SHA256},
344 {SHA384WithRSAPSS, "SHA384-RSAPSS", oidSignatureRSAPSS, RSA, crypto.SHA384},
345 {SHA512WithRSAPSS, "SHA512-RSAPSS", oidSignatureRSAPSS, RSA, crypto.SHA512},
346 {DSAWithSHA1, "DSA-SHA1", oidSignatureDSAWithSHA1, DSA, crypto.SHA1},
347 {DSAWithSHA256, "DSA-SHA256", oidSignatureDSAWithSHA256, DSA, crypto.SHA256},
348 {ECDSAWithSHA1, "ECDSA-SHA1", oidSignatureECDSAWithSHA1, ECDSA, crypto.SHA1},
349 {ECDSAWithSHA256, "ECDSA-SHA256", oidSignatureECDSAWithSHA256, ECDSA, crypto.SHA256},
350 {ECDSAWithSHA384, "ECDSA-SHA384", oidSignatureECDSAWithSHA384, ECDSA, crypto.SHA384},
351 {ECDSAWithSHA512, "ECDSA-SHA512", oidSignatureECDSAWithSHA512, ECDSA, crypto.SHA512},
352 {PureEd25519, "Ed25519", oidSignatureEd25519, Ed25519, crypto.Hash(0) },
353 }
354
355
356
357
358
359
360
361
362 var hashToPSSParameters = map[crypto.Hash]asn1.RawValue{
363 crypto.SHA256: asn1.RawValue{FullBytes: []byte{48, 52, 160, 15, 48, 13, 6, 9, 96, 134, 72, 1, 101, 3, 4, 2, 1, 5, 0, 161, 28, 48, 26, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 8, 48, 13, 6, 9, 96, 134, 72, 1, 101, 3, 4, 2, 1, 5, 0, 162, 3, 2, 1, 32}},
364 crypto.SHA384: asn1.RawValue{FullBytes: []byte{48, 52, 160, 15, 48, 13, 6, 9, 96, 134, 72, 1, 101, 3, 4, 2, 2, 5, 0, 161, 28, 48, 26, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 8, 48, 13, 6, 9, 96, 134, 72, 1, 101, 3, 4, 2, 2, 5, 0, 162, 3, 2, 1, 48}},
365 crypto.SHA512: asn1.RawValue{FullBytes: []byte{48, 52, 160, 15, 48, 13, 6, 9, 96, 134, 72, 1, 101, 3, 4, 2, 3, 5, 0, 161, 28, 48, 26, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 8, 48, 13, 6, 9, 96, 134, 72, 1, 101, 3, 4, 2, 3, 5, 0, 162, 3, 2, 1, 64}},
366 }
367
368
369
370 type pssParameters struct {
371
372
373
374 Hash pkix.AlgorithmIdentifier `asn1:"explicit,tag:0"`
375 MGF pkix.AlgorithmIdentifier `asn1:"explicit,tag:1"`
376 SaltLength int `asn1:"explicit,tag:2"`
377 TrailerField int `asn1:"optional,explicit,tag:3,default:1"`
378 }
379
380 func getSignatureAlgorithmFromAI(ai pkix.AlgorithmIdentifier) SignatureAlgorithm {
381 if ai.Algorithm.Equal(oidSignatureEd25519) {
382
383
384 if len(ai.Parameters.FullBytes) != 0 {
385 return UnknownSignatureAlgorithm
386 }
387 }
388
389 if !ai.Algorithm.Equal(oidSignatureRSAPSS) {
390 for _, details := range signatureAlgorithmDetails {
391 if ai.Algorithm.Equal(details.oid) {
392 return details.algo
393 }
394 }
395 return UnknownSignatureAlgorithm
396 }
397
398
399
400
401 var params pssParameters
402 if _, err := asn1.Unmarshal(ai.Parameters.FullBytes, ¶ms); err != nil {
403 return UnknownSignatureAlgorithm
404 }
405
406 var mgf1HashFunc pkix.AlgorithmIdentifier
407 if _, err := asn1.Unmarshal(params.MGF.Parameters.FullBytes, &mgf1HashFunc); err != nil {
408 return UnknownSignatureAlgorithm
409 }
410
411
412
413
414
415
416 if (len(params.Hash.Parameters.FullBytes) != 0 && !bytes.Equal(params.Hash.Parameters.FullBytes, asn1.NullBytes)) ||
417 !params.MGF.Algorithm.Equal(oidMGF1) ||
418 !mgf1HashFunc.Algorithm.Equal(params.Hash.Algorithm) ||
419 (len(mgf1HashFunc.Parameters.FullBytes) != 0 && !bytes.Equal(mgf1HashFunc.Parameters.FullBytes, asn1.NullBytes)) ||
420 params.TrailerField != 1 {
421 return UnknownSignatureAlgorithm
422 }
423
424 switch {
425 case params.Hash.Algorithm.Equal(oidSHA256) && params.SaltLength == 32:
426 return SHA256WithRSAPSS
427 case params.Hash.Algorithm.Equal(oidSHA384) && params.SaltLength == 48:
428 return SHA384WithRSAPSS
429 case params.Hash.Algorithm.Equal(oidSHA512) && params.SaltLength == 64:
430 return SHA512WithRSAPSS
431 }
432
433 return UnknownSignatureAlgorithm
434 }
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450 var (
451 oidPublicKeyRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1}
452 oidPublicKeyDSA = asn1.ObjectIdentifier{1, 2, 840, 10040, 4, 1}
453 oidPublicKeyECDSA = asn1.ObjectIdentifier{1, 2, 840, 10045, 2, 1}
454 oidPublicKeyEd25519 = oidSignatureEd25519
455 )
456
457 func getPublicKeyAlgorithmFromOID(oid asn1.ObjectIdentifier) PublicKeyAlgorithm {
458 switch {
459 case oid.Equal(oidPublicKeyRSA):
460 return RSA
461 case oid.Equal(oidPublicKeyDSA):
462 return DSA
463 case oid.Equal(oidPublicKeyECDSA):
464 return ECDSA
465 case oid.Equal(oidPublicKeyEd25519):
466 return Ed25519
467 }
468 return UnknownPublicKeyAlgorithm
469 }
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487 var (
488 oidNamedCurveP224 = asn1.ObjectIdentifier{1, 3, 132, 0, 33}
489 oidNamedCurveP256 = asn1.ObjectIdentifier{1, 2, 840, 10045, 3, 1, 7}
490 oidNamedCurveP384 = asn1.ObjectIdentifier{1, 3, 132, 0, 34}
491 oidNamedCurveP521 = asn1.ObjectIdentifier{1, 3, 132, 0, 35}
492 )
493
494 func namedCurveFromOID(oid asn1.ObjectIdentifier) elliptic.Curve {
495 switch {
496 case oid.Equal(oidNamedCurveP224):
497 return elliptic.P224()
498 case oid.Equal(oidNamedCurveP256):
499 return elliptic.P256()
500 case oid.Equal(oidNamedCurveP384):
501 return elliptic.P384()
502 case oid.Equal(oidNamedCurveP521):
503 return elliptic.P521()
504 }
505 return nil
506 }
507
508 func oidFromNamedCurve(curve elliptic.Curve) (asn1.ObjectIdentifier, bool) {
509 switch curve {
510 case elliptic.P224():
511 return oidNamedCurveP224, true
512 case elliptic.P256():
513 return oidNamedCurveP256, true
514 case elliptic.P384():
515 return oidNamedCurveP384, true
516 case elliptic.P521():
517 return oidNamedCurveP521, true
518 }
519
520 return nil, false
521 }
522
523
524
525 type KeyUsage int
526
527 const (
528 KeyUsageDigitalSignature KeyUsage = 1 << iota
529 KeyUsageContentCommitment
530 KeyUsageKeyEncipherment
531 KeyUsageDataEncipherment
532 KeyUsageKeyAgreement
533 KeyUsageCertSign
534 KeyUsageCRLSign
535 KeyUsageEncipherOnly
536 KeyUsageDecipherOnly
537 )
538
539
540
541
542
543
544
545
546
547
548
549
550
551 var (
552 oidExtKeyUsageAny = asn1.ObjectIdentifier{2, 5, 29, 37, 0}
553 oidExtKeyUsageServerAuth = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 1}
554 oidExtKeyUsageClientAuth = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 2}
555 oidExtKeyUsageCodeSigning = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 3}
556 oidExtKeyUsageEmailProtection = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 4}
557 oidExtKeyUsageIPSECEndSystem = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 5}
558 oidExtKeyUsageIPSECTunnel = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 6}
559 oidExtKeyUsageIPSECUser = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 7}
560 oidExtKeyUsageTimeStamping = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 8}
561 oidExtKeyUsageOCSPSigning = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 9}
562 oidExtKeyUsageMicrosoftServerGatedCrypto = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 10, 3, 3}
563 oidExtKeyUsageNetscapeServerGatedCrypto = asn1.ObjectIdentifier{2, 16, 840, 1, 113730, 4, 1}
564 oidExtKeyUsageMicrosoftCommercialCodeSigning = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 2, 1, 22}
565 oidExtKeyUsageMicrosoftKernelCodeSigning = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 61, 1, 1}
566 )
567
568
569
570 type ExtKeyUsage int
571
572 const (
573 ExtKeyUsageAny ExtKeyUsage = iota
574 ExtKeyUsageServerAuth
575 ExtKeyUsageClientAuth
576 ExtKeyUsageCodeSigning
577 ExtKeyUsageEmailProtection
578 ExtKeyUsageIPSECEndSystem
579 ExtKeyUsageIPSECTunnel
580 ExtKeyUsageIPSECUser
581 ExtKeyUsageTimeStamping
582 ExtKeyUsageOCSPSigning
583 ExtKeyUsageMicrosoftServerGatedCrypto
584 ExtKeyUsageNetscapeServerGatedCrypto
585 ExtKeyUsageMicrosoftCommercialCodeSigning
586 ExtKeyUsageMicrosoftKernelCodeSigning
587 )
588
589
590 var extKeyUsageOIDs = []struct {
591 extKeyUsage ExtKeyUsage
592 oid asn1.ObjectIdentifier
593 }{
594 {ExtKeyUsageAny, oidExtKeyUsageAny},
595 {ExtKeyUsageServerAuth, oidExtKeyUsageServerAuth},
596 {ExtKeyUsageClientAuth, oidExtKeyUsageClientAuth},
597 {ExtKeyUsageCodeSigning, oidExtKeyUsageCodeSigning},
598 {ExtKeyUsageEmailProtection, oidExtKeyUsageEmailProtection},
599 {ExtKeyUsageIPSECEndSystem, oidExtKeyUsageIPSECEndSystem},
600 {ExtKeyUsageIPSECTunnel, oidExtKeyUsageIPSECTunnel},
601 {ExtKeyUsageIPSECUser, oidExtKeyUsageIPSECUser},
602 {ExtKeyUsageTimeStamping, oidExtKeyUsageTimeStamping},
603 {ExtKeyUsageOCSPSigning, oidExtKeyUsageOCSPSigning},
604 {ExtKeyUsageMicrosoftServerGatedCrypto, oidExtKeyUsageMicrosoftServerGatedCrypto},
605 {ExtKeyUsageNetscapeServerGatedCrypto, oidExtKeyUsageNetscapeServerGatedCrypto},
606 {ExtKeyUsageMicrosoftCommercialCodeSigning, oidExtKeyUsageMicrosoftCommercialCodeSigning},
607 {ExtKeyUsageMicrosoftKernelCodeSigning, oidExtKeyUsageMicrosoftKernelCodeSigning},
608 }
609
610 func extKeyUsageFromOID(oid asn1.ObjectIdentifier) (eku ExtKeyUsage, ok bool) {
611 for _, pair := range extKeyUsageOIDs {
612 if oid.Equal(pair.oid) {
613 return pair.extKeyUsage, true
614 }
615 }
616 return
617 }
618
619 func oidFromExtKeyUsage(eku ExtKeyUsage) (oid asn1.ObjectIdentifier, ok bool) {
620 for _, pair := range extKeyUsageOIDs {
621 if eku == pair.extKeyUsage {
622 return pair.oid, true
623 }
624 }
625 return
626 }
627
628
629 type Certificate struct {
630 Raw []byte
631 RawTBSCertificate []byte
632 RawSubjectPublicKeyInfo []byte
633 RawSubject []byte
634 RawIssuer []byte
635
636 Signature []byte
637 SignatureAlgorithm SignatureAlgorithm
638
639 PublicKeyAlgorithm PublicKeyAlgorithm
640 PublicKey interface{}
641
642 Version int
643 SerialNumber *big.Int
644 Issuer pkix.Name
645 Subject pkix.Name
646 NotBefore, NotAfter time.Time
647 KeyUsage KeyUsage
648
649
650
651
652
653 Extensions []pkix.Extension
654
655
656
657
658
659 ExtraExtensions []pkix.Extension
660
661
662
663
664
665
666
667
668
669 UnhandledCriticalExtensions []asn1.ObjectIdentifier
670
671 ExtKeyUsage []ExtKeyUsage
672 UnknownExtKeyUsage []asn1.ObjectIdentifier
673
674
675
676 BasicConstraintsValid bool
677 IsCA bool
678
679
680
681
682
683
684
685
686
687
688
689
690
691 MaxPathLen int
692
693
694
695
696 MaxPathLenZero bool
697
698 SubjectKeyId []byte
699 AuthorityKeyId []byte
700
701
702 OCSPServer []string
703 IssuingCertificateURL []string
704
705
706
707
708 DNSNames []string
709 EmailAddresses []string
710 IPAddresses []net.IP
711 URIs []*url.URL
712
713
714 PermittedDNSDomainsCritical bool
715 PermittedDNSDomains []string
716 ExcludedDNSDomains []string
717 PermittedIPRanges []*net.IPNet
718 ExcludedIPRanges []*net.IPNet
719 PermittedEmailAddresses []string
720 ExcludedEmailAddresses []string
721 PermittedURIDomains []string
722 ExcludedURIDomains []string
723
724
725 CRLDistributionPoints []string
726
727 PolicyIdentifiers []asn1.ObjectIdentifier
728 }
729
730
731
732 var ErrUnsupportedAlgorithm = errors.New("x509: cannot verify signature: algorithm unimplemented")
733
734
735 type InsecureAlgorithmError SignatureAlgorithm
736
737 func (e InsecureAlgorithmError) Error() string {
738 return fmt.Sprintf("x509: cannot verify signature: insecure algorithm %v", SignatureAlgorithm(e))
739 }
740
741
742
743
744 type ConstraintViolationError struct{}
745
746 func (ConstraintViolationError) Error() string {
747 return "x509: invalid signature: parent certificate cannot sign this kind of certificate"
748 }
749
750 func (c *Certificate) Equal(other *Certificate) bool {
751 if c == nil || other == nil {
752 return c == other
753 }
754 return bytes.Equal(c.Raw, other.Raw)
755 }
756
757 func (c *Certificate) hasSANExtension() bool {
758 return oidInExtensions(oidExtensionSubjectAltName, c.Extensions)
759 }
760
761
762
763 func (c *Certificate) CheckSignatureFrom(parent *Certificate) error {
764
765
766
767
768
769 if parent.Version == 3 && !parent.BasicConstraintsValid ||
770 parent.BasicConstraintsValid && !parent.IsCA {
771 return ConstraintViolationError{}
772 }
773
774 if parent.KeyUsage != 0 && parent.KeyUsage&KeyUsageCertSign == 0 {
775 return ConstraintViolationError{}
776 }
777
778 if parent.PublicKeyAlgorithm == UnknownPublicKeyAlgorithm {
779 return ErrUnsupportedAlgorithm
780 }
781
782
783
784 return parent.CheckSignature(c.SignatureAlgorithm, c.RawTBSCertificate, c.Signature)
785 }
786
787
788
789 func (c *Certificate) CheckSignature(algo SignatureAlgorithm, signed, signature []byte) error {
790 return checkSignature(algo, signed, signature, c.PublicKey)
791 }
792
793 func (c *Certificate) hasNameConstraints() bool {
794 return oidInExtensions(oidExtensionNameConstraints, c.Extensions)
795 }
796
797 func (c *Certificate) getSANExtension() []byte {
798 for _, e := range c.Extensions {
799 if e.Id.Equal(oidExtensionSubjectAltName) {
800 return e.Value
801 }
802 }
803 return nil
804 }
805
806 func signaturePublicKeyAlgoMismatchError(expectedPubKeyAlgo PublicKeyAlgorithm, pubKey interface{}) error {
807 return fmt.Errorf("x509: signature algorithm specifies an %s public key, but have public key of type %T", expectedPubKeyAlgo.String(), pubKey)
808 }
809
810
811
812 func checkSignature(algo SignatureAlgorithm, signed, signature []byte, publicKey crypto.PublicKey) (err error) {
813 var hashType crypto.Hash
814 var pubKeyAlgo PublicKeyAlgorithm
815
816 for _, details := range signatureAlgorithmDetails {
817 if details.algo == algo {
818 hashType = details.hash
819 pubKeyAlgo = details.pubKeyAlgo
820 }
821 }
822
823 switch hashType {
824 case crypto.Hash(0):
825 if pubKeyAlgo != Ed25519 {
826 return ErrUnsupportedAlgorithm
827 }
828 case crypto.MD5:
829 return InsecureAlgorithmError(algo)
830 default:
831 if !hashType.Available() {
832 return ErrUnsupportedAlgorithm
833 }
834 h := hashType.New()
835 h.Write(signed)
836 signed = h.Sum(nil)
837 }
838
839 switch pub := publicKey.(type) {
840 case *rsa.PublicKey:
841 if pubKeyAlgo != RSA {
842 return signaturePublicKeyAlgoMismatchError(pubKeyAlgo, pub)
843 }
844 if algo.isRSAPSS() {
845 return rsa.VerifyPSS(pub, hashType, signed, signature, &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash})
846 } else {
847 return rsa.VerifyPKCS1v15(pub, hashType, signed, signature)
848 }
849 case *ecdsa.PublicKey:
850 if pubKeyAlgo != ECDSA {
851 return signaturePublicKeyAlgoMismatchError(pubKeyAlgo, pub)
852 }
853 if !ecdsa.VerifyASN1(pub, signed, signature) {
854 return errors.New("x509: ECDSA verification failure")
855 }
856 return
857 case ed25519.PublicKey:
858 if pubKeyAlgo != Ed25519 {
859 return signaturePublicKeyAlgoMismatchError(pubKeyAlgo, pub)
860 }
861 if !ed25519.Verify(pub, signed, signature) {
862 return errors.New("x509: Ed25519 verification failure")
863 }
864 return
865 }
866 return ErrUnsupportedAlgorithm
867 }
868
869
870 func (c *Certificate) CheckCRLSignature(crl *pkix.CertificateList) error {
871 algo := getSignatureAlgorithmFromAI(crl.SignatureAlgorithm)
872 return c.CheckSignature(algo, crl.TBSCertList.Raw, crl.SignatureValue.RightAlign())
873 }
874
875 type UnhandledCriticalExtension struct{}
876
877 func (h UnhandledCriticalExtension) Error() string {
878 return "x509: unhandled critical extension"
879 }
880
881 type basicConstraints struct {
882 IsCA bool `asn1:"optional"`
883 MaxPathLen int `asn1:"optional,default:-1"`
884 }
885
886
887 type policyInformation struct {
888 Policy asn1.ObjectIdentifier
889
890 }
891
892 const (
893 nameTypeEmail = 1
894 nameTypeDNS = 2
895 nameTypeURI = 6
896 nameTypeIP = 7
897 )
898
899
900 type authorityInfoAccess struct {
901 Method asn1.ObjectIdentifier
902 Location asn1.RawValue
903 }
904
905
906 type distributionPoint struct {
907 DistributionPoint distributionPointName `asn1:"optional,tag:0"`
908 Reason asn1.BitString `asn1:"optional,tag:1"`
909 CRLIssuer asn1.RawValue `asn1:"optional,tag:2"`
910 }
911
912 type distributionPointName struct {
913 FullName []asn1.RawValue `asn1:"optional,tag:0"`
914 RelativeName pkix.RDNSequence `asn1:"optional,tag:1"`
915 }
916
917 func parsePublicKey(algo PublicKeyAlgorithm, keyData *publicKeyInfo) (interface{}, error) {
918 asn1Data := keyData.PublicKey.RightAlign()
919 switch algo {
920 case RSA:
921
922
923 if !bytes.Equal(keyData.Algorithm.Parameters.FullBytes, asn1.NullBytes) {
924 return nil, errors.New("x509: RSA key missing NULL parameters")
925 }
926
927 p := new(pkcs1PublicKey)
928 rest, err := asn1.Unmarshal(asn1Data, p)
929 if err != nil {
930 return nil, err
931 }
932 if len(rest) != 0 {
933 return nil, errors.New("x509: trailing data after RSA public key")
934 }
935
936 if p.N.Sign() <= 0 {
937 return nil, errors.New("x509: RSA modulus is not a positive number")
938 }
939 if p.E <= 0 {
940 return nil, errors.New("x509: RSA public exponent is not a positive number")
941 }
942
943 pub := &rsa.PublicKey{
944 E: p.E,
945 N: p.N,
946 }
947 return pub, nil
948 case DSA:
949 var p *big.Int
950 rest, err := asn1.Unmarshal(asn1Data, &p)
951 if err != nil {
952 return nil, err
953 }
954 if len(rest) != 0 {
955 return nil, errors.New("x509: trailing data after DSA public key")
956 }
957 paramsData := keyData.Algorithm.Parameters.FullBytes
958 params := new(dsaAlgorithmParameters)
959 rest, err = asn1.Unmarshal(paramsData, params)
960 if err != nil {
961 return nil, err
962 }
963 if len(rest) != 0 {
964 return nil, errors.New("x509: trailing data after DSA parameters")
965 }
966 if p.Sign() <= 0 || params.P.Sign() <= 0 || params.Q.Sign() <= 0 || params.G.Sign() <= 0 {
967 return nil, errors.New("x509: zero or negative DSA parameter")
968 }
969 pub := &dsa.PublicKey{
970 Parameters: dsa.Parameters{
971 P: params.P,
972 Q: params.Q,
973 G: params.G,
974 },
975 Y: p,
976 }
977 return pub, nil
978 case ECDSA:
979 paramsData := keyData.Algorithm.Parameters.FullBytes
980 namedCurveOID := new(asn1.ObjectIdentifier)
981 rest, err := asn1.Unmarshal(paramsData, namedCurveOID)
982 if err != nil {
983 return nil, errors.New("x509: failed to parse ECDSA parameters as named curve")
984 }
985 if len(rest) != 0 {
986 return nil, errors.New("x509: trailing data after ECDSA parameters")
987 }
988 namedCurve := namedCurveFromOID(*namedCurveOID)
989 if namedCurve == nil {
990 return nil, errors.New("x509: unsupported elliptic curve")
991 }
992 x, y := elliptic.Unmarshal(namedCurve, asn1Data)
993 if x == nil {
994 return nil, errors.New("x509: failed to unmarshal elliptic curve point")
995 }
996 pub := &ecdsa.PublicKey{
997 Curve: namedCurve,
998 X: x,
999 Y: y,
1000 }
1001 return pub, nil
1002 case Ed25519:
1003
1004
1005 if len(keyData.Algorithm.Parameters.FullBytes) != 0 {
1006 return nil, errors.New("x509: Ed25519 key encoded with illegal parameters")
1007 }
1008 if len(asn1Data) != ed25519.PublicKeySize {
1009 return nil, errors.New("x509: wrong Ed25519 public key size")
1010 }
1011 pub := make([]byte, ed25519.PublicKeySize)
1012 copy(pub, asn1Data)
1013 return ed25519.PublicKey(pub), nil
1014 default:
1015 return nil, nil
1016 }
1017 }
1018
1019 func forEachSAN(extension []byte, callback func(tag int, data []byte) error) error {
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036 var seq asn1.RawValue
1037 rest, err := asn1.Unmarshal(extension, &seq)
1038 if err != nil {
1039 return err
1040 } else if len(rest) != 0 {
1041 return errors.New("x509: trailing data after X.509 extension")
1042 }
1043 if !seq.IsCompound || seq.Tag != 16 || seq.Class != 0 {
1044 return asn1.StructuralError{Msg: "bad SAN sequence"}
1045 }
1046
1047 rest = seq.Bytes
1048 for len(rest) > 0 {
1049 var v asn1.RawValue
1050 rest, err = asn1.Unmarshal(rest, &v)
1051 if err != nil {
1052 return err
1053 }
1054
1055 if err := callback(v.Tag, v.Bytes); err != nil {
1056 return err
1057 }
1058 }
1059
1060 return nil
1061 }
1062
1063 func parseSANExtension(value []byte) (dnsNames, emailAddresses []string, ipAddresses []net.IP, uris []*url.URL, err error) {
1064 err = forEachSAN(value, func(tag int, data []byte) error {
1065 switch tag {
1066 case nameTypeEmail:
1067 email := string(data)
1068 if err := isIA5String(email); err != nil {
1069 return errors.New("x509: SAN rfc822Name is malformed")
1070 }
1071 emailAddresses = append(emailAddresses, email)
1072 case nameTypeDNS:
1073 name := string(data)
1074 if err := isIA5String(name); err != nil {
1075 return errors.New("x509: SAN dNSName is malformed")
1076 }
1077 dnsNames = append(dnsNames, string(name))
1078 case nameTypeURI:
1079 uriStr := string(data)
1080 if err := isIA5String(uriStr); err != nil {
1081 return errors.New("x509: SAN uniformResourceIdentifier is malformed")
1082 }
1083 uri, err := url.Parse(uriStr)
1084 if err != nil {
1085 return fmt.Errorf("x509: cannot parse URI %q: %s", uriStr, err)
1086 }
1087 if len(uri.Host) > 0 {
1088 if _, ok := domainToReverseLabels(uri.Host); !ok {
1089 return fmt.Errorf("x509: cannot parse URI %q: invalid domain", uriStr)
1090 }
1091 }
1092 uris = append(uris, uri)
1093 case nameTypeIP:
1094 switch len(data) {
1095 case net.IPv4len, net.IPv6len:
1096 ipAddresses = append(ipAddresses, data)
1097 default:
1098 return errors.New("x509: cannot parse IP address of length " + strconv.Itoa(len(data)))
1099 }
1100 }
1101
1102 return nil
1103 })
1104
1105 return
1106 }
1107
1108
1109 func isValidIPMask(mask []byte) bool {
1110 seenZero := false
1111
1112 for _, b := range mask {
1113 if seenZero {
1114 if b != 0 {
1115 return false
1116 }
1117
1118 continue
1119 }
1120
1121 switch b {
1122 case 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe:
1123 seenZero = true
1124 case 0xff:
1125 default:
1126 return false
1127 }
1128 }
1129
1130 return true
1131 }
1132
1133 func parseNameConstraintsExtension(out *Certificate, e pkix.Extension) (unhandled bool, err error) {
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149 outer := cryptobyte.String(e.Value)
1150 var toplevel, permitted, excluded cryptobyte.String
1151 var havePermitted, haveExcluded bool
1152 if !outer.ReadASN1(&toplevel, cryptobyte_asn1.SEQUENCE) ||
1153 !outer.Empty() ||
1154 !toplevel.ReadOptionalASN1(&permitted, &havePermitted, cryptobyte_asn1.Tag(0).ContextSpecific().Constructed()) ||
1155 !toplevel.ReadOptionalASN1(&excluded, &haveExcluded, cryptobyte_asn1.Tag(1).ContextSpecific().Constructed()) ||
1156 !toplevel.Empty() {
1157 return false, errors.New("x509: invalid NameConstraints extension")
1158 }
1159
1160 if !havePermitted && !haveExcluded || len(permitted) == 0 && len(excluded) == 0 {
1161
1162
1163
1164
1165 return false, errors.New("x509: empty name constraints extension")
1166 }
1167
1168 getValues := func(subtrees cryptobyte.String) (dnsNames []string, ips []*net.IPNet, emails, uriDomains []string, err error) {
1169 for !subtrees.Empty() {
1170 var seq, value cryptobyte.String
1171 var tag cryptobyte_asn1.Tag
1172 if !subtrees.ReadASN1(&seq, cryptobyte_asn1.SEQUENCE) ||
1173 !seq.ReadAnyASN1(&value, &tag) {
1174 return nil, nil, nil, nil, fmt.Errorf("x509: invalid NameConstraints extension")
1175 }
1176
1177 var (
1178 dnsTag = cryptobyte_asn1.Tag(2).ContextSpecific()
1179 emailTag = cryptobyte_asn1.Tag(1).ContextSpecific()
1180 ipTag = cryptobyte_asn1.Tag(7).ContextSpecific()
1181 uriTag = cryptobyte_asn1.Tag(6).ContextSpecific()
1182 )
1183
1184 switch tag {
1185 case dnsTag:
1186 domain := string(value)
1187 if err := isIA5String(domain); err != nil {
1188 return nil, nil, nil, nil, errors.New("x509: invalid constraint value: " + err.Error())
1189 }
1190
1191 trimmedDomain := domain
1192 if len(trimmedDomain) > 0 && trimmedDomain[0] == '.' {
1193
1194
1195
1196
1197 trimmedDomain = trimmedDomain[1:]
1198 }
1199 if _, ok := domainToReverseLabels(trimmedDomain); !ok {
1200 return nil, nil, nil, nil, fmt.Errorf("x509: failed to parse dnsName constraint %q", domain)
1201 }
1202 dnsNames = append(dnsNames, domain)
1203
1204 case ipTag:
1205 l := len(value)
1206 var ip, mask []byte
1207
1208 switch l {
1209 case 8:
1210 ip = value[:4]
1211 mask = value[4:]
1212
1213 case 32:
1214 ip = value[:16]
1215 mask = value[16:]
1216
1217 default:
1218 return nil, nil, nil, nil, fmt.Errorf("x509: IP constraint contained value of length %d", l)
1219 }
1220
1221 if !isValidIPMask(mask) {
1222 return nil, nil, nil, nil, fmt.Errorf("x509: IP constraint contained invalid mask %x", mask)
1223 }
1224
1225 ips = append(ips, &net.IPNet{IP: net.IP(ip), Mask: net.IPMask(mask)})
1226
1227 case emailTag:
1228 constraint := string(value)
1229 if err := isIA5String(constraint); err != nil {
1230 return nil, nil, nil, nil, errors.New("x509: invalid constraint value: " + err.Error())
1231 }
1232
1233
1234
1235 if strings.Contains(constraint, "@") {
1236 if _, ok := parseRFC2821Mailbox(constraint); !ok {
1237 return nil, nil, nil, nil, fmt.Errorf("x509: failed to parse rfc822Name constraint %q", constraint)
1238 }
1239 } else {
1240
1241 domain := constraint
1242 if len(domain) > 0 && domain[0] == '.' {
1243 domain = domain[1:]
1244 }
1245 if _, ok := domainToReverseLabels(domain); !ok {
1246 return nil, nil, nil, nil, fmt.Errorf("x509: failed to parse rfc822Name constraint %q", constraint)
1247 }
1248 }
1249 emails = append(emails, constraint)
1250
1251 case uriTag:
1252 domain := string(value)
1253 if err := isIA5String(domain); err != nil {
1254 return nil, nil, nil, nil, errors.New("x509: invalid constraint value: " + err.Error())
1255 }
1256
1257 if net.ParseIP(domain) != nil {
1258 return nil, nil, nil, nil, fmt.Errorf("x509: failed to parse URI constraint %q: cannot be IP address", domain)
1259 }
1260
1261 trimmedDomain := domain
1262 if len(trimmedDomain) > 0 && trimmedDomain[0] == '.' {
1263
1264
1265
1266
1267 trimmedDomain = trimmedDomain[1:]
1268 }
1269 if _, ok := domainToReverseLabels(trimmedDomain); !ok {
1270 return nil, nil, nil, nil, fmt.Errorf("x509: failed to parse URI constraint %q", domain)
1271 }
1272 uriDomains = append(uriDomains, domain)
1273
1274 default:
1275 unhandled = true
1276 }
1277 }
1278
1279 return dnsNames, ips, emails, uriDomains, nil
1280 }
1281
1282 if out.PermittedDNSDomains, out.PermittedIPRanges, out.PermittedEmailAddresses, out.PermittedURIDomains, err = getValues(permitted); err != nil {
1283 return false, err
1284 }
1285 if out.ExcludedDNSDomains, out.ExcludedIPRanges, out.ExcludedEmailAddresses, out.ExcludedURIDomains, err = getValues(excluded); err != nil {
1286 return false, err
1287 }
1288 out.PermittedDNSDomainsCritical = e.Critical
1289
1290 return unhandled, nil
1291 }
1292
1293 func parseCertificate(in *certificate) (*Certificate, error) {
1294 out := new(Certificate)
1295 out.Raw = in.Raw
1296 out.RawTBSCertificate = in.TBSCertificate.Raw
1297 out.RawSubjectPublicKeyInfo = in.TBSCertificate.PublicKey.Raw
1298 out.RawSubject = in.TBSCertificate.Subject.FullBytes
1299 out.RawIssuer = in.TBSCertificate.Issuer.FullBytes
1300
1301 out.Signature = in.SignatureValue.RightAlign()
1302 out.SignatureAlgorithm =
1303 getSignatureAlgorithmFromAI(in.TBSCertificate.SignatureAlgorithm)
1304
1305 out.PublicKeyAlgorithm =
1306 getPublicKeyAlgorithmFromOID(in.TBSCertificate.PublicKey.Algorithm.Algorithm)
1307 var err error
1308 out.PublicKey, err = parsePublicKey(out.PublicKeyAlgorithm, &in.TBSCertificate.PublicKey)
1309 if err != nil {
1310 return nil, err
1311 }
1312
1313 out.Version = in.TBSCertificate.Version + 1
1314 out.SerialNumber = in.TBSCertificate.SerialNumber
1315
1316 var issuer, subject pkix.RDNSequence
1317 if rest, err := asn1.Unmarshal(in.TBSCertificate.Subject.FullBytes, &subject); err != nil {
1318 return nil, err
1319 } else if len(rest) != 0 {
1320 return nil, errors.New("x509: trailing data after X.509 subject")
1321 }
1322 if rest, err := asn1.Unmarshal(in.TBSCertificate.Issuer.FullBytes, &issuer); err != nil {
1323 return nil, err
1324 } else if len(rest) != 0 {
1325 return nil, errors.New("x509: trailing data after X.509 issuer")
1326 }
1327
1328 out.Issuer.FillFromRDNSequence(&issuer)
1329 out.Subject.FillFromRDNSequence(&subject)
1330
1331 out.NotBefore = in.TBSCertificate.Validity.NotBefore
1332 out.NotAfter = in.TBSCertificate.Validity.NotAfter
1333
1334 for _, e := range in.TBSCertificate.Extensions {
1335 out.Extensions = append(out.Extensions, e)
1336 unhandled := false
1337
1338 if len(e.Id) == 4 && e.Id[0] == 2 && e.Id[1] == 5 && e.Id[2] == 29 {
1339 switch e.Id[3] {
1340 case 15:
1341 out.KeyUsage, err = parseKeyUsageExtension(e.Value)
1342 if err != nil {
1343 return nil, err
1344 }
1345 case 19:
1346 out.IsCA, out.MaxPathLen, err = parseBasicConstraintsExtension(e.Value)
1347 if err != nil {
1348 return nil, err
1349 }
1350 out.BasicConstraintsValid = true
1351 out.MaxPathLenZero = out.MaxPathLen == 0
1352 case 17:
1353 out.DNSNames, out.EmailAddresses, out.IPAddresses, out.URIs, err = parseSANExtension(e.Value)
1354 if err != nil {
1355 return nil, err
1356 }
1357
1358 if len(out.DNSNames) == 0 && len(out.EmailAddresses) == 0 && len(out.IPAddresses) == 0 && len(out.URIs) == 0 {
1359
1360 unhandled = true
1361 }
1362
1363 case 30:
1364 unhandled, err = parseNameConstraintsExtension(out, e)
1365 if err != nil {
1366 return nil, err
1367 }
1368
1369 case 31:
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383 var cdp []distributionPoint
1384 if rest, err := asn1.Unmarshal(e.Value, &cdp); err != nil {
1385 return nil, err
1386 } else if len(rest) != 0 {
1387 return nil, errors.New("x509: trailing data after X.509 CRL distribution point")
1388 }
1389
1390 for _, dp := range cdp {
1391
1392 if len(dp.DistributionPoint.FullName) == 0 {
1393 continue
1394 }
1395
1396 for _, fullName := range dp.DistributionPoint.FullName {
1397 if fullName.Tag == 6 {
1398 out.CRLDistributionPoints = append(out.CRLDistributionPoints, string(fullName.Bytes))
1399 }
1400 }
1401 }
1402
1403 case 35:
1404
1405 var a authKeyId
1406 if rest, err := asn1.Unmarshal(e.Value, &a); err != nil {
1407 return nil, err
1408 } else if len(rest) != 0 {
1409 return nil, errors.New("x509: trailing data after X.509 authority key-id")
1410 }
1411 out.AuthorityKeyId = a.Id
1412
1413 case 37:
1414 out.ExtKeyUsage, out.UnknownExtKeyUsage, err = parseExtKeyUsageExtension(e.Value)
1415 if err != nil {
1416 return nil, err
1417 }
1418 case 14:
1419 out.SubjectKeyId, err = parseSubjectKeyIdExtension(e.Value)
1420 if err != nil {
1421 return nil, err
1422 }
1423 case 32:
1424 out.PolicyIdentifiers, err = parseCertificatePoliciesExtension(e.Value)
1425 if err != nil {
1426 return nil, err
1427 }
1428 default:
1429
1430 unhandled = true
1431 }
1432 } else if e.Id.Equal(oidExtensionAuthorityInfoAccess) {
1433
1434 var aia []authorityInfoAccess
1435 if rest, err := asn1.Unmarshal(e.Value, &aia); err != nil {
1436 return nil, err
1437 } else if len(rest) != 0 {
1438 return nil, errors.New("x509: trailing data after X.509 authority information")
1439 }
1440
1441 for _, v := range aia {
1442
1443 if v.Location.Tag != 6 {
1444 continue
1445 }
1446 if v.Method.Equal(oidAuthorityInfoAccessOcsp) {
1447 out.OCSPServer = append(out.OCSPServer, string(v.Location.Bytes))
1448 } else if v.Method.Equal(oidAuthorityInfoAccessIssuers) {
1449 out.IssuingCertificateURL = append(out.IssuingCertificateURL, string(v.Location.Bytes))
1450 }
1451 }
1452 } else {
1453
1454 unhandled = true
1455 }
1456
1457 if e.Critical && unhandled {
1458 out.UnhandledCriticalExtensions = append(out.UnhandledCriticalExtensions, e.Id)
1459 }
1460 }
1461
1462 return out, nil
1463 }
1464
1465
1466
1467 func parseKeyUsageExtension(ext []byte) (KeyUsage, error) {
1468 var usageBits asn1.BitString
1469 if rest, err := asn1.Unmarshal(ext, &usageBits); err != nil {
1470 return 0, err
1471 } else if len(rest) != 0 {
1472 return 0, errors.New("x509: trailing data after X.509 KeyUsage")
1473 }
1474
1475 var usage int
1476 for i := 0; i < 9; i++ {
1477 if usageBits.At(i) != 0 {
1478 usage |= 1 << uint(i)
1479 }
1480 }
1481 return KeyUsage(usage), nil
1482 }
1483
1484
1485
1486 func parseBasicConstraintsExtension(ext []byte) (isCA bool, maxPathLen int, err error) {
1487 var constraints basicConstraints
1488 if rest, err := asn1.Unmarshal(ext, &constraints); err != nil {
1489 return false, 0, err
1490 } else if len(rest) != 0 {
1491 return false, 0, errors.New("x509: trailing data after X.509 BasicConstraints")
1492 }
1493
1494
1495 return constraints.IsCA, constraints.MaxPathLen, nil
1496 }
1497
1498
1499
1500 func parseExtKeyUsageExtension(ext []byte) ([]ExtKeyUsage, []asn1.ObjectIdentifier, error) {
1501 var keyUsage []asn1.ObjectIdentifier
1502 if rest, err := asn1.Unmarshal(ext, &keyUsage); err != nil {
1503 return nil, nil, err
1504 } else if len(rest) != 0 {
1505 return nil, nil, errors.New("x509: trailing data after X.509 ExtendedKeyUsage")
1506 }
1507
1508 var extKeyUsages []ExtKeyUsage
1509 var unknownUsages []asn1.ObjectIdentifier
1510 for _, u := range keyUsage {
1511 if extKeyUsage, ok := extKeyUsageFromOID(u); ok {
1512 extKeyUsages = append(extKeyUsages, extKeyUsage)
1513 } else {
1514 unknownUsages = append(unknownUsages, u)
1515 }
1516 }
1517 return extKeyUsages, unknownUsages, nil
1518 }
1519
1520
1521
1522 func parseSubjectKeyIdExtension(ext []byte) ([]byte, error) {
1523 var keyid []byte
1524 if rest, err := asn1.Unmarshal(ext, &keyid); err != nil {
1525 return nil, err
1526 } else if len(rest) != 0 {
1527 return nil, errors.New("x509: trailing data after X.509 key-id")
1528 }
1529 return keyid, nil
1530 }
1531
1532 func parseCertificatePoliciesExtension(ext []byte) ([]asn1.ObjectIdentifier, error) {
1533 var policies []policyInformation
1534 if rest, err := asn1.Unmarshal(ext, &policies); err != nil {
1535 return nil, err
1536 } else if len(rest) != 0 {
1537 return nil, errors.New("x509: trailing data after X.509 certificate policies")
1538 }
1539 oids := make([]asn1.ObjectIdentifier, len(policies))
1540 for i, policy := range policies {
1541 oids[i] = policy.Policy
1542 }
1543 return oids, nil
1544 }
1545
1546
1547 func ParseCertificate(asn1Data []byte) (*Certificate, error) {
1548 var cert certificate
1549 rest, err := asn1.Unmarshal(asn1Data, &cert)
1550 if err != nil {
1551 return nil, err
1552 }
1553 if len(rest) > 0 {
1554 return nil, asn1.SyntaxError{Msg: "trailing data"}
1555 }
1556
1557 return parseCertificate(&cert)
1558 }
1559
1560
1561
1562 func ParseCertificates(asn1Data []byte) ([]*Certificate, error) {
1563 var v []*certificate
1564
1565 for len(asn1Data) > 0 {
1566 cert := new(certificate)
1567 var err error
1568 asn1Data, err = asn1.Unmarshal(asn1Data, cert)
1569 if err != nil {
1570 return nil, err
1571 }
1572 v = append(v, cert)
1573 }
1574
1575 ret := make([]*Certificate, len(v))
1576 for i, ci := range v {
1577 cert, err := parseCertificate(ci)
1578 if err != nil {
1579 return nil, err
1580 }
1581 ret[i] = cert
1582 }
1583
1584 return ret, nil
1585 }
1586
1587 func reverseBitsInAByte(in byte) byte {
1588 b1 := in>>4 | in<<4
1589 b2 := b1>>2&0x33 | b1<<2&0xcc
1590 b3 := b2>>1&0x55 | b2<<1&0xaa
1591 return b3
1592 }
1593
1594
1595
1596
1597 func asn1BitLength(bitString []byte) int {
1598 bitLen := len(bitString) * 8
1599
1600 for i := range bitString {
1601 b := bitString[len(bitString)-i-1]
1602
1603 for bit := uint(0); bit < 8; bit++ {
1604 if (b>>bit)&1 == 1 {
1605 return bitLen
1606 }
1607 bitLen--
1608 }
1609 }
1610
1611 return 0
1612 }
1613
1614 var (
1615 oidExtensionSubjectKeyId = []int{2, 5, 29, 14}
1616 oidExtensionKeyUsage = []int{2, 5, 29, 15}
1617 oidExtensionExtendedKeyUsage = []int{2, 5, 29, 37}
1618 oidExtensionAuthorityKeyId = []int{2, 5, 29, 35}
1619 oidExtensionBasicConstraints = []int{2, 5, 29, 19}
1620 oidExtensionSubjectAltName = []int{2, 5, 29, 17}
1621 oidExtensionCertificatePolicies = []int{2, 5, 29, 32}
1622 oidExtensionNameConstraints = []int{2, 5, 29, 30}
1623 oidExtensionCRLDistributionPoints = []int{2, 5, 29, 31}
1624 oidExtensionAuthorityInfoAccess = []int{1, 3, 6, 1, 5, 5, 7, 1, 1}
1625 oidExtensionCRLNumber = []int{2, 5, 29, 20}
1626 )
1627
1628 var (
1629 oidAuthorityInfoAccessOcsp = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 1}
1630 oidAuthorityInfoAccessIssuers = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 2}
1631 )
1632
1633
1634
1635 func oidInExtensions(oid asn1.ObjectIdentifier, extensions []pkix.Extension) bool {
1636 for _, e := range extensions {
1637 if e.Id.Equal(oid) {
1638 return true
1639 }
1640 }
1641 return false
1642 }
1643
1644
1645
1646 func marshalSANs(dnsNames, emailAddresses []string, ipAddresses []net.IP, uris []*url.URL) (derBytes []byte, err error) {
1647 var rawValues []asn1.RawValue
1648 for _, name := range dnsNames {
1649 if err := isIA5String(name); err != nil {
1650 return nil, err
1651 }
1652 rawValues = append(rawValues, asn1.RawValue{Tag: nameTypeDNS, Class: 2, Bytes: []byte(name)})
1653 }
1654 for _, email := range emailAddresses {
1655 if err := isIA5String(email); err != nil {
1656 return nil, err
1657 }
1658 rawValues = append(rawValues, asn1.RawValue{Tag: nameTypeEmail, Class: 2, Bytes: []byte(email)})
1659 }
1660 for _, rawIP := range ipAddresses {
1661
1662 ip := rawIP.To4()
1663 if ip == nil {
1664 ip = rawIP
1665 }
1666 rawValues = append(rawValues, asn1.RawValue{Tag: nameTypeIP, Class: 2, Bytes: ip})
1667 }
1668 for _, uri := range uris {
1669 uriStr := uri.String()
1670 if err := isIA5String(uriStr); err != nil {
1671 return nil, err
1672 }
1673 rawValues = append(rawValues, asn1.RawValue{Tag: nameTypeURI, Class: 2, Bytes: []byte(uriStr)})
1674 }
1675 return asn1.Marshal(rawValues)
1676 }
1677
1678 func isIA5String(s string) error {
1679 for _, r := range s {
1680
1681 if r > unicode.MaxASCII {
1682 return fmt.Errorf("x509: %q cannot be encoded as an IA5String", s)
1683 }
1684 }
1685
1686 return nil
1687 }
1688
1689 func buildCertExtensions(template *Certificate, subjectIsEmpty bool, authorityKeyId []byte, subjectKeyId []byte) (ret []pkix.Extension, err error) {
1690 ret = make([]pkix.Extension, 10 )
1691 n := 0
1692
1693 if template.KeyUsage != 0 &&
1694 !oidInExtensions(oidExtensionKeyUsage, template.ExtraExtensions) {
1695 ret[n], err = marshalKeyUsage(template.KeyUsage)
1696 if err != nil {
1697 return nil, err
1698 }
1699 n++
1700 }
1701
1702 if (len(template.ExtKeyUsage) > 0 || len(template.UnknownExtKeyUsage) > 0) &&
1703 !oidInExtensions(oidExtensionExtendedKeyUsage, template.ExtraExtensions) {
1704 ret[n], err = marshalExtKeyUsage(template.ExtKeyUsage, template.UnknownExtKeyUsage)
1705 if err != nil {
1706 return nil, err
1707 }
1708 n++
1709 }
1710
1711 if template.BasicConstraintsValid && !oidInExtensions(oidExtensionBasicConstraints, template.ExtraExtensions) {
1712 ret[n], err = marshalBasicConstraints(template.IsCA, template.MaxPathLen, template.MaxPathLenZero)
1713 if err != nil {
1714 return nil, err
1715 }
1716 n++
1717 }
1718
1719 if len(subjectKeyId) > 0 && !oidInExtensions(oidExtensionSubjectKeyId, template.ExtraExtensions) {
1720 ret[n].Id = oidExtensionSubjectKeyId
1721 ret[n].Value, err = asn1.Marshal(subjectKeyId)
1722 if err != nil {
1723 return
1724 }
1725 n++
1726 }
1727
1728 if len(authorityKeyId) > 0 && !oidInExtensions(oidExtensionAuthorityKeyId, template.ExtraExtensions) {
1729 ret[n].Id = oidExtensionAuthorityKeyId
1730 ret[n].Value, err = asn1.Marshal(authKeyId{authorityKeyId})
1731 if err != nil {
1732 return
1733 }
1734 n++
1735 }
1736
1737 if (len(template.OCSPServer) > 0 || len(template.IssuingCertificateURL) > 0) &&
1738 !oidInExtensions(oidExtensionAuthorityInfoAccess, template.ExtraExtensions) {
1739 ret[n].Id = oidExtensionAuthorityInfoAccess
1740 var aiaValues []authorityInfoAccess
1741 for _, name := range template.OCSPServer {
1742 aiaValues = append(aiaValues, authorityInfoAccess{
1743 Method: oidAuthorityInfoAccessOcsp,
1744 Location: asn1.RawValue{Tag: 6, Class: 2, Bytes: []byte(name)},
1745 })
1746 }
1747 for _, name := range template.IssuingCertificateURL {
1748 aiaValues = append(aiaValues, authorityInfoAccess{
1749 Method: oidAuthorityInfoAccessIssuers,
1750 Location: asn1.RawValue{Tag: 6, Class: 2, Bytes: []byte(name)},
1751 })
1752 }
1753 ret[n].Value, err = asn1.Marshal(aiaValues)
1754 if err != nil {
1755 return
1756 }
1757 n++
1758 }
1759
1760 if (len(template.DNSNames) > 0 || len(template.EmailAddresses) > 0 || len(template.IPAddresses) > 0 || len(template.URIs) > 0) &&
1761 !oidInExtensions(oidExtensionSubjectAltName, template.ExtraExtensions) {
1762 ret[n].Id = oidExtensionSubjectAltName
1763
1764
1765
1766 ret[n].Critical = subjectIsEmpty
1767 ret[n].Value, err = marshalSANs(template.DNSNames, template.EmailAddresses, template.IPAddresses, template.URIs)
1768 if err != nil {
1769 return
1770 }
1771 n++
1772 }
1773
1774 if len(template.PolicyIdentifiers) > 0 &&
1775 !oidInExtensions(oidExtensionCertificatePolicies, template.ExtraExtensions) {
1776 ret[n], err = marshalCertificatePolicies(template.PolicyIdentifiers)
1777 if err != nil {
1778 return nil, err
1779 }
1780 n++
1781 }
1782
1783 if (len(template.PermittedDNSDomains) > 0 || len(template.ExcludedDNSDomains) > 0 ||
1784 len(template.PermittedIPRanges) > 0 || len(template.ExcludedIPRanges) > 0 ||
1785 len(template.PermittedEmailAddresses) > 0 || len(template.ExcludedEmailAddresses) > 0 ||
1786 len(template.PermittedURIDomains) > 0 || len(template.ExcludedURIDomains) > 0) &&
1787 !oidInExtensions(oidExtensionNameConstraints, template.ExtraExtensions) {
1788 ret[n].Id = oidExtensionNameConstraints
1789 ret[n].Critical = template.PermittedDNSDomainsCritical
1790
1791 ipAndMask := func(ipNet *net.IPNet) []byte {
1792 maskedIP := ipNet.IP.Mask(ipNet.Mask)
1793 ipAndMask := make([]byte, 0, len(maskedIP)+len(ipNet.Mask))
1794 ipAndMask = append(ipAndMask, maskedIP...)
1795 ipAndMask = append(ipAndMask, ipNet.Mask...)
1796 return ipAndMask
1797 }
1798
1799 serialiseConstraints := func(dns []string, ips []*net.IPNet, emails []string, uriDomains []string) (der []byte, err error) {
1800 var b cryptobyte.Builder
1801
1802 for _, name := range dns {
1803 if err = isIA5String(name); err != nil {
1804 return nil, err
1805 }
1806
1807 b.AddASN1(cryptobyte_asn1.SEQUENCE, func(b *cryptobyte.Builder) {
1808 b.AddASN1(cryptobyte_asn1.Tag(2).ContextSpecific(), func(b *cryptobyte.Builder) {
1809 b.AddBytes([]byte(name))
1810 })
1811 })
1812 }
1813
1814 for _, ipNet := range ips {
1815 b.AddASN1(cryptobyte_asn1.SEQUENCE, func(b *cryptobyte.Builder) {
1816 b.AddASN1(cryptobyte_asn1.Tag(7).ContextSpecific(), func(b *cryptobyte.Builder) {
1817 b.AddBytes(ipAndMask(ipNet))
1818 })
1819 })
1820 }
1821
1822 for _, email := range emails {
1823 if err = isIA5String(email); err != nil {
1824 return nil, err
1825 }
1826
1827 b.AddASN1(cryptobyte_asn1.SEQUENCE, func(b *cryptobyte.Builder) {
1828 b.AddASN1(cryptobyte_asn1.Tag(1).ContextSpecific(), func(b *cryptobyte.Builder) {
1829 b.AddBytes([]byte(email))
1830 })
1831 })
1832 }
1833
1834 for _, uriDomain := range uriDomains {
1835 if err = isIA5String(uriDomain); err != nil {
1836 return nil, err
1837 }
1838
1839 b.AddASN1(cryptobyte_asn1.SEQUENCE, func(b *cryptobyte.Builder) {
1840 b.AddASN1(cryptobyte_asn1.Tag(6).ContextSpecific(), func(b *cryptobyte.Builder) {
1841 b.AddBytes([]byte(uriDomain))
1842 })
1843 })
1844 }
1845
1846 return b.Bytes()
1847 }
1848
1849 permitted, err := serialiseConstraints(template.PermittedDNSDomains, template.PermittedIPRanges, template.PermittedEmailAddresses, template.PermittedURIDomains)
1850 if err != nil {
1851 return nil, err
1852 }
1853
1854 excluded, err := serialiseConstraints(template.ExcludedDNSDomains, template.ExcludedIPRanges, template.ExcludedEmailAddresses, template.ExcludedURIDomains)
1855 if err != nil {
1856 return nil, err
1857 }
1858
1859 var b cryptobyte.Builder
1860 b.AddASN1(cryptobyte_asn1.SEQUENCE, func(b *cryptobyte.Builder) {
1861 if len(permitted) > 0 {
1862 b.AddASN1(cryptobyte_asn1.Tag(0).ContextSpecific().Constructed(), func(b *cryptobyte.Builder) {
1863 b.AddBytes(permitted)
1864 })
1865 }
1866
1867 if len(excluded) > 0 {
1868 b.AddASN1(cryptobyte_asn1.Tag(1).ContextSpecific().Constructed(), func(b *cryptobyte.Builder) {
1869 b.AddBytes(excluded)
1870 })
1871 }
1872 })
1873
1874 ret[n].Value, err = b.Bytes()
1875 if err != nil {
1876 return nil, err
1877 }
1878 n++
1879 }
1880
1881 if len(template.CRLDistributionPoints) > 0 &&
1882 !oidInExtensions(oidExtensionCRLDistributionPoints, template.ExtraExtensions) {
1883 ret[n].Id = oidExtensionCRLDistributionPoints
1884
1885 var crlDp []distributionPoint
1886 for _, name := range template.CRLDistributionPoints {
1887 dp := distributionPoint{
1888 DistributionPoint: distributionPointName{
1889 FullName: []asn1.RawValue{
1890 {Tag: 6, Class: 2, Bytes: []byte(name)},
1891 },
1892 },
1893 }
1894 crlDp = append(crlDp, dp)
1895 }
1896
1897 ret[n].Value, err = asn1.Marshal(crlDp)
1898 if err != nil {
1899 return
1900 }
1901 n++
1902 }
1903
1904
1905
1906
1907
1908 return append(ret[:n], template.ExtraExtensions...), nil
1909 }
1910
1911 func marshalKeyUsage(ku KeyUsage) (pkix.Extension, error) {
1912 ext := pkix.Extension{Id: oidExtensionKeyUsage, Critical: true}
1913
1914 var a [2]byte
1915 a[0] = reverseBitsInAByte(byte(ku))
1916 a[1] = reverseBitsInAByte(byte(ku >> 8))
1917
1918 l := 1
1919 if a[1] != 0 {
1920 l = 2
1921 }
1922
1923 bitString := a[:l]
1924 var err error
1925 ext.Value, err = asn1.Marshal(asn1.BitString{Bytes: bitString, BitLength: asn1BitLength(bitString)})
1926 if err != nil {
1927 return ext, err
1928 }
1929 return ext, nil
1930 }
1931
1932 func marshalExtKeyUsage(extUsages []ExtKeyUsage, unknownUsages []asn1.ObjectIdentifier) (pkix.Extension, error) {
1933 ext := pkix.Extension{Id: oidExtensionExtendedKeyUsage}
1934
1935 oids := make([]asn1.ObjectIdentifier, len(extUsages)+len(unknownUsages))
1936 for i, u := range extUsages {
1937 if oid, ok := oidFromExtKeyUsage(u); ok {
1938 oids[i] = oid
1939 } else {
1940 return ext, errors.New("x509: unknown extended key usage")
1941 }
1942 }
1943
1944 copy(oids[len(extUsages):], unknownUsages)
1945
1946 var err error
1947 ext.Value, err = asn1.Marshal(oids)
1948 if err != nil {
1949 return ext, err
1950 }
1951 return ext, nil
1952 }
1953
1954 func marshalBasicConstraints(isCA bool, maxPathLen int, maxPathLenZero bool) (pkix.Extension, error) {
1955 ext := pkix.Extension{Id: oidExtensionBasicConstraints, Critical: true}
1956
1957
1958
1959 if maxPathLen == 0 && !maxPathLenZero {
1960 maxPathLen = -1
1961 }
1962 var err error
1963 ext.Value, err = asn1.Marshal(basicConstraints{isCA, maxPathLen})
1964 if err != nil {
1965 return ext, nil
1966 }
1967 return ext, nil
1968 }
1969
1970 func marshalCertificatePolicies(policyIdentifiers []asn1.ObjectIdentifier) (pkix.Extension, error) {
1971 ext := pkix.Extension{Id: oidExtensionCertificatePolicies}
1972 policies := make([]policyInformation, len(policyIdentifiers))
1973 for i, policy := range policyIdentifiers {
1974 policies[i].Policy = policy
1975 }
1976 var err error
1977 ext.Value, err = asn1.Marshal(policies)
1978 if err != nil {
1979 return ext, err
1980 }
1981 return ext, nil
1982 }
1983
1984 func buildCSRExtensions(template *CertificateRequest) ([]pkix.Extension, error) {
1985 var ret []pkix.Extension
1986
1987 if (len(template.DNSNames) > 0 || len(template.EmailAddresses) > 0 || len(template.IPAddresses) > 0 || len(template.URIs) > 0) &&
1988 !oidInExtensions(oidExtensionSubjectAltName, template.ExtraExtensions) {
1989 sanBytes, err := marshalSANs(template.DNSNames, template.EmailAddresses, template.IPAddresses, template.URIs)
1990 if err != nil {
1991 return nil, err
1992 }
1993
1994 ret = append(ret, pkix.Extension{
1995 Id: oidExtensionSubjectAltName,
1996 Value: sanBytes,
1997 })
1998 }
1999
2000 return append(ret, template.ExtraExtensions...), nil
2001 }
2002
2003 func subjectBytes(cert *Certificate) ([]byte, error) {
2004 if len(cert.RawSubject) > 0 {
2005 return cert.RawSubject, nil
2006 }
2007
2008 return asn1.Marshal(cert.Subject.ToRDNSequence())
2009 }
2010
2011
2012
2013
2014 func signingParamsForPublicKey(pub interface{}, requestedSigAlgo SignatureAlgorithm) (hashFunc crypto.Hash, sigAlgo pkix.AlgorithmIdentifier, err error) {
2015 var pubType PublicKeyAlgorithm
2016
2017 switch pub := pub.(type) {
2018 case *rsa.PublicKey:
2019 pubType = RSA
2020 hashFunc = crypto.SHA256
2021 sigAlgo.Algorithm = oidSignatureSHA256WithRSA
2022 sigAlgo.Parameters = asn1.NullRawValue
2023
2024 case *ecdsa.PublicKey:
2025 pubType = ECDSA
2026
2027 switch pub.Curve {
2028 case elliptic.P224(), elliptic.P256():
2029 hashFunc = crypto.SHA256
2030 sigAlgo.Algorithm = oidSignatureECDSAWithSHA256
2031 case elliptic.P384():
2032 hashFunc = crypto.SHA384
2033 sigAlgo.Algorithm = oidSignatureECDSAWithSHA384
2034 case elliptic.P521():
2035 hashFunc = crypto.SHA512
2036 sigAlgo.Algorithm = oidSignatureECDSAWithSHA512
2037 default:
2038 err = errors.New("x509: unknown elliptic curve")
2039 }
2040
2041 case ed25519.PublicKey:
2042 pubType = Ed25519
2043 sigAlgo.Algorithm = oidSignatureEd25519
2044
2045 default:
2046 err = errors.New("x509: only RSA, ECDSA and Ed25519 keys supported")
2047 }
2048
2049 if err != nil {
2050 return
2051 }
2052
2053 if requestedSigAlgo == 0 {
2054 return
2055 }
2056
2057 found := false
2058 for _, details := range signatureAlgorithmDetails {
2059 if details.algo == requestedSigAlgo {
2060 if details.pubKeyAlgo != pubType {
2061 err = errors.New("x509: requested SignatureAlgorithm does not match private key type")
2062 return
2063 }
2064 sigAlgo.Algorithm, hashFunc = details.oid, details.hash
2065 if hashFunc == 0 && pubType != Ed25519 {
2066 err = errors.New("x509: cannot sign with hash function requested")
2067 return
2068 }
2069 if requestedSigAlgo.isRSAPSS() {
2070 sigAlgo.Parameters = hashToPSSParameters[hashFunc]
2071 }
2072 found = true
2073 break
2074 }
2075 }
2076
2077 if !found {
2078 err = errors.New("x509: unknown SignatureAlgorithm")
2079 }
2080
2081 return
2082 }
2083
2084
2085
2086 var emptyASN1Subject = []byte{0x30, 0}
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140 func CreateCertificate(rand io.Reader, template, parent *Certificate, pub, priv interface{}) (cert []byte, err error) {
2141 key, ok := priv.(crypto.Signer)
2142 if !ok {
2143 return nil, errors.New("x509: certificate private key does not implement crypto.Signer")
2144 }
2145
2146 if template.SerialNumber == nil {
2147 return nil, errors.New("x509: no SerialNumber given")
2148 }
2149
2150 if template.BasicConstraintsValid && !template.IsCA && template.MaxPathLen != -1 && (template.MaxPathLen != 0 || template.MaxPathLenZero) {
2151 return nil, errors.New("x509: only CAs are allowed to specify MaxPathLen")
2152 }
2153
2154 hashFunc, signatureAlgorithm, err := signingParamsForPublicKey(key.Public(), template.SignatureAlgorithm)
2155 if err != nil {
2156 return nil, err
2157 }
2158
2159 publicKeyBytes, publicKeyAlgorithm, err := marshalPublicKey(pub)
2160 if err != nil {
2161 return nil, err
2162 }
2163
2164 asn1Issuer, err := subjectBytes(parent)
2165 if err != nil {
2166 return
2167 }
2168
2169 asn1Subject, err := subjectBytes(template)
2170 if err != nil {
2171 return
2172 }
2173
2174 authorityKeyId := template.AuthorityKeyId
2175 if !bytes.Equal(asn1Issuer, asn1Subject) && len(parent.SubjectKeyId) > 0 {
2176 authorityKeyId = parent.SubjectKeyId
2177 }
2178
2179 subjectKeyId := template.SubjectKeyId
2180 if len(subjectKeyId) == 0 && template.IsCA {
2181
2182
2183
2184
2185 h := sha1.Sum(publicKeyBytes)
2186 subjectKeyId = h[:]
2187 }
2188
2189 extensions, err := buildCertExtensions(template, bytes.Equal(asn1Subject, emptyASN1Subject), authorityKeyId, subjectKeyId)
2190 if err != nil {
2191 return
2192 }
2193
2194 encodedPublicKey := asn1.BitString{BitLength: len(publicKeyBytes) * 8, Bytes: publicKeyBytes}
2195 c := tbsCertificate{
2196 Version: 2,
2197 SerialNumber: template.SerialNumber,
2198 SignatureAlgorithm: signatureAlgorithm,
2199 Issuer: asn1.RawValue{FullBytes: asn1Issuer},
2200 Validity: validity{template.NotBefore.UTC(), template.NotAfter.UTC()},
2201 Subject: asn1.RawValue{FullBytes: asn1Subject},
2202 PublicKey: publicKeyInfo{nil, publicKeyAlgorithm, encodedPublicKey},
2203 Extensions: extensions,
2204 }
2205
2206 tbsCertContents, err := asn1.Marshal(c)
2207 if err != nil {
2208 return
2209 }
2210 c.Raw = tbsCertContents
2211
2212 signed := tbsCertContents
2213 if hashFunc != 0 {
2214 h := hashFunc.New()
2215 h.Write(signed)
2216 signed = h.Sum(nil)
2217 }
2218
2219 var signerOpts crypto.SignerOpts = hashFunc
2220 if template.SignatureAlgorithm != 0 && template.SignatureAlgorithm.isRSAPSS() {
2221 signerOpts = &rsa.PSSOptions{
2222 SaltLength: rsa.PSSSaltLengthEqualsHash,
2223 Hash: hashFunc,
2224 }
2225 }
2226
2227 var signature []byte
2228 signature, err = key.Sign(rand, signed, signerOpts)
2229 if err != nil {
2230 return
2231 }
2232
2233 signedCert, err := asn1.Marshal(certificate{
2234 nil,
2235 c,
2236 signatureAlgorithm,
2237 asn1.BitString{Bytes: signature, BitLength: len(signature) * 8},
2238 })
2239 if err != nil {
2240 return nil, err
2241 }
2242
2243
2244
2245
2246 if sigAlg := getSignatureAlgorithmFromAI(signatureAlgorithm); sigAlg != MD5WithRSA {
2247 if err := checkSignature(sigAlg, c.Raw, signature, key.Public()); err != nil {
2248 return nil, fmt.Errorf("x509: signature over certificate returned by signer is invalid: %w", err)
2249 }
2250 }
2251
2252 return signedCert, nil
2253 }
2254
2255
2256
2257 var pemCRLPrefix = []byte("-----BEGIN X509 CRL")
2258
2259
2260 var pemType = "X509 CRL"
2261
2262
2263
2264
2265
2266 func ParseCRL(crlBytes []byte) (*pkix.CertificateList, error) {
2267 if bytes.HasPrefix(crlBytes, pemCRLPrefix) {
2268 block, _ := pem.Decode(crlBytes)
2269 if block != nil && block.Type == pemType {
2270 crlBytes = block.Bytes
2271 }
2272 }
2273 return ParseDERCRL(crlBytes)
2274 }
2275
2276
2277 func ParseDERCRL(derBytes []byte) (*pkix.CertificateList, error) {
2278 certList := new(pkix.CertificateList)
2279 if rest, err := asn1.Unmarshal(derBytes, certList); err != nil {
2280 return nil, err
2281 } else if len(rest) != 0 {
2282 return nil, errors.New("x509: trailing data after CRL")
2283 }
2284 return certList, nil
2285 }
2286
2287
2288
2289
2290
2291
2292 func (c *Certificate) CreateCRL(rand io.Reader, priv interface{}, revokedCerts []pkix.RevokedCertificate, now, expiry time.Time) (crlBytes []byte, err error) {
2293 key, ok := priv.(crypto.Signer)
2294 if !ok {
2295 return nil, errors.New("x509: certificate private key does not implement crypto.Signer")
2296 }
2297
2298 hashFunc, signatureAlgorithm, err := signingParamsForPublicKey(key.Public(), 0)
2299 if err != nil {
2300 return nil, err
2301 }
2302
2303
2304 revokedCertsUTC := make([]pkix.RevokedCertificate, len(revokedCerts))
2305 for i, rc := range revokedCerts {
2306 rc.RevocationTime = rc.RevocationTime.UTC()
2307 revokedCertsUTC[i] = rc
2308 }
2309
2310 tbsCertList := pkix.TBSCertificateList{
2311 Version: 1,
2312 Signature: signatureAlgorithm,
2313 Issuer: c.Subject.ToRDNSequence(),
2314 ThisUpdate: now.UTC(),
2315 NextUpdate: expiry.UTC(),
2316 RevokedCertificates: revokedCertsUTC,
2317 }
2318
2319
2320 if len(c.SubjectKeyId) > 0 {
2321 var aki pkix.Extension
2322 aki.Id = oidExtensionAuthorityKeyId
2323 aki.Value, err = asn1.Marshal(authKeyId{Id: c.SubjectKeyId})
2324 if err != nil {
2325 return
2326 }
2327 tbsCertList.Extensions = append(tbsCertList.Extensions, aki)
2328 }
2329
2330 tbsCertListContents, err := asn1.Marshal(tbsCertList)
2331 if err != nil {
2332 return
2333 }
2334
2335 signed := tbsCertListContents
2336 if hashFunc != 0 {
2337 h := hashFunc.New()
2338 h.Write(signed)
2339 signed = h.Sum(nil)
2340 }
2341
2342 var signature []byte
2343 signature, err = key.Sign(rand, signed, hashFunc)
2344 if err != nil {
2345 return
2346 }
2347
2348 return asn1.Marshal(pkix.CertificateList{
2349 TBSCertList: tbsCertList,
2350 SignatureAlgorithm: signatureAlgorithm,
2351 SignatureValue: asn1.BitString{Bytes: signature, BitLength: len(signature) * 8},
2352 })
2353 }
2354
2355
2356 type CertificateRequest struct {
2357 Raw []byte
2358 RawTBSCertificateRequest []byte
2359 RawSubjectPublicKeyInfo []byte
2360 RawSubject []byte
2361
2362 Version int
2363 Signature []byte
2364 SignatureAlgorithm SignatureAlgorithm
2365
2366 PublicKeyAlgorithm PublicKeyAlgorithm
2367 PublicKey interface{}
2368
2369 Subject pkix.Name
2370
2371
2372
2373
2374
2375
2376 Attributes []pkix.AttributeTypeAndValueSET
2377
2378
2379
2380
2381 Extensions []pkix.Extension
2382
2383
2384
2385
2386
2387
2388
2389
2390 ExtraExtensions []pkix.Extension
2391
2392
2393 DNSNames []string
2394 EmailAddresses []string
2395 IPAddresses []net.IP
2396 URIs []*url.URL
2397 }
2398
2399
2400
2401
2402 type tbsCertificateRequest struct {
2403 Raw asn1.RawContent
2404 Version int
2405 Subject asn1.RawValue
2406 PublicKey publicKeyInfo
2407 RawAttributes []asn1.RawValue `asn1:"tag:0"`
2408 }
2409
2410 type certificateRequest struct {
2411 Raw asn1.RawContent
2412 TBSCSR tbsCertificateRequest
2413 SignatureAlgorithm pkix.AlgorithmIdentifier
2414 SignatureValue asn1.BitString
2415 }
2416
2417
2418
2419 var oidExtensionRequest = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 14}
2420
2421
2422
2423 func newRawAttributes(attributes []pkix.AttributeTypeAndValueSET) ([]asn1.RawValue, error) {
2424 var rawAttributes []asn1.RawValue
2425 b, err := asn1.Marshal(attributes)
2426 if err != nil {
2427 return nil, err
2428 }
2429 rest, err := asn1.Unmarshal(b, &rawAttributes)
2430 if err != nil {
2431 return nil, err
2432 }
2433 if len(rest) != 0 {
2434 return nil, errors.New("x509: failed to unmarshal raw CSR Attributes")
2435 }
2436 return rawAttributes, nil
2437 }
2438
2439
2440 func parseRawAttributes(rawAttributes []asn1.RawValue) []pkix.AttributeTypeAndValueSET {
2441 var attributes []pkix.AttributeTypeAndValueSET
2442 for _, rawAttr := range rawAttributes {
2443 var attr pkix.AttributeTypeAndValueSET
2444 rest, err := asn1.Unmarshal(rawAttr.FullBytes, &attr)
2445
2446
2447 if err == nil && len(rest) == 0 {
2448 attributes = append(attributes, attr)
2449 }
2450 }
2451 return attributes
2452 }
2453
2454
2455
2456 func parseCSRExtensions(rawAttributes []asn1.RawValue) ([]pkix.Extension, error) {
2457
2458 type pkcs10Attribute struct {
2459 Id asn1.ObjectIdentifier
2460 Values []asn1.RawValue `asn1:"set"`
2461 }
2462
2463 var ret []pkix.Extension
2464 for _, rawAttr := range rawAttributes {
2465 var attr pkcs10Attribute
2466 if rest, err := asn1.Unmarshal(rawAttr.FullBytes, &attr); err != nil || len(rest) != 0 || len(attr.Values) == 0 {
2467
2468 continue
2469 }
2470
2471 if !attr.Id.Equal(oidExtensionRequest) {
2472 continue
2473 }
2474
2475 var extensions []pkix.Extension
2476 if _, err := asn1.Unmarshal(attr.Values[0].FullBytes, &extensions); err != nil {
2477 return nil, err
2478 }
2479 ret = append(ret, extensions...)
2480 }
2481
2482 return ret, nil
2483 }
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504 func CreateCertificateRequest(rand io.Reader, template *CertificateRequest, priv interface{}) (csr []byte, err error) {
2505 key, ok := priv.(crypto.Signer)
2506 if !ok {
2507 return nil, errors.New("x509: certificate private key does not implement crypto.Signer")
2508 }
2509
2510 var hashFunc crypto.Hash
2511 var sigAlgo pkix.AlgorithmIdentifier
2512 hashFunc, sigAlgo, err = signingParamsForPublicKey(key.Public(), template.SignatureAlgorithm)
2513 if err != nil {
2514 return nil, err
2515 }
2516
2517 var publicKeyBytes []byte
2518 var publicKeyAlgorithm pkix.AlgorithmIdentifier
2519 publicKeyBytes, publicKeyAlgorithm, err = marshalPublicKey(key.Public())
2520 if err != nil {
2521 return nil, err
2522 }
2523
2524 extensions, err := buildCSRExtensions(template)
2525 if err != nil {
2526 return nil, err
2527 }
2528
2529
2530 attributes := make([]pkix.AttributeTypeAndValueSET, 0, len(template.Attributes))
2531 for _, attr := range template.Attributes {
2532 values := make([][]pkix.AttributeTypeAndValue, len(attr.Value))
2533 copy(values, attr.Value)
2534 attributes = append(attributes, pkix.AttributeTypeAndValueSET{
2535 Type: attr.Type,
2536 Value: values,
2537 })
2538 }
2539
2540 extensionsAppended := false
2541 if len(extensions) > 0 {
2542
2543 for _, atvSet := range attributes {
2544 if !atvSet.Type.Equal(oidExtensionRequest) || len(atvSet.Value) == 0 {
2545 continue
2546 }
2547
2548
2549
2550 specifiedExtensions := make(map[string]bool)
2551
2552 for _, atvs := range atvSet.Value {
2553 for _, atv := range atvs {
2554 specifiedExtensions[atv.Type.String()] = true
2555 }
2556 }
2557
2558 newValue := make([]pkix.AttributeTypeAndValue, 0, len(atvSet.Value[0])+len(extensions))
2559 newValue = append(newValue, atvSet.Value[0]...)
2560
2561 for _, e := range extensions {
2562 if specifiedExtensions[e.Id.String()] {
2563
2564
2565 continue
2566 }
2567
2568 newValue = append(newValue, pkix.AttributeTypeAndValue{
2569
2570
2571 Type: e.Id,
2572 Value: e.Value,
2573 })
2574 }
2575
2576 atvSet.Value[0] = newValue
2577 extensionsAppended = true
2578 break
2579 }
2580 }
2581
2582 rawAttributes, err := newRawAttributes(attributes)
2583 if err != nil {
2584 return
2585 }
2586
2587
2588
2589 if len(extensions) > 0 && !extensionsAppended {
2590 attr := struct {
2591 Type asn1.ObjectIdentifier
2592 Value [][]pkix.Extension `asn1:"set"`
2593 }{
2594 Type: oidExtensionRequest,
2595 Value: [][]pkix.Extension{extensions},
2596 }
2597
2598 b, err := asn1.Marshal(attr)
2599 if err != nil {
2600 return nil, errors.New("x509: failed to serialise extensions attribute: " + err.Error())
2601 }
2602
2603 var rawValue asn1.RawValue
2604 if _, err := asn1.Unmarshal(b, &rawValue); err != nil {
2605 return nil, err
2606 }
2607
2608 rawAttributes = append(rawAttributes, rawValue)
2609 }
2610
2611 asn1Subject := template.RawSubject
2612 if len(asn1Subject) == 0 {
2613 asn1Subject, err = asn1.Marshal(template.Subject.ToRDNSequence())
2614 if err != nil {
2615 return nil, err
2616 }
2617 }
2618
2619 tbsCSR := tbsCertificateRequest{
2620 Version: 0,
2621 Subject: asn1.RawValue{FullBytes: asn1Subject},
2622 PublicKey: publicKeyInfo{
2623 Algorithm: publicKeyAlgorithm,
2624 PublicKey: asn1.BitString{
2625 Bytes: publicKeyBytes,
2626 BitLength: len(publicKeyBytes) * 8,
2627 },
2628 },
2629 RawAttributes: rawAttributes,
2630 }
2631
2632 tbsCSRContents, err := asn1.Marshal(tbsCSR)
2633 if err != nil {
2634 return
2635 }
2636 tbsCSR.Raw = tbsCSRContents
2637
2638 signed := tbsCSRContents
2639 if hashFunc != 0 {
2640 h := hashFunc.New()
2641 h.Write(signed)
2642 signed = h.Sum(nil)
2643 }
2644
2645 var signature []byte
2646 signature, err = key.Sign(rand, signed, hashFunc)
2647 if err != nil {
2648 return
2649 }
2650
2651 return asn1.Marshal(certificateRequest{
2652 TBSCSR: tbsCSR,
2653 SignatureAlgorithm: sigAlgo,
2654 SignatureValue: asn1.BitString{
2655 Bytes: signature,
2656 BitLength: len(signature) * 8,
2657 },
2658 })
2659 }
2660
2661
2662
2663 func ParseCertificateRequest(asn1Data []byte) (*CertificateRequest, error) {
2664 var csr certificateRequest
2665
2666 rest, err := asn1.Unmarshal(asn1Data, &csr)
2667 if err != nil {
2668 return nil, err
2669 } else if len(rest) != 0 {
2670 return nil, asn1.SyntaxError{Msg: "trailing data"}
2671 }
2672
2673 return parseCertificateRequest(&csr)
2674 }
2675
2676 func parseCertificateRequest(in *certificateRequest) (*CertificateRequest, error) {
2677 out := &CertificateRequest{
2678 Raw: in.Raw,
2679 RawTBSCertificateRequest: in.TBSCSR.Raw,
2680 RawSubjectPublicKeyInfo: in.TBSCSR.PublicKey.Raw,
2681 RawSubject: in.TBSCSR.Subject.FullBytes,
2682
2683 Signature: in.SignatureValue.RightAlign(),
2684 SignatureAlgorithm: getSignatureAlgorithmFromAI(in.SignatureAlgorithm),
2685
2686 PublicKeyAlgorithm: getPublicKeyAlgorithmFromOID(in.TBSCSR.PublicKey.Algorithm.Algorithm),
2687
2688 Version: in.TBSCSR.Version,
2689 Attributes: parseRawAttributes(in.TBSCSR.RawAttributes),
2690 }
2691
2692 var err error
2693 out.PublicKey, err = parsePublicKey(out.PublicKeyAlgorithm, &in.TBSCSR.PublicKey)
2694 if err != nil {
2695 return nil, err
2696 }
2697
2698 var subject pkix.RDNSequence
2699 if rest, err := asn1.Unmarshal(in.TBSCSR.Subject.FullBytes, &subject); err != nil {
2700 return nil, err
2701 } else if len(rest) != 0 {
2702 return nil, errors.New("x509: trailing data after X.509 Subject")
2703 }
2704
2705 out.Subject.FillFromRDNSequence(&subject)
2706
2707 if out.Extensions, err = parseCSRExtensions(in.TBSCSR.RawAttributes); err != nil {
2708 return nil, err
2709 }
2710
2711 for _, extension := range out.Extensions {
2712 switch {
2713 case extension.Id.Equal(oidExtensionSubjectAltName):
2714 out.DNSNames, out.EmailAddresses, out.IPAddresses, out.URIs, err = parseSANExtension(extension.Value)
2715 if err != nil {
2716 return nil, err
2717 }
2718 }
2719 }
2720
2721 return out, nil
2722 }
2723
2724
2725 func (c *CertificateRequest) CheckSignature() error {
2726 return checkSignature(c.SignatureAlgorithm, c.RawTBSCertificateRequest, c.Signature, c.PublicKey)
2727 }
2728
2729
2730
2731 type RevocationList struct {
2732
2733
2734
2735 SignatureAlgorithm SignatureAlgorithm
2736
2737
2738
2739
2740 RevokedCertificates []pkix.RevokedCertificate
2741
2742
2743
2744
2745 Number *big.Int
2746
2747
2748 ThisUpdate time.Time
2749
2750
2751
2752 NextUpdate time.Time
2753
2754
2755 ExtraExtensions []pkix.Extension
2756 }
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770 func CreateRevocationList(rand io.Reader, template *RevocationList, issuer *Certificate, priv crypto.Signer) ([]byte, error) {
2771 if template == nil {
2772 return nil, errors.New("x509: template can not be nil")
2773 }
2774 if issuer == nil {
2775 return nil, errors.New("x509: issuer can not be nil")
2776 }
2777 if (issuer.KeyUsage & KeyUsageCRLSign) == 0 {
2778 return nil, errors.New("x509: issuer must have the crlSign key usage bit set")
2779 }
2780 if len(issuer.SubjectKeyId) == 0 {
2781 return nil, errors.New("x509: issuer certificate doesn't contain a subject key identifier")
2782 }
2783 if template.NextUpdate.Before(template.ThisUpdate) {
2784 return nil, errors.New("x509: template.ThisUpdate is after template.NextUpdate")
2785 }
2786 if template.Number == nil {
2787 return nil, errors.New("x509: template contains nil Number field")
2788 }
2789
2790 hashFunc, signatureAlgorithm, err := signingParamsForPublicKey(priv.Public(), template.SignatureAlgorithm)
2791 if err != nil {
2792 return nil, err
2793 }
2794
2795
2796 revokedCertsUTC := make([]pkix.RevokedCertificate, len(template.RevokedCertificates))
2797 for i, rc := range template.RevokedCertificates {
2798 rc.RevocationTime = rc.RevocationTime.UTC()
2799 revokedCertsUTC[i] = rc
2800 }
2801
2802 aki, err := asn1.Marshal(authKeyId{Id: issuer.SubjectKeyId})
2803 if err != nil {
2804 return nil, err
2805 }
2806 crlNum, err := asn1.Marshal(template.Number)
2807 if err != nil {
2808 return nil, err
2809 }
2810
2811 tbsCertList := pkix.TBSCertificateList{
2812 Version: 1,
2813 Signature: signatureAlgorithm,
2814 Issuer: issuer.Subject.ToRDNSequence(),
2815 ThisUpdate: template.ThisUpdate.UTC(),
2816 NextUpdate: template.NextUpdate.UTC(),
2817 Extensions: []pkix.Extension{
2818 {
2819 Id: oidExtensionAuthorityKeyId,
2820 Value: aki,
2821 },
2822 {
2823 Id: oidExtensionCRLNumber,
2824 Value: crlNum,
2825 },
2826 },
2827 }
2828 if len(revokedCertsUTC) > 0 {
2829 tbsCertList.RevokedCertificates = revokedCertsUTC
2830 }
2831
2832 if len(template.ExtraExtensions) > 0 {
2833 tbsCertList.Extensions = append(tbsCertList.Extensions, template.ExtraExtensions...)
2834 }
2835
2836 tbsCertListContents, err := asn1.Marshal(tbsCertList)
2837 if err != nil {
2838 return nil, err
2839 }
2840
2841 input := tbsCertListContents
2842 if hashFunc != 0 {
2843 h := hashFunc.New()
2844 h.Write(tbsCertListContents)
2845 input = h.Sum(nil)
2846 }
2847 var signerOpts crypto.SignerOpts = hashFunc
2848 if template.SignatureAlgorithm.isRSAPSS() {
2849 signerOpts = &rsa.PSSOptions{
2850 SaltLength: rsa.PSSSaltLengthEqualsHash,
2851 Hash: hashFunc,
2852 }
2853 }
2854
2855 signature, err := priv.Sign(rand, input, signerOpts)
2856 if err != nil {
2857 return nil, err
2858 }
2859
2860 return asn1.Marshal(pkix.CertificateList{
2861 TBSCertList: tbsCertList,
2862 SignatureAlgorithm: signatureAlgorithm,
2863 SignatureValue: asn1.BitString{Bytes: signature, BitLength: len(signature) * 8},
2864 })
2865 }
2866
View as plain text