@ -2,7 +2,9 @@ package certdehydrate
import (
"bytes"
"crypto/rand"
"crypto/sha256"
"crypto/x509"
"crypto/x509/pkix"
"encoding/base64"
"encoding/binary"
@ -10,9 +12,9 @@ import (
"fmt"
"math/big"
"time"
)
import "github.com/namecoin/x509-signature-splice/x509"
"github.com/namecoin/splicesign"
)
// A DehydratedCertificate represents the (nearly) minimal set of data required
// to deterministically construct a valid x509 certificate when combined with a
@ -29,7 +31,7 @@ type DehydratedCertificate struct {
// SerialNumber calculates the certificate serial number according to the
// Dehydrated TLS Certificates specification.
func ( dehydrated DehydratedCertificate ) SerialNumber ( name string ) ( [ ] byte , error ) {
func ( dehydrated * DehydratedCertificate ) SerialNumber ( name string ) ( [ ] byte , error ) {
nameHash := sha256 . Sum256 ( [ ] byte ( name ) )
@ -75,7 +77,7 @@ func (dehydrated DehydratedCertificate) SerialNumber(name string) ([]byte, error
return serialHash . Sum ( nil ) [ 0 : 19 ] , nil
}
func ( dehydrated DehydratedCertificate ) String ( ) string {
func ( dehydrated * DehydratedCertificate ) String ( ) string {
output := [ ] interface { } { 1 , dehydrated . PubkeyB64 , dehydrated . NotBeforeScaled , dehydrated . NotAfterScaled , dehydrated . SignatureAlgorithm , dehydrated . SignatureB64 }
binOutput , _ := json . Marshal ( output )
return string ( binOutput )
@ -252,7 +254,13 @@ func FillRehydratedCertTemplate(template x509.Certificate, name string) ([]byte,
}
template . SerialNumber . SetBytes ( serialNumberBytes )
derBytes , err := x509 . CreateCertificateWithSplicedSignature ( & template , & template )
pub := template . PublicKey
priv := & splicesign . SpliceSigner {
PublicKey : pub ,
Signature : template . Signature ,
}
derBytes , err := x509 . CreateCertificate ( rand . Reader , & template , & template , pub , priv )
if err != nil {
return nil , fmt . Errorf ( "Error splicing signature: %s" , err )
}