|
|
|
@ -30,35 +30,34 @@ type SignOptions struct {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var (
|
|
|
|
|
stepOIDRoot = asn1.ObjectIdentifier([]int{1, 3, 6, 1, 4, 1, 37476, 9000, 64})
|
|
|
|
|
stepOIDProvisioner = asn1.ObjectIdentifier(append([]int(nil), append(stepOIDRoot, 1)...))
|
|
|
|
|
stepOIDProvisionerName = asn1.ObjectIdentifier(append([]int(nil), append(stepOIDProvisioner, 1)...))
|
|
|
|
|
stepOIDProvisionerKeyID = asn1.ObjectIdentifier(append([]int(nil), append(stepOIDProvisioner, 2)...))
|
|
|
|
|
stepOIDRoot = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 37476, 9000, 64}
|
|
|
|
|
stepOIDProvisioner = append(asn1.ObjectIdentifier(nil), append(stepOIDRoot, 1)...)
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type stepProvisionerASN1 struct {
|
|
|
|
|
Type int
|
|
|
|
|
Name []byte
|
|
|
|
|
CredentialID []byte
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const provisionerTypeJWK = 1
|
|
|
|
|
|
|
|
|
|
func withProvisionerOID(name, kid string) x509util.WithOption {
|
|
|
|
|
return func(p x509util.Profile) error {
|
|
|
|
|
crt := p.Subject()
|
|
|
|
|
|
|
|
|
|
irw := asn1.RawValue{Tag: asn1.TagGeneralString, Class: asn1.ClassPrivate, Bytes: []byte(name)}
|
|
|
|
|
krw := asn1.RawValue{Tag: asn1.TagGeneralString, Class: asn1.ClassPrivate, Bytes: []byte(kid)}
|
|
|
|
|
|
|
|
|
|
irwb, err := asn1.Marshal(irw)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
krwb, err := asn1.Marshal(krw)
|
|
|
|
|
b, err := asn1.Marshal(stepProvisionerASN1{
|
|
|
|
|
Type: provisionerTypeJWK,
|
|
|
|
|
Name: []byte(name),
|
|
|
|
|
CredentialID: []byte(kid),
|
|
|
|
|
})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
crt.ExtraExtensions = append(crt.ExtraExtensions, pkix.Extension{
|
|
|
|
|
Id: stepOIDProvisionerName,
|
|
|
|
|
Critical: false,
|
|
|
|
|
Value: irwb,
|
|
|
|
|
}, pkix.Extension{
|
|
|
|
|
Id: stepOIDProvisionerKeyID,
|
|
|
|
|
Id: stepOIDProvisioner,
|
|
|
|
|
Critical: false,
|
|
|
|
|
Value: krwb,
|
|
|
|
|
Value: b,
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|