diff --git a/README.md b/README.md index 6e8e8e5..48d78f2 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# A golang PKI in less than 1000 lines of code. +# A golang PKI in just over a 1000 lines of code. # Introduction diff --git a/db.go b/db.go index 4e3f988..5540ebb 100644 --- a/db.go +++ b/db.go @@ -1,14 +1,17 @@ package main import ( + "bufio" "crypto/ecdsa" "crypto/elliptic" "crypto/rsa" "crypto/x509" "encoding/asn1" + "fmt" "log" "net" "net/url" + "os" "time" "github.com/aws/aws-sdk-go/aws" @@ -21,6 +24,7 @@ import ( var dyndb *dynamodb.DynamoDB type x509Record struct { + Requester string SerialNumber string Issuer string Subject string @@ -33,6 +37,7 @@ type x509Record struct { IPAddresses []net.IP URIs []*url.URL PubKey []byte + DerCert []byte } func addDbRecord(crtBytes []byte) error { @@ -54,7 +59,12 @@ func addDbRecord(crtBytes []byte) error { default: return errors.New("only ECDSA and RSA public keys are supported") } + reader := bufio.NewReader(os.Stdin) + fmt.Print("Enter Requester in the format of \"Joe Blogs \" -> ") + requester, _ := reader.ReadString('\n') // E: requester declared and not used // E: requester declared and not used + // marshal the crt to a pem byte array record := x509Record{ + Requester: requester, SerialNumber: crt.SerialNumber.String(), // serial number should be unique (as in cryptographically) so we can use this as the key Issuer: crt.Issuer.String(), Subject: crt.Subject.String(), @@ -67,6 +77,7 @@ func addDbRecord(crtBytes []byte) error { IPAddresses: crt.IPAddresses, URIs: crt.URIs, PubKey: pubBytes, + DerCert: crtBytes, } // we should be running under the role given to us by the sts tokens. diff --git a/x509.go b/x509.go index 45f4512..81edc4f 100644 --- a/x509.go +++ b/x509.go @@ -298,6 +298,7 @@ func signCSR(signer crypto11.Signer, csr *x509.CertificateRequest) (crtBytes []b Critical: false, Value: yy, } + tmpl := &x509.Certificate{ SerialNumber: serialNumber, Subject: newSubject,