| 49 | } |
| 50 | |
| 51 | func (h x509CertsHandler) CreateCSR(sub pkix.Name, pkw PrivateKeyWrap, alt *certutil.AltNames) (*pem.Block, error) { |
| 52 | tpl := x509.CertificateRequest{ |
| 53 | Subject: sub, |
| 54 | } |
| 55 | if alt != nil { |
| 56 | tpl.DNSNames = alt.DNSNames |
| 57 | tpl.IPAddresses = alt.IPs |
| 58 | } |
| 59 | pk, err := pkw.Signer() |
| 60 | if err != nil { |
| 61 | return nil, fmt.Errorf("failed to parse the private key der to Signer, err: %v", err) |
| 62 | } |
| 63 | csrDER, err := x509.CreateCertificateRequest(rand.Reader, &tpl, pk) |
| 64 | if err != nil { |
| 65 | return nil, fmt.Errorf("failed to create x509 certificate request, err %v", err) |
| 66 | } |
| 67 | return &pem.Block{Type: certutil.CertificateRequestBlockType, Bytes: csrDER}, nil |
| 68 | } |
| 69 | |
| 70 | func (h x509CertsHandler) SignCerts(opts SignCertsOptions) (*pem.Block, error) { |
| 71 | pubkey := opts.publicKey |