int
hx509_ca_sign(hx509_context context,
hx509_ca_tbs tbs,
hx509_cert signer,
hx509_cert *certificate)
{
const Certificate *signer_cert;
AuthorityKeyIdentifier ai;
int ret;
memset(&ai, 0, sizeof(ai));
signer_cert = _hx509_get_cert(signer);
ret = get_AuthorityKeyIdentifier(context, signer_cert, &ai);
if (ret)
goto out;
ret = ca_sign(context,
tbs,
_hx509_cert_private_key(signer),
&ai,
&signer_cert->tbsCertificate.subject,
certificate);
out:
free_AuthorityKeyIdentifier(&ai);
return ret;
}
int
hx509_ca_sign_self(hx509_context context,
hx509_ca_tbs tbs,
hx509_private_key signer,
hx509_cert *certificate)
{
return ca_sign(context,
tbs,
signer,
NULL,
NULL,
certificate);
}
int
ca_certificate(struct ca *ca, char *keyname, int type, int action)
{
char *envargs = "";
switch (action) {
case CA_SERVER:
envargs = " EXTCERTUSAGE=serverAuth NSCERTTYPE=server"
" CERTUSAGE=digitalSignature,keyEncipherment";
break;
case CA_CLIENT:
envargs = " EXTCERTUSAGE=clientAuth NSCERTTYPE=client"
" CERTUSAGE=digitalSignature,keyAgreement";
break;
default:
break;
}
ca_key_create(ca, keyname);
ca_request(ca, keyname);
ca_sign(ca, keyname, type, envargs);
return (0);
}