Created
February 1, 2019 16:29
-
-
Save jvehent/39aeda5bd0aaaf84368d43173a2fed6f to your computer and use it in GitHub Desktop.
Small Go program that makes a CSR using a private key in cloudhsm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // This code requires a configuration file to initialize the crypto11 | |
| // library. Use the following config in a file named "crypto11.config" | |
| // { | |
| // "Path" : "/opt/cloudhsm/lib/libcloudhsm_pkcs11.so", | |
| // "TokenLabel": "cavium", | |
| // "Pin" : "$CRYPTO_USER:$PASSWORD" | |
| // } | |
| package main | |
| import ( | |
| "crypto/rand" | |
| "crypto/x509" | |
| "crypto/x509/pkix" | |
| "encoding/pem" | |
| "flag" | |
| "fmt" | |
| "log" | |
| "os" | |
| "github.com/ThalesIgnite/crypto11" | |
| ) | |
| func main() { | |
| var ( | |
| keyLabel string | |
| ou string | |
| cn string | |
| email string | |
| ) | |
| flag.StringVar(&keyLabel, "l", "mykey", "Label of the key in the HSM") | |
| flag.StringVar(&ou, "ou", "Mozilla AMO Production Signing Service,", "OrganizationalUnit of the Subject") | |
| flag.StringVar(&cn, "cn", "Content Signing Intermediate", "CommonName of the Subject") | |
| flag.StringVar(&email, "email", "foxsec@mozilla.com", "Email of the Subject") | |
| flag.Parse() | |
| p11Ctx, err := crypto11.ConfigureFromFile("crypto11.config") | |
| if err != nil { | |
| log.Fatal(err) | |
| } | |
| slots, err := p11Ctx.GetSlotList(true) | |
| if err != nil { | |
| log.Fatalf("Failed to list PKCS#11 Slots: %s", err.Error()) | |
| } | |
| if len(slots) < 1 { | |
| log.Fatal("No slot found") | |
| } | |
| privKey, err := crypto11.FindKeyPair(nil, []byte(keyLabel)) | |
| if err != nil { | |
| log.Fatal(err) | |
| } | |
| crtReq := &x509.CertificateRequest{ | |
| Subject: pkix.Name{ | |
| CommonName: fmt.Sprintf("%s/emailAddress=%s", cn, email), | |
| Organization: []string{"Mozilla Corporation"}, | |
| OrganizationalUnit: []string{ou}, | |
| Country: []string{"US"}, | |
| }, | |
| DNSNames: []string{cn}, | |
| SignatureAlgorithm: x509.ECDSAWithSHA384, | |
| } | |
| csrBytes, err := x509.CreateCertificateRequest(rand.Reader, crtReq, privKey) | |
| if err != nil { | |
| log.Fatal(err) | |
| } | |
| pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE REQUEST", Bytes: csrBytes}) | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
$ ./makecsr -l csinter201901 SDK Version: 2.03 -----BEGIN CERTIFICATE REQUEST----- MIIB3DCCAWECAQAwgacxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNNb3ppbGxhIENv cnBvcmF0aW9uMTAwLgYDVQQLEydNb3ppbGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25p bmcgU2VydmljZSwxSDBGBgNVBAMMP0NOPUNvbnRlbnQgU2lnbmluZyBJbnRlcm1l ZGlhdGUvZW1haWxBZGRyZXNzPWZveHNlY0Btb3ppbGxhLmNvbTB2MBAGByqGSM49 AgEGBSuBBAAiA2IABHDV3ITFXlo2Ick9r99Uc7qTEmfehktWi0nQPMVkD2vWxB/y LT6/vw+DT9zedMDJlZ+RQvO86kpgr8YQYG2KzEKQMn4Xc24s+lIiDd9fbmkfQsTX l+8BIFVyvy0otUd46aA6MDgGCSqGSIb3DQEJDjErMCkwJwYDVR0RBCAwHoIcQ29u dGVudCBTaWduaW5nIEludGVybWVkaWF0ZTAKBggqhkjOPQQDAwNpADBmAjEA9bQk /oTNQn9uSofv+OqKuWv6NMt9C8pSOjZGA/j1kD7HMlKD+WQN8BhSt389+Y8fAjEA oVu/TTSg/tRESIJCTdgeCxWiDfLQ6aEUZ4/KCwoe7APIVJk5RWjyPGWfneK2ZLF9 -----END CERTIFICATE REQUEST-----