wneessen/go-mail
1
1
Fork 0
mirror of https://github.com/wneessen/go-mail.git synced 2024-11-22 13:50:49 +01:00
Code Issues Projects Releases Packages Wiki Activity

feat: add parent certificates

Browse source
This commit is contained in:
theexiile1305 2024-10-11 17:26:22 +02:00
parent 7f7bf80e39
commit c45aec89e9
No known key found for this signature in database
GPG key ID: A1BDDE98F2BF6E40
1 changed files with 19 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
smime.go
View file

@ -16,6 +16,9 @@ var (
// ErrInvalidKeyPair should be used if key pair is invalid
ErrInvalidKeyPair = errors.New("invalid key pair")
// ErrInvalidParentCertificates should be used if one of the parent certificates is invalid
ErrInvalidParentCertificates = errors.New("invalid parent certificates")
// ErrCouldNotInitialize should be used if the signed data could not initialize
ErrCouldNotInitialize = errors.New("could not initialize signed data")
@ -31,8 +34,9 @@ var (
// SMime is used to sign messages with S/MIME
type SMime struct {
privateKey *rsa.PrivateKey
certificate *x509.Certificate
privateKey *rsa.PrivateKey
parentCertificates []*x509.Certificate
certificate *x509.Certificate
}
// NewSMime construct a new instance of SMime with a provided *tls.Certificate
@ -41,9 +45,19 @@ func newSMime(keyPair *tls.Certificate) (*SMime, error) {
return nil, ErrInvalidKeyPair
}
parentCertificates := make([]*x509.Certificate, 0)
for _, cert := range keyPair.Certificate[1:] {
c, err := x509.ParseCertificate(cert)
if err != nil {
return nil, ErrInvalidParentCertificates
}
parentCertificates = append(parentCertificates, c)
}
return &SMime{
privateKey: keyPair.PrivateKey.(*rsa.PrivateKey),
certificate: keyPair.Leaf,
privateKey: keyPair.PrivateKey.(*rsa.PrivateKey),
certificate: keyPair.Leaf,
parentCertificates: parentCertificates,
}, nil
}
@ -58,7 +72,7 @@ func (sm *SMime) signMessage(message string) (*string, error) {
return nil, ErrCouldNotInitialize
}
if err = signedData.AddSigner(sm.certificate, sm.privateKey, pkcs7.SignerInfoConfig{}); err != nil {
if err = signedData.AddSignerChain(sm.certificate, sm.privateKey, sm.parentCertificates, pkcs7.SignerInfoConfig{}); err != nil {
return nil, ErrCouldNotAddSigner
}