Add ability to set whitelist in config.json

config/config.go

@@ -50,18 +50,20 @@ type CertificatePolicy struct {
 // A SigningProfile stores information that the CA needs to store
 // signature policy.
 type SigningProfile struct {
-	Usage          []string  `json:"usages"`
-	IssuerURL      []string  `json:"issuer_urls"`
-	OCSP           string    `json:"ocsp_url"`
-	CRL            string    `json:"crl_url"`
-	CA             bool      `json:"is_ca"`
-	OCSPNoCheck    bool      `json:"ocsp_no_check"`
-	ExpiryString   string    `json:"expiry"`
-	BackdateString string    `json:"backdate"`
-	AuthKeyName    string    `json:"auth_key"`
-	RemoteName     string    `json:"remote"`
-	NotBefore      time.Time `json:"not_before"`
-	NotAfter       time.Time `json:"not_after"`
+	Usage               []string  `json:"usages"`
+	IssuerURL           []string  `json:"issuer_urls"`
+	OCSP                string    `json:"ocsp_url"`
+	CRL                 string    `json:"crl_url"`
+	CA                  bool      `json:"is_ca"`
+	PolicyStrings       []string  `json:"policies"`
+	OCSPNoCheck         bool      `json:"ocsp_no_check"`
+	ExpiryString        string    `json:"expiry"`
+	BackdateString      string    `json:"backdate"`
+	AuthKeyName         string    `json:"auth_key"`
+	RemoteName          string    `json:"remote"`
+	NotBefore           time.Time `json:"not_before"`
+	NotAfter            time.Time `json:"not_after"`
+	NameWhitelistString string    `json:"name_whitelist"`
 
 	Policies      []asn1.ObjectIdentifier
 	Expiry        time.Duration
@@ -201,6 +203,16 @@ func (p *SigningProfile) populate(cfg *Config) error {
 		}
 	}
 
+	if p.NameWhitelistString != "" {
+		log.Debug("compiling whitelist regular expression")
+		rule, err := regexp.Compile(p.NameWhitelistString)
+		if err != nil {
+			return cferr.Wrap(cferr.PolicyError, cferr.InvalidPolicy,
+				errors.New("failed to compile name whitelist section"))
+		}
+		p.NameWhitelist = rule
+	}
+
 	return nil
 }