Golang PKCS12带中间证书的签名

我有.p12扩展名,包含证书和密钥。然后,我使用以下命令提取证书并输入PEM:

openssl pkcs12 -in <filename>.p12 -clcerts -nokeys -out passcertificate.pem -passin pass:<password>

openssl pkcs12 -in Certificates.p12 -nocerts -out passkey.pem -passin pass:<password> -passout pass:<password_out>

毕竟我用私钥和中间证书签署文件以获得签名。

openssl smime -binary -sign -certfile <intermediate>.pem -signer passcertificate.pem -inkey passkey.pem -in manifest.json -out signature -outform DER -passin pass:<password_out>

这是吗 可能的 使用标准库在Go中重现这些步骤?

// read file content to be signed
content, err := ioutil.ReadFile(".../path_to_file/manifest.json")
if err != nil {
    //
}
// read .p12 file
buf, err := ioutil.ReadFile(".../path_to_file/Certificate.p12")
if err != nil {
    //
}
// extract key and cert
pk, cert, err := pkcs12.Decode(buf, password)
if err != nil {
    return err
}
privateKey := pk.(*rsa.PrivateKey)
// create hash
h := crypto.SHA256.New()
_, err = h.Write(content)
if err != nil {
    //
}
hashed := h.Sum(nil)
// how to pass intermediate cert??
sign, err := rsa.SignPKCS1v15(rand.Reader, privateKey, crypto.SHA256, 
hashed)
if err != nil {
    return err
}
sig := base64.RawURLEncoding.EncodeToString(sign)