Beispiel #1
0
// ToCSRBundle converts a byte-based raw DER certificate bundle
// to a PEM-based string certificate bundle
func (p *ParsedCSRBundle) ToCSRBundle() (*CSRBundle, error) {
	result := &CSRBundle{}
	block := pem.Block{
		Type: "CERTIFICATE REQUEST",
	}

	if p.CSRBytes != nil && len(p.CSRBytes) > 0 {
		block.Bytes = p.CSRBytes
		result.CSR = strings.TrimSpace(string(pem.EncodeToMemory(&block)))
	}

	if p.PrivateKeyBytes != nil && len(p.PrivateKeyBytes) > 0 {
		block.Bytes = p.PrivateKeyBytes
		switch p.PrivateKeyType {
		case RSAPrivateKey:
			result.PrivateKeyType = "rsa"
			block.Type = "RSA PRIVATE KEY"
		case ECPrivateKey:
			result.PrivateKeyType = "ec"
			block.Type = "EC PRIVATE KEY"
		default:
			return nil, errutil.InternalError{"Could not determine private key type when creating block"}
		}
		result.PrivateKey = strings.TrimSpace(string(pem.EncodeToMemory(&block)))
	}

	return result, nil
}
Beispiel #2
0
func GenKeyPairIfNone(privateName string, publicName string) {
	dir, _ := filepath.Abs(filepath.Dir(os.Args[0]))
	privatekey := filepath.Join(dir, privateName)
	publickey := filepath.Join(dir, publicName)

	if _, err := os.Stat(string(privatekey)); os.IsNotExist(err) {

		log.Println("Generating JWT private key at ", string(privatekey))
		k, err := rsa.GenerateKey(rand.Reader, 2048)
		if err != nil {
			log.Fatal(err)
		}
		var private pem.Block
		private.Type = "RSA PRIVATE KEY"
		private.Bytes = x509.MarshalPKCS1PrivateKey(k)
		pp := new(bytes.Buffer)
		pem.Encode(pp, &private)
		err = ioutil.WriteFile(string(privatekey), pp.Bytes(), 0644)
		if err != nil {
			log.Fatal(err)
		}

		log.Println("Generating JWT public key at ", string(privatekey))
		var public pem.Block
		public.Type = "RSA PUBLIC KEY"
		public.Bytes, _ = x509.MarshalPKIXPublicKey(&k.PublicKey)
		ps := new(bytes.Buffer)
		pem.Encode(ps, &public)
		err = ioutil.WriteFile(string(publickey), ps.Bytes(), 0644)
		if err != nil {
			log.Fatal(err)
		}
	}

}
Beispiel #3
0
func encrypt(key []byte, keytype Type, password string) (out []byte, err error) {
	cryptkey, iv, err := encryptKey(key, password)
	if err != nil {
		return
	}

	var block pem.Block
	switch keytype {
	case KEY_RSA:
		block.Type = "RSA PRIVATE KEY"
	case KEY_ECDSA:
		block.Type = "EC PRIVATE KEY"
	case KEY_DSA:
		block.Type = "DSA PRIVATE KEY"
	default:
		err = ErrInvalidPrivateKey
		return
	}
	block.Bytes = cryptkey
	block.Headers = make(map[string]string)
	block.Headers["Proc-Type"] = "4,ENCRYPTED"
	block.Headers["DEK-Info"] = fmt.Sprintf("AES-128-CBC,%X", iv)
	out = pem.EncodeToMemory(&block)
	return
}
Beispiel #4
0
// Export writes the keychain to a file in PEM format.
func (kc *KeyChain) Export(filename string) (err error) {
	if !kc.Validate() {
		return ErrInvalidKeyChain
	}

	var blk pem.Block
	var buf = new(bytes.Buffer)
	var fail = func() {
		buf.Reset()
		err = ErrInvalidKeyChain
	}

	blk.Type = "RSA PRIVATE KEY"
	blk.Bytes = x509.MarshalPKCS1PrivateKey(kc.Private)
	err = pem.Encode(buf, &blk)
	if err != nil {
		fail()
		return
	}

	blk.Type = "RSA PUBLIC KEY"
	for _, pk := range kc.Public {
		if pk.Key == nil {
			continue
		}
		if pk.Id != "" {
			if blk.Headers == nil {
				blk.Headers = make(map[string]string)
			}
			blk.Headers["id"] = pk.Id
		} else {
			if blk.Headers != nil {
				delete(blk.Headers, "id")
				blk.Headers = nil
			}
		}
		blk.Bytes, err = x509.MarshalPKIXPublicKey(pk.Key)
		if err != nil {
			fail()
			return
		}
		err = pem.Encode(buf, &blk)
		if err != nil {
			fail()
		}
		fmt.Println("wrote a public key")
	}
	err = ioutil.WriteFile(filename, buf.Bytes(), 0400)
	buf.Reset()
	return
}
Beispiel #5
0
Datei: main.go Projekt: kr/runx
func execSSH(url, uuid string, key *rsa.PrivateKey, args []string) error {
	f, err := ioutil.TempFile("", "runx")
	if err != nil {
		return fmt.Errorf("tmpfile: %s", err)
	}
	defer f.Close()
	var b pem.Block
	b.Type = "RSA PRIVATE KEY"
	b.Bytes = x509.MarshalPKCS1PrivateKey(key)
	if err = pem.Encode(f, &b); err != nil {
		return fmt.Errorf("pem: %s", err)
	}
	f.Seek(0, 0)
	argv := []string{
		"ssh",
		"-i" + f.Name(),
		"-oProxyCommand=hk runx [proxy]",
		"-oLocalCommand=rm " + f.Name(),
		"-oStrictHostKeyChecking=no",
		"-oUserKnownHostsFile=/dev/null",
		"dyno@" + uuid,
	}
	env := append(os.Environ(), "RUNX_URL="+url)
	return syscall.Exec("/usr/bin/ssh", append(argv, args...), env)
}
Beispiel #6
0
func EncodePEM(binary []byte, blockType string, password string) (pemBlock string, err error) {

	var blk *pem.Block
	/* Awaiting Go 1.1 */
	if password != "" {
		passwordBytes := ([]byte)(password)
		blk, err = x509.EncryptPEMBlock(rand.Reader, blockType, binary, passwordBytes, x509.PEMCipherAES256)
		if err != nil {
			return
		}
	} else {
		/* */
		blk = new(pem.Block)
		blk.Type = blockType
		blk.Bytes = binary
		/* Awaiting Go 1.1 */
	}
	/* */

	buf := new(bytes.Buffer)

	err = pem.Encode(buf, blk)
	if err != nil {
		return
	}

	pemBlock = buf.String()
	return
}
Beispiel #7
0
func (pk *PrivateKey) Marshal(ss ...string) ([]byte, error) {
	var k = x509.MarshalPKCS1PrivateKey(&pk.PrivateKey)
	var block pem.Block
	block.Bytes = k
	block.Type = strings.Join(ss, " ")
	return pem.EncodeToMemory(&block), nil
}
Beispiel #8
0
// Read a PEM file and ask for a password to decrypt it if needed
func ReadPEMData(pemFile string, pemPass []byte) ([]byte, error) {
	pemData, err := ioutil.ReadFile(pemFile)
	if err != nil {
		return pemData, err
	}

	// We should really just get the pem.Block back here, if there's other
	// junk on the end, warn about it.
	pemBlock, rest := pem.Decode(pemData)
	if len(rest) > 0 {
		log.Warning("Didn't parse all of", pemFile)
	}

	if x509.IsEncryptedPEMBlock(pemBlock) {
		// Decrypt and get the ASN.1 DER bytes here
		pemData, err = x509.DecryptPEMBlock(pemBlock, pemPass)
		if err != nil {
			return pemData, err
		} else {
			log.Info("Decrypted", pemFile, "successfully")
		}
		// Shove the decrypted DER bytes into a new pem Block with blank headers
		var newBlock pem.Block
		newBlock.Type = pemBlock.Type
		newBlock.Bytes = pemData
		// This is now like reading in an uncrypted key from a file and stuffing it
		// into a byte stream
		pemData = pem.EncodeToMemory(&newBlock)
	}
	return pemData, nil
}
Beispiel #9
0
// Given a private key and a (possibly empty) password, returns a byte
// slice containing a PEM-encoded private key in the appropriate
// OpenSSH format.
func MarshalPrivate(priv interface{}, password string) (out []byte, err error) {
	var (
		keytype Type
		der     []byte
		btype   string
	)

	switch priv.(type) {
	case *rsa.PrivateKey:
		keytype = KEY_RSA
		der = x509.MarshalPKCS1PrivateKey(priv.(*rsa.PrivateKey))
		if der == nil {
			err = ErrInvalidPrivateKey
			return
		}
		btype = "RSA PRIVATE KEY"
	case *ecdsa.PrivateKey:
		keytype = KEY_ECDSA
		der, err = marshalECDSAKey(priv.(*ecdsa.PrivateKey))
		btype = "EC PRIVATE KEY"
	case *dsa.PrivateKey:
		keytype = KEY_DSA

		dsakey := priv.(*dsa.PrivateKey)
		k := struct {
			Version int
			P       *big.Int
			Q       *big.Int
			G       *big.Int
			Priv    *big.Int
			Pub     *big.Int
		}{
			Version: 1,
			P:       dsakey.PublicKey.P,
			Q:       dsakey.PublicKey.Q,
			G:       dsakey.PublicKey.G,
			Priv:    dsakey.PublicKey.Y,
			Pub:     dsakey.X,
		}
		der, err = asn1.Marshal(k)
		if err != nil {
			return
		}
		btype = "DSA PRIVATE KEY"
	default:
		err = ErrInvalidPrivateKey
		return
	}

	if password != "" {
		out, err = encrypt(der, keytype, password)
		return
	}
	var block pem.Block
	block.Type = btype
	block.Bytes = der
	out = pem.EncodeToMemory(&block)
	return
}
Beispiel #10
0
func convertBag(bag *safeBag, password []byte) (*pem.Block, error) {
	b := new(pem.Block)

	for _, attribute := range bag.Attributes {
		k, v, err := convertAttribute(&attribute)
		if err != nil {
			return nil, err
		}
		if b.Headers == nil {
			b.Headers = make(map[string]string)
		}
		b.Headers[k] = v
	}

	switch {
	case bag.ID.Equal(oidCertBagType):
		b.Type = CertificateType
		certsData, err := decodeCertBag(bag.Value.Bytes)
		if err != nil {
			return nil, err
		}
		b.Bytes = certsData
	case bag.ID.Equal(oidPkcs8ShroudedKeyBagType):
		b.Type = PrivateKeyType

		key, err := decodePkcs8ShroudedKeyBag(bag.Value.Bytes, password)
		if err != nil {
			return nil, err
		}

		switch key := key.(type) {
		case *rsa.PrivateKey:
			b.Bytes = x509.MarshalPKCS1PrivateKey(key)
		case *ecdsa.PrivateKey:
			b.Bytes, err = x509.MarshalECPrivateKey(key)
			if err != nil {
				return nil, err
			}
		default:
			return nil, errors.New("found unknown private key type in PKCS#8 wrapping")
		}
	default:
		return nil, errors.New("don't know how to convert a safe bag of type " + bag.ID.String())
	}
	return b, nil
}
Beispiel #11
0
// GenerateKeyAndCSR generates a new PEM-encoded private key and
// certificate signature request. The keyType parameter controls what
// type of key is generated; the size parameter controls what size key
// (in bits) is generated. For ECDSA, valid key sizes are 256, 384,
// and 521; these translate to secp256v1, secp384r1, and secp521r1. The
// SubjectInfo parameter contains the information used to create the CSR.
func GenerateKeyAndCSR(keyType PublicAlgo, size int, si *SubjectInfo) (pemKey []byte, csr []byte, err error) {
	var priv interface{}
	var block pem.Block

	switch keyType {
	case RSA:
		priv, err = rsa.GenerateKey(rand.Reader, size)
		if err != nil {
			return nil, nil, err
		}
		block.Bytes = x509.MarshalPKCS1PrivateKey(priv.(*rsa.PrivateKey))
		block.Type = "RSA PRIVATE KEY"
	case ECDSA:
		var curve elliptic.Curve
		switch size {
		case 256:
			curve = elliptic.P256()
		case 384:
			curve = elliptic.P384()
		case 521:
			curve = elliptic.P521()
		default:
			err = ErrUnsupportedPrivate
			return
		}

		priv, err = ecdsa.GenerateKey(curve, rand.Reader)
		if err != nil {
			return
		}

		block.Bytes, err = x509.MarshalECPrivateKey(priv.(*ecdsa.PrivateKey))
		if err != nil {
			return
		}
		block.Type = "EC PRIVATE KEY"
	default:
		err = ErrUnsupportedPrivate
		return
	}

	pemKey = pem.EncodeToMemory(&block)
	csr, err = NewCertificateRequest(priv, si)
	return
}
Beispiel #12
0
func main() {
	key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)

	pubkey := key.Public()

	bytes, _ := x509.MarshalECPrivateKey(key)
	block := pem.Block{}
	block.Bytes = bytes
	block.Type = "EC PRIVATE KEY"
	bytes_encoded := pem.EncodeToMemory(&block)

	fmt.Println(string(bytes_encoded))
	if err != nil {
		fmt.Println(err)
	}

	bytes, _ = x509.MarshalPKIXPublicKey(pubkey)
	block = pem.Block{}
	block.Type = "EC PUBLIC KEY"

	block.Bytes = bytes
	bytes_encoded = pem.EncodeToMemory(&block)

	fmt.Println(string(bytes_encoded))
	if err != nil {
		fmt.Println(err)
	}

	//	dat, err := ioutil.ReadFile("prime256v1-key.pem")
	//	pemblock, _ := pem.Decode(dat)
	//	check(err)
	//	privkey, parseerr := x509.ParseECPrivateKey(pemblock.Bytes)
	//
	//	if parseerr != nil {
	//		fmt.Println(err)
	//	}
	//
	//	bytes, _ = x509.MarshalECPrivateKey(privkey)
	//	block = pem.Block{}
	//	block.Bytes = bytes
	//	block.Type = "EC PRIVATE KEY"
	//	bytes_encoded = pem.EncodeToMemory(&block)
	//	fmt.Println(string(bytes_encoded))
}
Beispiel #13
0
func (pk *PublicKey) Marshal(ss ...string) ([]byte, error) {
	var k, err = x509.MarshalPKIXPublicKey(&pk.PublicKey)
	if err != nil {
		return nil, err
	}
	var block pem.Block
	block.Bytes = k
	block.Type = strings.Join(ss, " ")
	return pem.EncodeToMemory(&block), nil
}
Beispiel #14
0
Datei: rsa.go Projekt: kr/runx
func main() {
	k, err := rsa.GenerateKey(rand.Reader, 768)
	if err != nil {
		log.Fatal(err)
	}
	var b pem.Block
	b.Type = "RSA PRIVATE KEY"
	b.Bytes = x509.MarshalPKCS1PrivateKey(k)
	pem.Encode(os.Stdout, &b)
}
Beispiel #15
0
// ToCertBundle converts a byte-based raw DER certificate bundle
// to a PEM-based string certificate bundle
func (p *ParsedCertBundle) ToCertBundle() (*CertBundle, error) {
	result := &CertBundle{}
	block := pem.Block{
		Type: "CERTIFICATE",
	}

	if p.Certificate != nil {
		result.SerialNumber = strings.TrimSpace(GetHexFormatted(p.Certificate.SerialNumber.Bytes(), ":"))
	}

	if p.CertificateBytes != nil && len(p.CertificateBytes) > 0 {
		block.Bytes = p.CertificateBytes
		result.Certificate = strings.TrimSpace(string(pem.EncodeToMemory(&block)))
	}

	for _, caCert := range p.CAChain {
		block.Bytes = caCert.Bytes
		certificate := strings.TrimSpace(string(pem.EncodeToMemory(&block)))

		result.CAChain = append(result.CAChain, certificate)
	}

	if p.PrivateKeyBytes != nil && len(p.PrivateKeyBytes) > 0 {
		block.Type = string(p.PrivateKeyFormat)
		block.Bytes = p.PrivateKeyBytes
		result.PrivateKeyType = p.PrivateKeyType

		//Handle bundle not parsed by us
		if block.Type == "" {
			switch p.PrivateKeyType {
			case ECPrivateKey:
				block.Type = string(ECBlock)
			case RSAPrivateKey:
				block.Type = string(PKCS1Block)
			}
		}

		result.PrivateKey = strings.TrimSpace(string(pem.EncodeToMemory(&block)))
	}

	return result, nil
}
Beispiel #16
0
func saveKey(keyPath string, key crypto.PrivateKey) error {

	if fileExists(keyPath) {
		return nil
	}

	f, err := os.Create(keyPath)
	if err != nil {
		return err
	}
	w := bufio.NewWriter(f)
	defer f.Close()

	var block pem.Block

	switch i := key.(type) {
	case *ecdsa.PrivateKey:
		// TODO: How do we encode and save the parameters of the curve? Do we need to?
		key := key.(*ecdsa.PrivateKey)
		b, err := x509.MarshalECPrivateKey(key)
		if err != nil {
			return err
		}
		block.Type = "EC PARAMETERS"
		err = pem.Encode(w, &block)
		block.Type = "EC PRIVATE KEY"
		block.Bytes = b
	case *rsa.PrivateKey:
		k := x509.MarshalPKCS1PrivateKey(key.(*rsa.PrivateKey))
		block.Type = "RSA PRIVATE KEY"
		block.Bytes = k
	default:
		fmt.Println(i)
		return new(unknownKeyError)
	}

	err = pem.Encode(w, &block)
	if err != nil {
		return err
	}
	return w.Flush()
}
Beispiel #17
0
// ExportPrivatePEM writes the RSA private key to a file in PEM format.
func ExportPrivatePEM(prv *rsa.PrivateKey, filename string) (err error) {
	cert := x509.MarshalPKCS1PrivateKey(prv)
	blk := new(pem.Block)
	blk.Type = "RSA PRIVATE KEY"
	blk.Bytes = cert
	out, err := os.Create(filename)
	if err == nil {
		err = pem.Encode(out, blk)
	}
	return
}
Beispiel #18
0
func PrintPublicKey(pubkey crypto.PublicKey) {

	bytes, _ := x509.MarshalPKIXPublicKey(pubkey)
	block := pem.Block{}
	block.Type = "EC PUBLIC KEY"

	block.Bytes = bytes
	bytes_encoded := pem.EncodeToMemory(&block)

	log.Debugf("Public key:\n%s", string(bytes_encoded))
}
Beispiel #19
0
func newECDSACertificateRequest(priv *ecdsa.PrivateKey, si *SubjectInfo) (out []byte, err error) {
	var siAttr rdnSequence

	rdnAppendPrintable(si.Country, asn1CountryName, &siAttr)
	rdnAppendPrintable(si.StateOrProvince, asn1StateOrProvName, &siAttr)
	rdnAppendPrintable(si.Locality, asn1LocalityName, &siAttr)
	rdnAppendPrintable(si.OrgName, asn1OrgName, &siAttr)
	rdnAppendPrintable(si.OrgUnitName, asn1OrgUnitName, &siAttr)
	rdnAppendPrintable(si.CommonName, asn1CommonName, &siAttr)
	rdnAppendPrintable(si.Email, asn1EmailAddress, &siAttr)

	pkInfo, err := encodeECDSA(priv.PublicKey)
	if err != nil {
		return
	}
	var csrInfo = certificateRequestInfo{
		Subject: siAttr,
		PKInfo:  pkInfo,
	}

	sigData, err := asn1.Marshal(csrInfo)
	if err != nil {
		return
	}
	sum := sha256.Sum256(sigData)
	r, s, err := ecdsa.Sign(rand.Reader, priv, sum[:])
	if err != nil {
		return
	}
	ecdsaSig := ecdsaSignature{r, s}
	sig, err := asn1.Marshal(ecdsaSig)
	if err != nil {
		return
	}

	var crt = certificateRequest{
		Info:      csrInfo,
		SigAlgo:   nullAlgorithm(asn1SHA256withECDSA),
		Signature: toBitString(sig),
	}

	var block pem.Block
	block.Type = "CERTIFICATE REQUEST"
	block.Bytes, err = asn1.Marshal(crt)
	if err != nil {
		return
	}
	out = pem.EncodeToMemory(&block)
	return
}
Beispiel #20
0
// ExportPublicPEM writes the public key to a file in PEM format.
func ExportPublicPEM(pub *rsa.PublicKey, filename string) (err error) {
	cert, err := x509.MarshalPKIXPublicKey(pub)
	if err != nil {
		return
	}
	blk := new(pem.Block)
	blk.Type = "RSA PUBLIC KEY"
	blk.Bytes = cert
	out, err := os.Create(filename)
	if err == nil {
		err = pem.Encode(out, blk)
	}
	return
}
Beispiel #21
0
// ToCertBundle converts a byte-based raw DER certificate bundle
// to a PEM-based string certificate bundle
func (p *ParsedCertBundle) ToCertBundle() (*CertBundle, error) {
	result := &CertBundle{}
	block := pem.Block{
		Type: "CERTIFICATE",
	}

	if p.Certificate != nil {
		result.SerialNumber = strings.TrimSpace(GetOctalFormatted(p.Certificate.SerialNumber.Bytes(), ":"))
	}

	if p.CertificateBytes != nil && len(p.CertificateBytes) > 0 {
		block.Bytes = p.CertificateBytes
		result.Certificate = strings.TrimSpace(string(pem.EncodeToMemory(&block)))
	}

	if p.IssuingCABytes != nil && len(p.IssuingCABytes) > 0 {
		block.Bytes = p.IssuingCABytes
		result.IssuingCA = strings.TrimSpace(string(pem.EncodeToMemory(&block)))
	}

	if p.PrivateKeyBytes != nil && len(p.PrivateKeyBytes) > 0 {
		block.Bytes = p.PrivateKeyBytes
		switch p.PrivateKeyType {
		case RSAPrivateKey:
			result.PrivateKeyType = "rsa"
			block.Type = "RSA PRIVATE KEY"
		case ECPrivateKey:
			result.PrivateKeyType = "ec"
			block.Type = "EC PRIVATE KEY"
		default:
			return nil, InternalError{"Could not determine private key type when creating block"}
		}
		result.PrivateKey = strings.TrimSpace(string(pem.EncodeToMemory(&block)))
	}

	return result, nil
}
Beispiel #22
0
func generatePrivatePem(prv *rsa.PrivateKey) (prvPem string, err error) {
	cert := x509.MarshalPKCS1PrivateKey(prv)
	blk := new(pem.Block)
	blk.Type = "RSA PRIVATE KEY"
	blk.Bytes = cert

	var b bytes.Buffer
	err = pem.Encode(&b, blk)
	if err != nil {
		return
	}

	prvPem = b.String()
	return
}
Beispiel #23
0
// packageBox actually handles boxing. It can output either PEM-encoded or
// DER-encoded boxes.
func packageBox(lockedKey, box []byte, armour bool) (pkg []byte, err error) {
	var pkgBox = boxPackage{lockedKey, box}

	pkg, err = asn1.Marshal(pkgBox)
	if err != nil {
		fmt.Println("[!] couldn't package the box")
		return
	}

	if armour {
		var block pem.Block
		block.Type = "SSHBOX ENCRYPTED FILE"
		block.Bytes = pkg
		pkg = pem.EncodeToMemory(&block)
	}
	return
}
Beispiel #24
0
func generatePublicPem(pub *rsa.PublicKey) (pubPem string, err error) {
	cert, err := x509.MarshalPKIXPublicKey(pub)
	if err != nil {
		return
	}

	blk := new(pem.Block)
	blk.Type = "RSA PUBLIC KEY"
	blk.Bytes = cert

	var b bytes.Buffer
	err = pem.Encode(&b, blk)
	if err != nil {
		return
	}

	pubPem = b.String()
	return
}
Beispiel #25
0
// Export a private key to PEM format.
func ExportPrivatePEM(prv *PrivateKey) (out []byte, err error) {
	der, err := MarshalPrivate(prv)
	if err != nil {
		return
	}

	var block pem.Block
	block.Type = "ELLIPTIC CURVE PRIVATE KEY"
	block.Bytes = der

	buf := new(bytes.Buffer)
	err = pem.Encode(buf, &block)
	if err != nil {
		return
	} else {
		out = buf.Bytes()
	}
	return
}
Beispiel #26
0
// Export a public key to PEM format.
func ExportPublicPEM(pub *PublicKey) (out []byte, err error) {
	der, err := MarshalPublic(pub)
	if err != nil {
		return
	}

	var block pem.Block
	block.Type = "ELLIPTIC CURVE PUBLIC KEY"
	block.Bytes = der

	buf := new(bytes.Buffer)
	err = pem.Encode(buf, &block)
	if err != nil {
		return
	} else {
		out = buf.Bytes()
	}
	return
}
Beispiel #27
0
func main() {
	flag.Parse()

	if *fMakeKey != "" {
		f, err := os.Create(*fMakeKey)
		if err != nil {
			log.Fatal(err)
		}

		key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
		if err != nil {
			log.Fatal(err)
		}

		data, err := x509.MarshalECPrivateKey(key)
		if err != nil {
			log.Fatal(err)
		}

		var blk pem.Block

		blk.Bytes = data
		blk.Type = "ecdsa-key"

		err = pem.Encode(f, &blk)
		if err != nil {
			log.Fatal(err)
		}

		f.Close()

		return
	}

	if *fKey == "" {
		log.Fatal("Please provide the path to the private key")
	}

	cfg := gdata.DefaultConfig()
	cfg.LoadKey(*fKey)

	server, err := gdata.NewServer(cfg)
	if err != nil {
		log.Fatal(err)
	}

	if *fLEDir != "" {
		fmt.Printf("* Listening on TLS %s", *fPort)
		var (
			cert = filepath.Join(*fLEDir, "fullchain.pem")
			key  = filepath.Join(*fLEDir, "privkey.pem")
		)

		err = http.ListenAndServeTLS(*fPort, cert, key, server)

	} else {
		fmt.Printf("* Listening on %s", *fPort)
		err = http.ListenAndServe(*fPort, server)
	}

	if err != nil {
		log.Fatal(err)
	}
}
Beispiel #28
0
// Certificate returns the PEM-encoded certificate built from the
// certificate template and corresponding PEM-encoded private key.
func (ct *CertificateTemplate) Certificate(key []byte) ([]byte, error) {
	var (
		priv interface{}
		err  error
	)

	p, _ := pem.Decode(key)
	if p == nil {
		return nil, ErrInvalidKey
	}

	switch ct.CSR.Algo {
	case csr.RSA:
		if p.Type != "RSA PRIVATE KEY" {
			return nil, ErrInvalidKey
		}
		priv, err = x509.ParsePKCS1PrivateKey(p.Bytes)
		if err != nil {
			return nil, err
		}
	case csr.ECDSA:
		if p.Type != "EC PRIVATE KEY" {
			return nil, ErrInvalidKey
		}
		priv, err = x509.ParseECPrivateKey(p.Bytes)
		if err != nil {
			return nil, err
		}
	default:
		return nil, ErrInvalidCertificate
	}

	name := ct.CSR.Subject.Name()
	name.SerialNumber = ct.Serial.String()

	var usage x509.KeyUsage
	for _, use := range ct.Uses {
		usage |= use
	}

	var extUsage = make([]x509.ExtKeyUsage, len(ct.ExtUses))
	for i, use := range ct.ExtUses {
		extUsage[i] = use
	}

	var tpl = x509.Certificate{
		SerialNumber:          ct.Serial,
		Subject:               name,
		NotBefore:             ct.Start,
		NotAfter:              ct.Expires,
		KeyUsage:              usage,
		ExtKeyUsage:           extUsage,
		BasicConstraintsValid: true,
	}

	if (usage & x509.KeyUsageCertSign) != 0 {
		tpl.IsCA = true
	}

	for _, h := range ct.Hosts {
		h = strings.TrimSpace(h)
		if ip := net.ParseIP(h); ip != nil {
			tpl.IPAddresses = append(tpl.IPAddresses, ip)
		} else {
			tpl.DNSNames = append(tpl.DNSNames, h)
		}
	}

	parent := ct.Parent
	if parent == nil {
		parent = &tpl
	}

	var block pem.Block
	block.Type = "CERTIFICATE"

	switch ct.CSR.Algo {
	case csr.RSA:
		pub := ct.CSR.Public.(rsa.PublicKey)
		privKey := priv.(*rsa.PrivateKey)
		block.Bytes, err = x509.CreateCertificate(prng, &tpl, parent, &pub, privKey)
	case csr.ECDSA:
		pub := ct.CSR.Public.(ecdsa.PublicKey)
		privKey := priv.(*ecdsa.PrivateKey)
		block.Bytes, err = x509.CreateCertificate(prng, &tpl, parent, &pub, privKey)

	}
	if err != nil {
		return nil, err
	}

	return pem.EncodeToMemory(&block), nil
}
Beispiel #29
0
func appendPEM(buf *bytes.Buffer, cert *x509.Certificate) {
	block := new(pem.Block)
	block.Type = "CERTIFICATE"
	block.Bytes = cert.Raw
	pem.Encode(buf, block)
}