Beispiel #1
0
func main() {
	// Generate client key.
	clientKey, err := libtrust.GenerateECP256PrivateKey()
	if err != nil {
		log.Fatal(err)
	}

	// Add a comment for the client key.
	clientKey.AddExtendedField("comment", "TLS Demo Client")

	// Save the client key, public and private versions.
	err = libtrust.SaveKey("client_data/private_key.pem", clientKey)
	if err != nil {
		log.Fatal(err)
	}

	err = libtrust.SavePublicKey("client_data/public_key.pem", clientKey.PublicKey())
	if err != nil {
		log.Fatal(err)
	}

	// Generate server key.
	serverKey, err := libtrust.GenerateECP256PrivateKey()
	if err != nil {
		log.Fatal(err)
	}

	// Set the list of addresses to use for the server.
	serverKey.AddExtendedField("hosts", []string{"localhost", "docker.example.com"})

	// Save the server key, public and private versions.
	err = libtrust.SaveKey("server_data/private_key.pem", serverKey)
	if err != nil {
		log.Fatal(err)
	}

	err = libtrust.SavePublicKey("server_data/public_key.pem", serverKey.PublicKey())
	if err != nil {
		log.Fatal(err)
	}

	// Generate Authorized Keys file for server.
	err = libtrust.AddKeySetFile("server_data/trusted_clients.pem", clientKey.PublicKey())
	if err != nil {
		log.Fatal(err)
	}

	// Generate Known Host Keys file for client.
	err = libtrust.AddKeySetFile("client_data/trusted_hosts.pem", serverKey.PublicKey())
	if err != nil {
		log.Fatal(err)
	}
}
Beispiel #2
0
func generateTrustChain(t *testing.T, chainLen int) (libtrust.PrivateKey, *x509.CertPool, []*x509.Certificate) {
	caKey, err := libtrust.GenerateECP256PrivateKey()
	if err != nil {
		t.Fatalf("Error generating key: %s", err)
	}
	ca, err := testutil.GenerateTrustCA(caKey.CryptoPublicKey(), caKey.CryptoPrivateKey())
	if err != nil {
		t.Fatalf("Error generating ca: %s", err)
	}

	parent := ca
	parentKey := caKey
	chain := make([]*x509.Certificate, chainLen)
	for i := chainLen - 1; i > 0; i-- {
		intermediatekey, err := libtrust.GenerateECP256PrivateKey()
		if err != nil {
			t.Fatalf("Error generate key: %s", err)
		}
		chain[i], err = testutil.GenerateIntermediate(intermediatekey.CryptoPublicKey(), parentKey.CryptoPrivateKey(), parent)
		if err != nil {
			t.Fatalf("Error generating intermdiate certificate: %s", err)
		}
		parent = chain[i]
		parentKey = intermediatekey
	}
	trustKey, err := libtrust.GenerateECP256PrivateKey()
	if err != nil {
		t.Fatalf("Error generate key: %s", err)
	}
	chain[0], err = testutil.GenerateTrustCert(trustKey.CryptoPublicKey(), parentKey.CryptoPrivateKey(), parent)
	if err != nil {
		t.Fatalf("Error generate trust cert: %s", err)
	}

	caPool := x509.NewCertPool()
	caPool.AddCert(ca)

	return trustKey, caPool, chain
}
Beispiel #3
0
func createTestKeysAndGrants(count int) ([]*Grant, []libtrust.PrivateKey) {
	grants := make([]*Grant, count)
	keys := make([]libtrust.PrivateKey, count)
	for i := 0; i < count; i++ {
		pk, err := libtrust.GenerateECP256PrivateKey()
		if err != nil {
			panic(err)
		}
		grant := &Grant{
			Subject:    fmt.Sprintf("/user-%d", i+1),
			Permission: 0x0f,
			Grantee:    pk.KeyID(),
		}
		keys[i] = pk
		grants[i] = grant
	}
	return grants, keys
}
Beispiel #4
0
// LoadOrCreateTrustKey attempts to load the libtrust key at the given path,
// otherwise generates a new one
func LoadOrCreateTrustKey(trustKeyPath string) (libtrust.PrivateKey, error) {
	err := os.MkdirAll(path.Dir(trustKeyPath), 0700)
	if err != nil {
		return nil, err
	}
	trustKey, err := libtrust.LoadKeyFile(trustKeyPath)
	if err == libtrust.ErrKeyFileDoesNotExist {
		trustKey, err = libtrust.GenerateECP256PrivateKey()
		if err != nil {
			return nil, fmt.Errorf("Error generating key: %s", err)
		}
		if err := libtrust.SaveKey(trustKeyPath, trustKey); err != nil {
			return nil, fmt.Errorf("Error saving key file: %s", err)
		}
	} else if err != nil {
		return nil, fmt.Errorf("Error loading key file: %s", err)
	}
	return trustKey, nil
}