func TestRoundTripPkcs8Ecdsa(t *testing.T) {
privateKey, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
if err != nil {
t.Fatalf("failed to generate a private key: %s", err)
}
bytes, err := marshalPKCS8PrivateKey(privateKey)
if err != nil {
t.Fatalf("failed to marshal private key: %s", err)
}
key, err := x509.ParsePKCS8PrivateKey(bytes)
if err != nil {
t.Fatalf("failed to parse private key: %s", err)
}
actualPrivateKey, ok := key.(*ecdsa.PrivateKey)
if !ok {
t.Fatalf("expected key to be of type *ecdsa.PrivateKey, but actual was %T", key)
}
// sanity check, not exhaustive
if actualPrivateKey.D.Cmp(privateKey.D) != 0 {
t.Errorf("private key's D did not round trip")
}
if actualPrivateKey.X.Cmp(privateKey.X) != 0 {
t.Errorf("private key's X did not round trip")
}
if actualPrivateKey.Y.Cmp(privateKey.Y) != 0 {
t.Errorf("private key's Y did not round trip")
}
if actualPrivateKey.Curve.Params().B.Cmp(privateKey.Curve.Params().B) != 0 {
t.Errorf("private key's Curve.B did not round trip")
}
}
func open(keyfile string) (*rsa.PrivateKey, error) {
bytes, err := ioutil.ReadFile(keyfile)
if err != nil {
return nil, err
}
block, _ := pem.Decode(bytes)
if block == nil {
return nil, fmt.Errorf("%s: no valid PEM data found", keyfile)
} else if block.Type != "PRIVATE KEY" {
return nil, fmt.Errorf("%s: expected PRIVATE KEY, got %s", keyfile, block.Type)
}
key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
return nil, err
}
rsaKey, ok := key.(*rsa.PrivateKey)
if !ok {
return nil, fmt.Errorf("")
} else {
return rsaKey, nil
}
}
func parseRsaPrivateKey(path string) (*rsa.PrivateKey, error) {
privateKeyData, err := ioutil.ReadFile(path)
if err != nil {
log.Fatalln("failed", err)
}
block, _ := pem.Decode(privateKeyData)
if block == nil {
panic("failed to decode a pem block from private key pem")
}
privatePkcs1Key, errPkcs1 := x509.ParsePKCS1PrivateKey(block.Bytes)
if errPkcs1 == nil {
return privatePkcs1Key, nil
}
privatePkcs8Key, errPkcs8 := x509.ParsePKCS8PrivateKey(block.Bytes)
if errPkcs8 == nil {
privatePkcs8RsaKey, ok := privatePkcs8Key.(*rsa.PrivateKey)
if !ok {
return nil, fmt.Errorf("Pkcs8 contained non-RSA key. Expected RSA key.")
}
return privatePkcs8RsaKey, nil
}
return nil, fmt.Errorf("Failed to parse private key as Pkcs#1 or Pkcs#8. (%s). (%s).", errPkcs1, errPkcs8)
}
func parseKey(path string) (crypto.PublicKey, error) {
buf, err := ioutil.ReadFile(path)
if err != nil {
return nil, errors.New("failed to open key file \"" + path + "\"")
}
block, _ := pem.Decode(buf)
if block.Type != "PRIVATE KEY" && strings.HasSuffix(block.Type, " PRIVATE KEY") == false {
return nil, errors.New("private key PEM does not appear to contain a private key blob")
}
der := block.Bytes
if key, err := x509.ParsePKCS1PrivateKey(der); err == nil {
return key, nil
}
if key, err := x509.ParsePKCS8PrivateKey(der); err == nil {
switch key := key.(type) {
case *rsa.PrivateKey, *ecdsa.PrivateKey:
return key, nil
default:
return nil, errors.New("crypto/tls: found unknown private key type in PKCS#8 wrapping")
}
}
if key, err := x509.ParseECPrivateKey(der); err == nil {
return key, nil
}
return nil, errors.New("failed to parse private key")
}
// ParsePrivateKeyPEM parses and returns a PEM-encoded private
// key. The private key may be either an unencrypted PKCS#8, PKCS#1,
// or elliptic private key.
func ParsePrivateKeyPEM(keyPEM []byte) (key interface{}, err error) {
keyDER, _ := pem.Decode(keyPEM)
if keyDER == nil {
return nil, cferr.New(cferr.PrivateKeyError, cferr.DecodeFailed, nil)
}
if procType, ok := keyDER.Headers["Proc-Type"]; ok {
if strings.Contains(procType, "ENCRYPTED") {
return nil, cferr.New(cferr.PrivateKeyError, cferr.Encrypted, nil)
}
}
key, err = x509.ParsePKCS8PrivateKey(keyDER.Bytes)
if err != nil {
key, err = x509.ParsePKCS1PrivateKey(keyDER.Bytes)
if err != nil {
key, err = x509.ParseECPrivateKey(keyDER.Bytes)
if err != nil {
// We don't include the actual error into the final error.
// The reason might be we don't want to leak any info about
// the private key.
return nil, cferr.New(cferr.PrivateKeyError, cferr.ParseFailed, nil)
}
}
}
return
}
//DecryptRSA decrypt given []byte with RSA algorithm
func DecryptRSA(data []byte) []byte {
if data == nil {
return nil
}
privateKey := []byte(PrivateKey)
if !ginutil.IsProduction() {
privateKey = []byte(TestPrivateKey)
}
block, _ := pem.Decode(privateKey)
if block == nil {
return nil
}
privInterface, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
return nil
}
priv := privInterface.(*rsa.PrivateKey)
decrypted := make([]byte, 0, len(data))
for i := 0; i < len(data); i += 128 {
if i+128 < len(data) {
partial, err1 := rsa.DecryptPKCS1v15(rand.Reader, priv, data[i:i+128])
if err1 != nil {
return nil
}
decrypted = append(decrypted, partial...)
} else {
partial, err1 := rsa.DecryptPKCS1v15(rand.Reader, priv, data[i:])
if err1 != nil {
return nil
}
decrypted = append(decrypted, partial...)
}
}
return decrypted
}
// LoadPrivateKey loads a private key from PEM/DER-encoded data.
func LoadPrivateKey(data []byte) (interface{}, error) {
input := data
block, _ := pem.Decode(data)
if block != nil {
input = block.Bytes
}
var priv interface{}
priv, err0 := x509.ParsePKCS1PrivateKey(input)
if err0 == nil {
return priv, nil
}
priv, err1 := x509.ParsePKCS8PrivateKey(input)
if err1 == nil {
return priv, nil
}
priv, err2 := x509.ParseECPrivateKey(input)
if err2 == nil {
return priv, nil
}
return nil, fmt.Errorf("square/go-jose: parse error, got '%s', '%s' and '%s'", err0, err1, err2)
}
func loadKey(reader io.Reader) (interface{}, error) {
data, err := ioutil.ReadAll(reader)
if err != nil {
return nil, err
}
for len(data) > 0 {
var block *pem.Block
block, data = pem.Decode(data)
if block == nil {
break
}
switch block.Type {
case "RSA PRIVATE KEY":
return x509.ParsePKCS1PrivateKey(block.Bytes)
case "PRIVATE KEY":
return x509.ParsePKCS8PrivateKey(block.Bytes)
case "RSA PUBLIC KEY":
fallthrough
case "PUBLIC KEY":
return x509.ParsePKIXPublicKey(block.Bytes)
}
}
return nil, errors.New("no key found")
}
// ParsePrivateKeyDER parses a PKCS #1, PKCS #8, or elliptic curve
// DER-encoded private key. The key must not be in PEM format.
func ParsePrivateKeyDER(keyDER []byte) (key crypto.Signer, err error) {
generalKey, err := x509.ParsePKCS8PrivateKey(keyDER)
if err != nil {
generalKey, err = x509.ParsePKCS1PrivateKey(keyDER)
if err != nil {
generalKey, err = x509.ParseECPrivateKey(keyDER)
if err != nil {
// We don't include the actual error into
// the final error. The reason might be
// we don't want to leak any info about
// the private key.
return nil, cferr.New(cferr.PrivateKeyError,
cferr.ParseFailed)
}
}
}
switch generalKey.(type) {
case *rsa.PrivateKey:
return generalKey.(*rsa.PrivateKey), nil
case *ecdsa.PrivateKey:
return generalKey.(*ecdsa.PrivateKey), nil
}
// should never reach here
return nil, cferr.New(cferr.PrivateKeyError, cferr.ParseFailed)
}
// 通过Alipay的商户私钥进行签名
func AlipayPrivateKeySign(privateKeyStr string, content []byte) (sign string, err error) {
der, err := base64.StdEncoding.DecodeString(privateKeyStr)
if err != nil {
return
}
privatekey, err := x509.ParsePKCS8PrivateKey(der)
if err != nil {
return
}
hashType := crypto.SHA1
if !hashType.Available() {
err = errors.New("unsupport sha1")
return
}
h := hashType.New()
h.Write(content)
digest := h.Sum(nil)
_privatekey := privatekey.(*rsa.PrivateKey)
signature, err := rsa.SignPKCS1v15(rand.Reader, _privatekey, crypto.SHA1, digest)
if err != nil {
return
}
sign = base64.StdEncoding.EncodeToString(signature)
return
}
func (k *Keychain) AddPEMKey(privateKeyPath string) error {
var rsakey interface{}
var err error
keyContent, err := ioutil.ReadFile(privateKeyPath)
if err != nil {
return err
}
block, _ := pem.Decode([]byte(keyContent))
if block == nil {
return errors.New("no block in key")
}
rsakey, err = x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
rsakey, err = x509.ParsePKCS8PrivateKey(block.Bytes)
}
if err != nil {
return err
}
k.keys = append(k.keys, rsakey)
return nil
}
/*
Reads and returns the next DER-encoded private key from r,
which may optionally be base64 encoded (PEM format)
and may be preceded by "garbage" (PEM headers).
This function takes care not to read more bytes than
necessary which allows the function to be called
multiple times on a stream of concatenated keys.
*/
func ReadNextKey(in io.Reader) (crypto.Signer, error) {
data, err := ReadNextSEQUENCE(in)
if err != nil {
return nil, err
}
key1, err1 := x509.ParseECPrivateKey(data)
key2, err2 := x509.ParsePKCS1PrivateKey(data)
key3, err3 := x509.ParsePKCS8PrivateKey(data)
if err1 == nil {
return key1, nil
}
if err2 == nil {
return key2, nil
}
if err3 != nil {
return nil, err3
}
switch key := key3.(type) {
case *rsa.PrivateKey:
return key, nil
case *ecdsa.PrivateKey:
return key, nil
}
return nil, fmt.Errorf("Unknown key type in PKCS8 container")
}
func parseCakey(cakeyfile *string) (*rsa.PrivateKey, error) {
cakeybytes, err := ioutil.ReadFile(*cakeyfile)
if err != nil {
return nil, err
}
cakeyblock, _ := pem.Decode(cakeybytes)
if cakeyblock == nil {
return nil, fmt.Errorf("Not valid CA key %s", *cakeyfile)
}
der := cakeyblock.Bytes
// Try to parse as PKCS1
cakey1, err := x509.ParsePKCS1PrivateKey(der)
if err == nil {
return cakey1, err
}
// Otherwise try PKCS8
cakey8, err := x509.ParsePKCS8PrivateKey(der)
if err != nil {
return nil, err
}
switch k := cakey8.(type) {
case *rsa.PrivateKey:
return k, nil
default:
return nil, fmt.Errorf("CA key %s not an PKCS8 RSA private key", cakeyfile)
}
}
func FuzzPKCS(data []byte) int {
score := 0
if k, err := x509.ParsePKCS1PrivateKey(data); err == nil {
score = 1
data1 := x509.MarshalPKCS1PrivateKey(k)
k1, err := x509.ParsePKCS1PrivateKey(data1)
if err != nil {
panic(err)
}
if !fuzz.DeepEqual(k, k1) {
panic("keys are not equal")
}
}
if k0, err := x509.ParsePKCS8PrivateKey(data); err == nil {
score = 1
if k, ok := k0.(*rsa.PrivateKey); ok {
data1 := x509.MarshalPKCS1PrivateKey(k)
k1, err := x509.ParsePKCS1PrivateKey(data1)
if err != nil {
panic(err)
}
if !fuzz.DeepEqual(k, k1) {
panic("keys are not equal")
}
}
}
return score
}
//SignWithRSA sign given encrypted data with RSA algorithm
func SignRSA(raw []byte, algorithm crypto.Hash) []byte {
if raw == nil {
return nil
}
privateKey := []byte(PrivateKey)
if !ginutil.IsProduction() {
privateKey = []byte(TestPrivateKey)
}
block, _ := pem.Decode(privateKey)
if block == nil {
return nil
}
privInterface, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
return nil
}
priv := privInterface.(*rsa.PrivateKey)
var data []byte
if algorithm == crypto.SHA1 {
data = EncryptSHA(raw)
} else {
data = EncryptMD5(EncryptSHA(raw))
}
signed, err := rsa.SignPKCS1v15(rand.Reader, priv, algorithm, data)
if err != nil {
return nil
}
return signed
}
func NewGCS(name string, info map[string]string) (Backend, error) {
b := &gcsBackend{
name: name,
bucketName: info["bucket"],
}
keyJSON := []byte(info["key"])
if b.bucketName == "" {
return nil, fmt.Errorf("blobstore: missing Google Cloud Storage bucket param for %s", name)
}
if len(keyJSON) == 0 {
return nil, fmt.Errorf("blobstore: missing Google Cloud Storage key JSON param for %s", name)
}
jwtToken, err := google.JWTConfigFromJSON(keyJSON, "https://www.googleapis.com/auth/devstorage.read_write")
if err != nil {
return nil, fmt.Errorf("blobstore: error loading Google Cloud Storage JSON key: %s", err)
}
tokenSource := jwtToken.TokenSource(context.Background())
// Test getting an OAuth token so we can disambiguate an issue with the
// token and an issue with the bucket permissions below.
if _, err := tokenSource.Token(); err != nil {
return nil, fmt.Errorf("blobstore: error getting Google Cloud Storage OAuth token: %s", err)
}
pemBlock, _ := pem.Decode(jwtToken.PrivateKey)
privateKey, err := x509.ParsePKCS8PrivateKey(pemBlock.Bytes)
if err != nil {
return nil, fmt.Errorf("blobstore: error decoding Google Cloud Storage private key: %s", err)
}
rsaPrivateKey, ok := privateKey.(*rsa.PrivateKey)
if !ok {
return nil, fmt.Errorf("blobstore: unexpected Google Cloud Storage key type: %T", privateKey)
}
b.signOpts = func() *storage.SignedURLOptions {
return &storage.SignedURLOptions{
GoogleAccessID: jwtToken.Email,
SignBytes: func(b []byte) ([]byte, error) {
digest := sha256.Sum256(b)
return rsa.SignPKCS1v15(rand.Reader, rsaPrivateKey, crypto.SHA256, digest[:])
},
Method: "GET",
Expires: time.Now().Add(10 * time.Minute),
}
}
client, err := storage.NewClient(context.Background(), option.WithTokenSource(tokenSource))
if err != nil {
return nil, fmt.Errorf("blobstore: error creating Google Cloud Storage client: %s", err)
}
b.bucket = client.Bucket(b.bucketName)
_, err = b.bucket.Attrs(context.Background())
if err != nil {
return nil, fmt.Errorf("blobstore: error checking Google Cloud Storage bucket %q existence, ensure that it exists and Owner access for %s is included the bucket ACL: %q", b.bucketName, jwtToken.Email, err)
}
return b, nil
}
// X509KeyPair parses a public/private key pair from a pair of
// PEM encoded data.
func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err error) {
var certDERBlock *pem.Block
for {
certDERBlock, certPEMBlock = pem.Decode(certPEMBlock)
if certDERBlock == nil {
break
}
if certDERBlock.Type == "CERTIFICATE" {
cert.Certificate = append(cert.Certificate, certDERBlock.Bytes)
}
}
if len(cert.Certificate) == 0 {
err = errors.New("crypto/tls: failed to parse certificate PEM data")
return
}
keyDERBlock, _ := pem.Decode(keyPEMBlock)
if keyDERBlock == nil {
err = errors.New("crypto/tls: failed to parse key PEM data")
return
}
// OpenSSL 0.9.8 generates PKCS#1 private keys by default, while
// OpenSSL 1.0.0 generates PKCS#8 keys. We try both.
var key *rsa.PrivateKey
if key, err = x509.ParsePKCS1PrivateKey(keyDERBlock.Bytes); err != nil {
var privKey interface{}
if privKey, err = x509.ParsePKCS8PrivateKey(keyDERBlock.Bytes); err != nil {
err = errors.New("crypto/tls: failed to parse key: " + err.Error())
return
}
var ok bool
if key, ok = privKey.(*rsa.PrivateKey); !ok {
err = errors.New("crypto/tls: found non-RSA private key in PKCS#8 wrapping")
return
}
}
cert.PrivateKey = key
// We don't need to parse the public key for TLS, but we so do anyway
// to check that it looks sane and matches the private key.
x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
if err != nil {
return
}
if x509Cert.PublicKeyAlgorithm != x509.RSA || x509Cert.PublicKey.(*rsa.PublicKey).N.Cmp(key.PublicKey.N) != 0 {
err = errors.New("crypto/tls: private key does not match public key")
return
}
return
}
// parsePKCSPrivateKey attempts to decode a RSA private key first using PKCS1
// encoding, and then PKCS8 encoding.
func parsePKCSPrivateKey(buf []byte) (interface{}, error) {
// attempt PKCS1 parsing
key, err := x509.ParsePKCS1PrivateKey(buf)
if err != nil {
// attempt PKCS8 parsing
return x509.ParsePKCS8PrivateKey(buf)
}
return key, nil
}
// parsePKCS8PrivateKey parses the provided private key in the PKCS#8 format.
func parsePKCS8PrivateKey(data []byte) (*ecdsa.PrivateKey, error) {
key, err := x509.ParsePKCS8PrivateKey(data)
if err != nil {
return nil, err
}
eckey, ok := key.(*ecdsa.PrivateKey)
if !ok {
return nil, fmt.Errorf("not an ECDSA private key")
}
return eckey, nil
}
func ParsePKCS8Key(publicKey, privateKey []byte) (Key, error) {
puk, err := x509.ParsePKIXPublicKey(publicKey)
if err != nil {
return nil, err
}
prk, err := x509.ParsePKCS8PrivateKey(privateKey)
if err != nil {
return nil, err
}
return &key{publicKey: puk.(*rsa.PublicKey), privateKey: prk.(*rsa.PrivateKey)}, nil
}
func main() {
if len(os.Args) != 2 {
fmt.Fprintf(os.Stderr, "USAGE: %v <keyfile>\n", "analysekey")
os.Exit(1)
}
file, err := os.Open(os.Args[1])
if err != nil {
fmt.Fprintf(os.Stderr, "%v\n", err)
os.Exit(1)
}
data, err := asn1.ReadNextSEQUENCE(file)
if err != nil {
fmt.Fprintf(os.Stderr, "%v\n", err)
os.Exit(1)
}
fmt.Fprintf(os.Stdout, "%v\n", asn1.AnalyseDER(data))
key1, err1 := x509.ParseECPrivateKey(data)
key2, err2 := x509.ParsePKCS1PrivateKey(data)
key3, err3 := x509.ParsePKCS8PrivateKey(data)
var pub interface{}
if err1 == nil && key1 != nil {
fmt.Fprintf(os.Stdout, "ParseECPrivateKey OK\n")
pub = key1.Public()
}
if err2 == nil && key2 != nil {
fmt.Fprintf(os.Stdout, "ParsePKCS1PrivateKey OK\n")
pub = key2.Public()
}
if err3 == nil && key3 != nil {
fmt.Fprintf(os.Stdout, "ParsePKCS8PrivateKey OK => %T\n", key3)
switch key := key3.(type) {
case *rsa.PrivateKey:
pub = key.Public()
case *ecdsa.PrivateKey:
pub = key.Public()
}
}
if pub != nil {
pubkeybytes, err := x509.MarshalPKIXPublicKey(pub)
if err != nil {
fmt.Fprintf(os.Stderr, "%v\n", err)
os.Exit(1)
}
fmt.Fprintf(os.Stdout, "\nCORRESPONDING PUBLIC KEY: %v\n", asn1.AnalyseDER(pubkeybytes))
}
}
// LoadPrivateKeyBytes loads an RSA or ECDSA private key from a byte slice.
func LoadPrivateKeyBytes(data []byte) (PrivateKey, error) {
block, _ := pem.Decode(data) // ignoring remaining data
switch PemType(block.Type) {
case PemPkcs8Info:
return x509.ParsePKCS8PrivateKey(block.Bytes)
case PemRsaPrivate:
return x509.ParsePKCS1PrivateKey(block.Bytes)
case PemEcPrivate:
return x509.ParseECPrivateKey(block.Bytes)
default:
return nil, &PemTypeError{"* PRIVATE KEY", PemType(block.Type)}
}
}
// X509KeyPair parses a public/private key pair from a pair of PEM encoded
// data. It is slightly modified version of tls.X509Proxy where Leaf
// assignment is made to make proxy certificate works.
func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert tls.Certificate, err error) {
var certDERBlock *pem.Block
for {
certDERBlock, certPEMBlock = pem.Decode(certPEMBlock)
if certDERBlock == nil {
break
}
// parse certificates
certs, err2 := x509.ParseCertificates(certDERBlock.Bytes)
if err2 == nil {
// assign the Leaf
cert.Leaf = certs[0]
}
if certDERBlock.Type == "CERTIFICATE" {
cert.Certificate = append(cert.Certificate, certDERBlock.Bytes)
}
}
if len(cert.Certificate) == 0 {
err = errors.New("crypto/tls: failed to parse certificate PEM data")
return
}
keyDERBlock, _ := pem.Decode(keyPEMBlock)
if keyDERBlock == nil {
err = errors.New("crypto/tls: failed to parse key PEM data")
return
}
// OpenSSL 0.9.8 generates PKCS#1 private keys by default, while
// OpenSSL 1.0.0 generates PKCS#8 keys. We try both.
var key *rsa.PrivateKey
if key, err = x509.ParsePKCS1PrivateKey(keyDERBlock.Bytes); err != nil {
var privKey interface{}
if privKey, err = x509.ParsePKCS8PrivateKey(keyDERBlock.Bytes); err != nil {
err = errors.New("crypto/tls: failed to parse key: " + err.Error())
return
}
var ok bool
if key, ok = privKey.(*rsa.PrivateKey); !ok {
err = errors.New("crypto/tls: found non-RSA private key in PKCS#8 wrapping")
return
}
}
cert.PrivateKey = key
return
}
func mustUnmarshalRSA(data string) *rsa.PrivateKey {
block, _ := pem.Decode([]byte(data))
if block == nil {
panic("failed to decode PEM data")
}
key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
panic("failed to parse RSA key: " + err.Error())
}
if key, ok := key.(*rsa.PrivateKey); ok {
return key
}
panic("key is not of type *rsa.PrivateKey")
}
func genPrivKeyFromPKSC8(pkcs8Key string) (privkey *rsa.PrivateKey) {
// 解base64
encodedKey, err := base64.StdEncoding.DecodeString(pkcs8Key)
if err != nil {
log.Fatal(err)
}
// 使用pkcs8格式
pkcs8, err := x509.ParsePKCS8PrivateKey(encodedKey)
var ok bool
if privkey, ok = pkcs8.(*rsa.PrivateKey); !ok {
log.Fatal(ok)
}
return
}
func getPKCS8Type(bs []byte) (PrivateKeyType, error) {
k, err := x509.ParsePKCS8PrivateKey(bs)
if err != nil {
return UnknownPrivateKey, errutil.UserError{fmt.Sprintf("Failed to parse pkcs#8 key: %v", err)}
}
switch k.(type) {
case *ecdsa.PrivateKey:
return ECPrivateKey, nil
case *rsa.PrivateKey:
return RSAPrivateKey, nil
default:
return UnknownPrivateKey, errutil.UserError{"Found unknown private key type in pkcs#8 wrapping"}
}
}
/*读取私钥*/
func getPriKey(in []byte) (*rsa.PrivateKey, error) {
block, _ := pem.Decode(in)
if block == nil {
return nil, ErrPrivateKey
}
pri, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err == nil {
return pri, nil
}
pri2, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
return nil, err
} else {
return pri2.(*rsa.PrivateKey), nil
}
}
func (m *SigningMethodRS256) parsePrivateKey(key []byte) (pkey *rsa.PrivateKey, err error) {
var block *pem.Block
if block, _ = pem.Decode(key); block != nil {
var parsedKey interface{}
if parsedKey, err = x509.ParsePKCS1PrivateKey(block.Bytes); err != nil {
if parsedKey, err = x509.ParsePKCS8PrivateKey(block.Bytes); err != nil {
return nil, err
}
}
var ok bool
if pkey, ok = parsedKey.(*rsa.PrivateKey); !ok {
err = errors.New("Key is not a valid RSA private key")
}
}
return
}
func load_key() (privateKey *rsa.PrivateKey, err error) {
parent_private_pem_block, _ := pem.Decode([]byte(PRIVATE_KEY))
x509_private_key, err := x509.ParsePKCS8PrivateKey(parent_private_pem_block.Bytes)
if err != nil {
fmt.Println("ParsePKCS8PrivateKey err:", err)
return
}
var ok bool
privateKey, ok = x509_private_key.(*rsa.PrivateKey)
if !ok {
fmt.Println("Not RSA key")
return nil, errors.New("Load key error")
}
return
}
func dumpPKCS8(der []byte) error {
priv, err := x509.ParsePKCS8PrivateKey(der)
if err != nil {
return err
}
switch priv := priv.(type) {
case *rsa.PrivateKey:
printRSAKey(priv)
case *ecdsa.PrivateKey:
printECKey(priv)
default:
err = fmt.Errorf("unknown key type")
}
return err
}
