return nil, errors.New("found unknown private key type in PKCS#8 wrapping")
}
default:
return nil, errors.New("don't know how to convert a safe bag of type " + bag.ID.String())
}
return b, nil
}
var (
oidFriendlyName = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 20}
oidLocalKeyID = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 21}
oidMicrosoftCSPName = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 17, 1}
)
var attributeNameByOID = map[string]string{
oidFriendlyName.String(): "friendlyName",
oidLocalKeyID.String(): "localKeyId",
oidMicrosoftCSPName.String(): "Microsoft CSP Name", // openssl-compatible
}
func convertAttribute(attribute *pkcs12Attribute) (key, value string, err error) {
key = attributeNameByOID[attribute.ID.String()]
switch {
case attribute.ID.Equal(oidMicrosoftCSPName):
fallthrough
case attribute.ID.Equal(oidFriendlyName):
if _, err = asn1.Unmarshal(attribute.Value.Bytes, &attribute.Value); err != nil {
return
}
if value, err = decodeBMPString(attribute.Value.Bytes); err != nil {
return
}
// from PKCS#7:
type digestInfo struct {
Algorithm pkix.AlgorithmIdentifier
Digest []byte
}
const (
sha1Algorithm = "SHA-1"
)
var (
oidSha1Algorithm = asn1.ObjectIdentifier{1, 3, 14, 3, 2, 26}
hashNameByID = map[string]string{
oidSha1Algorithm.String(): sha1Algorithm,
}
hashByName = map[string]func() hash.Hash{
sha1Algorithm: sha1.New,
}
)
func verifyMac(macData *macData, message, password []byte) error {
name, ok := hashNameByID[macData.Mac.Algorithm.Algorithm.String()]
if !ok {
return NotImplementedError("unknown digest algorithm: " + macData.Mac.Algorithm.Algorithm.String())
}
k := deriveMacKeyByAlg[name](macData.MacSalt, password, macData.Iterations)
password = nil
mac := hmac.New(hashByName[name], k)
// MarshalJSON implements the json.Marshaler interface
func (aux *AuxOID) MarshalJSON() ([]byte, error) {
var oid asn1.ObjectIdentifier
oid = []int(*aux)
return json.Marshal(oid.String())
}
"github.com/dgryski/go-rc2"
)
const (
pbeWithSHAAnd3KeyTripleDESCBC = "pbeWithSHAAnd3-KeyTripleDES-CBC"
pbewithSHAAnd40BitRC2CBC = "pbewithSHAAnd40BitRC2-CBC"
)
var (
oidPbeWithSHAAnd3KeyTripleDESCBC = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 12, 1, 3}
oidPbewithSHAAnd40BitRC2CBC = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 12, 1, 6}
)
var algByOID = map[string]string{
oidPbeWithSHAAnd3KeyTripleDESCBC.String(): pbeWithSHAAnd3KeyTripleDESCBC,
oidPbewithSHAAnd40BitRC2CBC.String(): pbewithSHAAnd40BitRC2CBC,
}
var blockcodeByAlg = map[string]func(key []byte) (cipher.Block, error){
pbeWithSHAAnd3KeyTripleDESCBC: des.NewTripleDESCipher,
pbewithSHAAnd40BitRC2CBC: func(key []byte) (cipher.Block, error) {
return rc2.New(key, len(key)*8)
},
}
type pbeParams struct {
Salt []byte
Iterations int
}
// Returns human-readable information about cert.
func CertificateInfo(cert *x509.Certificate) string {
s := []string{}
s = append(s, fmt.Sprintf("Version: %v\nSerial no.: %v\nIssuer: %v\nSubject: %v\nNotBefore: %v\nNotAfter: %v\n", cert.Version, cert.SerialNumber, cert.Issuer, cert.Subject, cert.NotBefore, cert.NotAfter))
for k := range KeyUsageString {
if cert.KeyUsage&k != 0 {
s = append(s, fmt.Sprintf("KeyUsage: %v\n", KeyUsageString[k]))
}
}
for _, ext := range cert.Extensions {
s = append(s, fmt.Sprintf("Extension: %v critical=%v % 02X\n", ext.Id, ext.Critical, ext.Value))
}
for _, ext := range cert.ExtKeyUsage {
s = append(s, fmt.Sprintf("ExtKeyUsage: %v\n", ExtKeyUsageString[ext]))
}
for _, ext := range cert.UnknownExtKeyUsage {
s = append(s, fmt.Sprintf("ExtKeyUsage: %v\n", ext))
}
if cert.BasicConstraintsValid {
s = append(s, fmt.Sprintf("IsCA: %v\n", cert.IsCA))
if cert.MaxPathLen > 0 {
s = append(s, fmt.Sprintf("MaxPathLen: %v\n", cert.MaxPathLen))
}
}
s = append(s, fmt.Sprintf("SubjectKeyId: % 02X\nAuthorityKeyId: % 02X\n", cert.SubjectKeyId, cert.AuthorityKeyId))
s = append(s, fmt.Sprintf("OCSPServer: %v\nIssuingCertificateURL: %v\n", cert.OCSPServer, cert.IssuingCertificateURL))
oids := []string{}
for _, e := range cert.Extensions {
if len(e.Id) == 4 && e.Id[0] == 2 && e.Id[1] == 5 && e.Id[2] == 29 && e.Id[3] == 17 {
var seq asn1.RawValue
var rest []byte
var err error
if rest, err = asn1.Unmarshal(e.Value, &seq); err != nil {
continue
} else if len(rest) != 0 {
continue
}
if !seq.IsCompound || seq.Tag != 16 || seq.Class != 0 {
continue
}
rest = seq.Bytes
for len(rest) > 0 {
var v asn1.RawValue
rest, err = asn1.Unmarshal(rest, &v)
if err != nil {
break
}
if v.Tag == 8 { // registeredID
var oid asn1.ObjectIdentifier
_, err = asn1.Unmarshal(v.FullBytes, &oid)
if err != nil {
oids = append(oids, oid.String())
}
}
}
}
}
s = append(s, fmt.Sprintf("DNSNames: %v\nEmailAddresses: %v\nIPAddresses: %v\nRegisteredIDs: %v\n", cert.DNSNames, cert.EmailAddresses, cert.IPAddresses, oids))
s = append(s, fmt.Sprintf("PermittedDNSDomainsCritical: %v\nPermittedDNSDomains: %v\n", cert.PermittedDNSDomainsCritical, cert.PermittedDNSDomains))
s = append(s, fmt.Sprintf("CRLDistributionPoints: %v\nPolicyIdentifiers: %v\n", cert.CRLDistributionPoints, cert.PolicyIdentifiers))
return strings.Join(s, "")
}