Exemplo n.º 1
0
			return nil, errors.New("found unknown private key type in PKCS#8 wrapping")
		}
	default:
		return nil, errors.New("don't know how to convert a safe bag of type " + bag.ID.String())
	}
	return b, nil
}

var (
	oidFriendlyName     = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 20}
	oidLocalKeyID       = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 21}
	oidMicrosoftCSPName = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 17, 1}
)

var attributeNameByOID = map[string]string{
	oidFriendlyName.String():     "friendlyName",
	oidLocalKeyID.String():       "localKeyId",
	oidMicrosoftCSPName.String(): "Microsoft CSP Name", // openssl-compatible
}

func convertAttribute(attribute *pkcs12Attribute) (key, value string, err error) {
	key = attributeNameByOID[attribute.ID.String()]
	switch {
	case attribute.ID.Equal(oidMicrosoftCSPName):
		fallthrough
	case attribute.ID.Equal(oidFriendlyName):
		if _, err = asn1.Unmarshal(attribute.Value.Bytes, &attribute.Value); err != nil {
			return
		}
		if value, err = decodeBMPString(attribute.Value.Bytes); err != nil {
			return
Exemplo n.º 2
0
}

// from PKCS#7:
type digestInfo struct {
	Algorithm pkix.AlgorithmIdentifier
	Digest    []byte
}

const (
	sha1Algorithm = "SHA-1"
)

var (
	oidSha1Algorithm = asn1.ObjectIdentifier{1, 3, 14, 3, 2, 26}
	hashNameByID     = map[string]string{
		oidSha1Algorithm.String(): sha1Algorithm,
	}
	hashByName = map[string]func() hash.Hash{
		sha1Algorithm: sha1.New,
	}
)

func verifyMac(macData *macData, message, password []byte) error {
	name, ok := hashNameByID[macData.Mac.Algorithm.Algorithm.String()]
	if !ok {
		return NotImplementedError("unknown digest algorithm: " + macData.Mac.Algorithm.Algorithm.String())
	}
	k := deriveMacKeyByAlg[name](macData.MacSalt, password, macData.Iterations)
	password = nil

	mac := hmac.New(hashByName[name], k)
Exemplo n.º 3
0
// MarshalJSON implements the json.Marshaler interface
func (aux *AuxOID) MarshalJSON() ([]byte, error) {
	var oid asn1.ObjectIdentifier
	oid = []int(*aux)
	return json.Marshal(oid.String())
}
Exemplo n.º 4
0
	"github.com/dgryski/go-rc2"
)

const (
	pbeWithSHAAnd3KeyTripleDESCBC = "pbeWithSHAAnd3-KeyTripleDES-CBC"
	pbewithSHAAnd40BitRC2CBC      = "pbewithSHAAnd40BitRC2-CBC"
)

var (
	oidPbeWithSHAAnd3KeyTripleDESCBC = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 12, 1, 3}
	oidPbewithSHAAnd40BitRC2CBC      = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 12, 1, 6}
)

var algByOID = map[string]string{
	oidPbeWithSHAAnd3KeyTripleDESCBC.String(): pbeWithSHAAnd3KeyTripleDESCBC,
	oidPbewithSHAAnd40BitRC2CBC.String():      pbewithSHAAnd40BitRC2CBC,
}

var blockcodeByAlg = map[string]func(key []byte) (cipher.Block, error){
	pbeWithSHAAnd3KeyTripleDESCBC: des.NewTripleDESCipher,
	pbewithSHAAnd40BitRC2CBC: func(key []byte) (cipher.Block, error) {
		return rc2.New(key, len(key)*8)
	},
}

type pbeParams struct {
	Salt       []byte
	Iterations int
}
Exemplo n.º 5
0
// Returns human-readable information about cert.
func CertificateInfo(cert *x509.Certificate) string {
	s := []string{}
	s = append(s, fmt.Sprintf("Version: %v\nSerial no.: %v\nIssuer: %v\nSubject: %v\nNotBefore: %v\nNotAfter: %v\n", cert.Version, cert.SerialNumber, cert.Issuer, cert.Subject, cert.NotBefore, cert.NotAfter))
	for k := range KeyUsageString {
		if cert.KeyUsage&k != 0 {
			s = append(s, fmt.Sprintf("KeyUsage: %v\n", KeyUsageString[k]))
		}
	}

	for _, ext := range cert.Extensions {
		s = append(s, fmt.Sprintf("Extension: %v critical=%v  % 02X\n", ext.Id, ext.Critical, ext.Value))
	}

	for _, ext := range cert.ExtKeyUsage {
		s = append(s, fmt.Sprintf("ExtKeyUsage: %v\n", ExtKeyUsageString[ext]))
	}

	for _, ext := range cert.UnknownExtKeyUsage {
		s = append(s, fmt.Sprintf("ExtKeyUsage: %v\n", ext))
	}

	if cert.BasicConstraintsValid {
		s = append(s, fmt.Sprintf("IsCA: %v\n", cert.IsCA))
		if cert.MaxPathLen > 0 {
			s = append(s, fmt.Sprintf("MaxPathLen: %v\n", cert.MaxPathLen))
		}
	}

	s = append(s, fmt.Sprintf("SubjectKeyId: % 02X\nAuthorityKeyId: % 02X\n", cert.SubjectKeyId, cert.AuthorityKeyId))
	s = append(s, fmt.Sprintf("OCSPServer: %v\nIssuingCertificateURL: %v\n", cert.OCSPServer, cert.IssuingCertificateURL))

	oids := []string{}
	for _, e := range cert.Extensions {
		if len(e.Id) == 4 && e.Id[0] == 2 && e.Id[1] == 5 && e.Id[2] == 29 && e.Id[3] == 17 {
			var seq asn1.RawValue
			var rest []byte
			var err error
			if rest, err = asn1.Unmarshal(e.Value, &seq); err != nil {
				continue
			} else if len(rest) != 0 {
				continue
			}
			if !seq.IsCompound || seq.Tag != 16 || seq.Class != 0 {
				continue
			}

			rest = seq.Bytes
			for len(rest) > 0 {
				var v asn1.RawValue
				rest, err = asn1.Unmarshal(rest, &v)
				if err != nil {
					break
				}
				if v.Tag == 8 { // registeredID
					var oid asn1.ObjectIdentifier
					_, err = asn1.Unmarshal(v.FullBytes, &oid)
					if err != nil {
						oids = append(oids, oid.String())
					}
				}
			}
		}
	}

	s = append(s, fmt.Sprintf("DNSNames: %v\nEmailAddresses: %v\nIPAddresses: %v\nRegisteredIDs: %v\n", cert.DNSNames, cert.EmailAddresses, cert.IPAddresses, oids))

	s = append(s, fmt.Sprintf("PermittedDNSDomainsCritical: %v\nPermittedDNSDomains: %v\n", cert.PermittedDNSDomainsCritical, cert.PermittedDNSDomains))

	s = append(s, fmt.Sprintf("CRLDistributionPoints: %v\nPolicyIdentifiers: %v\n", cert.CRLDistributionPoints, cert.PolicyIdentifiers))
	return strings.Join(s, "")
}