Exemplo n.º 1
0
// ToCSRBundle converts a byte-based raw DER certificate bundle
// to a PEM-based string certificate bundle
func (p *ParsedCSRBundle) ToCSRBundle() (*CSRBundle, error) {
	result := &CSRBundle{}
	block := pem.Block{
		Type: "CERTIFICATE REQUEST",
	}

	if p.CSRBytes != nil && len(p.CSRBytes) > 0 {
		block.Bytes = p.CSRBytes
		result.CSR = strings.TrimSpace(string(pem.EncodeToMemory(&block)))
	}

	if p.PrivateKeyBytes != nil && len(p.PrivateKeyBytes) > 0 {
		block.Bytes = p.PrivateKeyBytes
		switch p.PrivateKeyType {
		case RSAPrivateKey:
			result.PrivateKeyType = "rsa"
			block.Type = "RSA PRIVATE KEY"
		case ECPrivateKey:
			result.PrivateKeyType = "ec"
			block.Type = "EC PRIVATE KEY"
		default:
			return nil, errutil.InternalError{"Could not determine private key type when creating block"}
		}
		result.PrivateKey = strings.TrimSpace(string(pem.EncodeToMemory(&block)))
	}

	return result, nil
}
Exemplo n.º 2
0
func GenKeyPairIfNone(privateName string, publicName string) {
	dir, _ := filepath.Abs(filepath.Dir(os.Args[0]))
	privatekey := filepath.Join(dir, privateName)
	publickey := filepath.Join(dir, publicName)

	if _, err := os.Stat(string(privatekey)); os.IsNotExist(err) {

		log.Println("Generating JWT private key at ", string(privatekey))
		k, err := rsa.GenerateKey(rand.Reader, 2048)
		if err != nil {
			log.Fatal(err)
		}
		var private pem.Block
		private.Type = "RSA PRIVATE KEY"
		private.Bytes = x509.MarshalPKCS1PrivateKey(k)
		pp := new(bytes.Buffer)
		pem.Encode(pp, &private)
		err = ioutil.WriteFile(string(privatekey), pp.Bytes(), 0644)
		if err != nil {
			log.Fatal(err)
		}

		log.Println("Generating JWT public key at ", string(privatekey))
		var public pem.Block
		public.Type = "RSA PUBLIC KEY"
		public.Bytes, _ = x509.MarshalPKIXPublicKey(&k.PublicKey)
		ps := new(bytes.Buffer)
		pem.Encode(ps, &public)
		err = ioutil.WriteFile(string(publickey), ps.Bytes(), 0644)
		if err != nil {
			log.Fatal(err)
		}
	}

}
Exemplo n.º 3
0
// Read a PEM file and ask for a password to decrypt it if needed
func ReadPEMData(pemFile string, pemPass []byte) ([]byte, error) {
	pemData, err := ioutil.ReadFile(pemFile)
	if err != nil {
		return pemData, err
	}

	// We should really just get the pem.Block back here, if there's other
	// junk on the end, warn about it.
	pemBlock, rest := pem.Decode(pemData)
	if len(rest) > 0 {
		log.Warning("Didn't parse all of", pemFile)
	}

	if x509.IsEncryptedPEMBlock(pemBlock) {
		// Decrypt and get the ASN.1 DER bytes here
		pemData, err = x509.DecryptPEMBlock(pemBlock, pemPass)
		if err != nil {
			return pemData, err
		} else {
			log.Info("Decrypted", pemFile, "successfully")
		}
		// Shove the decrypted DER bytes into a new pem Block with blank headers
		var newBlock pem.Block
		newBlock.Type = pemBlock.Type
		newBlock.Bytes = pemData
		// This is now like reading in an uncrypted key from a file and stuffing it
		// into a byte stream
		pemData = pem.EncodeToMemory(&newBlock)
	}
	return pemData, nil
}
Exemplo n.º 4
0
func EncodePEM(binary []byte, blockType string, password string) (pemBlock string, err error) {

	var blk *pem.Block
	/* Awaiting Go 1.1 */
	if password != "" {
		passwordBytes := ([]byte)(password)
		blk, err = x509.EncryptPEMBlock(rand.Reader, blockType, binary, passwordBytes, x509.PEMCipherAES256)
		if err != nil {
			return
		}
	} else {
		/* */
		blk = new(pem.Block)
		blk.Type = blockType
		blk.Bytes = binary
		/* Awaiting Go 1.1 */
	}
	/* */

	buf := new(bytes.Buffer)

	err = pem.Encode(buf, blk)
	if err != nil {
		return
	}

	pemBlock = buf.String()
	return
}
Exemplo n.º 5
0
func (pk *PrivateKey) Marshal(ss ...string) ([]byte, error) {
	var k = x509.MarshalPKCS1PrivateKey(&pk.PrivateKey)
	var block pem.Block
	block.Bytes = k
	block.Type = strings.Join(ss, " ")
	return pem.EncodeToMemory(&block), nil
}
Exemplo n.º 6
0
func encrypt(key []byte, keytype Type, password string) (out []byte, err error) {
	cryptkey, iv, err := encryptKey(key, password)
	if err != nil {
		return
	}

	var block pem.Block
	switch keytype {
	case KEY_RSA:
		block.Type = "RSA PRIVATE KEY"
	case KEY_ECDSA:
		block.Type = "EC PRIVATE KEY"
	case KEY_DSA:
		block.Type = "DSA PRIVATE KEY"
	default:
		err = ErrInvalidPrivateKey
		return
	}
	block.Bytes = cryptkey
	block.Headers = make(map[string]string)
	block.Headers["Proc-Type"] = "4,ENCRYPTED"
	block.Headers["DEK-Info"] = fmt.Sprintf("AES-128-CBC,%X", iv)
	out = pem.EncodeToMemory(&block)
	return
}
Exemplo n.º 7
0
// CertificateLockFile adds a new certificate lock on the given Client and
// Config that ensures that a server's certificate is signed by the same CA
// from connection-to-connection. This is helpful when connecting to servers
// with self-signed certificates.
//
// If filename does not exist, the server's certificate chain will be written
// to that file. If it does exist, certificates will be read from that file and
// added to RootCAs in config's TLSConfig.
//
// Example:
//
//  if firstConnectionToServer {
//      // Allow self-signed certificates to be accepted on the initial
//      // connection.
//      config.TLSConfig.InsecureSkipVerify = true
//  }
//  gumbleutil.CertificateLockFile(client, &config, filename)
//
//  if err := client.Connect(); err != nil {
//      panic(err)
//  }
func CertificateLockFile(client *gumble.Client, config *gumble.Config, filename string) (gumble.Detacher, error) {
	if file, err := os.Open(filename); err == nil {
		defer file.Close()
		if config.TLSConfig.RootCAs == nil {
			config.TLSConfig.RootCAs = x509.NewCertPool()
		}
		if data, err := ioutil.ReadAll(file); err == nil {
			config.TLSConfig.RootCAs.AppendCertsFromPEM(data)
		}
		return nil, nil
	}

	return client.Attach(Listener{
		Connect: func(e *gumble.ConnectEvent) {
			tlsClient, ok := e.Client.Conn().(*tls.Conn)
			if !ok {
				return
			}
			serverCerts := tlsClient.ConnectionState().PeerCertificates
			file, err := os.Create(filename)
			if err != nil {
				return
			}
			block := pem.Block{
				Type: "CERTIFICATE",
			}
			for _, cert := range serverCerts {
				block.Bytes = cert.Raw
				pem.Encode(file, &block)
			}
			file.Close()
		},
	}), nil
}
Exemplo n.º 8
0
Arquivo: main.go Projeto: kr/runx
func execSSH(url, uuid string, key *rsa.PrivateKey, args []string) error {
	f, err := ioutil.TempFile("", "runx")
	if err != nil {
		return fmt.Errorf("tmpfile: %s", err)
	}
	defer f.Close()
	var b pem.Block
	b.Type = "RSA PRIVATE KEY"
	b.Bytes = x509.MarshalPKCS1PrivateKey(key)
	if err = pem.Encode(f, &b); err != nil {
		return fmt.Errorf("pem: %s", err)
	}
	f.Seek(0, 0)
	argv := []string{
		"ssh",
		"-i" + f.Name(),
		"-oProxyCommand=hk runx [proxy]",
		"-oLocalCommand=rm " + f.Name(),
		"-oStrictHostKeyChecking=no",
		"-oUserKnownHostsFile=/dev/null",
		"dyno@" + uuid,
	}
	env := append(os.Environ(), "RUNX_URL="+url)
	return syscall.Exec("/usr/bin/ssh", append(argv, args...), env)
}
Exemplo n.º 9
0
// Given a private key and a (possibly empty) password, returns a byte
// slice containing a PEM-encoded private key in the appropriate
// OpenSSH format.
func MarshalPrivate(priv interface{}, password string) (out []byte, err error) {
	var (
		keytype Type
		der     []byte
		btype   string
	)

	switch priv.(type) {
	case *rsa.PrivateKey:
		keytype = KEY_RSA
		der = x509.MarshalPKCS1PrivateKey(priv.(*rsa.PrivateKey))
		if der == nil {
			err = ErrInvalidPrivateKey
			return
		}
		btype = "RSA PRIVATE KEY"
	case *ecdsa.PrivateKey:
		keytype = KEY_ECDSA
		der, err = marshalECDSAKey(priv.(*ecdsa.PrivateKey))
		btype = "EC PRIVATE KEY"
	case *dsa.PrivateKey:
		keytype = KEY_DSA

		dsakey := priv.(*dsa.PrivateKey)
		k := struct {
			Version int
			P       *big.Int
			Q       *big.Int
			G       *big.Int
			Priv    *big.Int
			Pub     *big.Int
		}{
			Version: 1,
			P:       dsakey.PublicKey.P,
			Q:       dsakey.PublicKey.Q,
			G:       dsakey.PublicKey.G,
			Priv:    dsakey.PublicKey.Y,
			Pub:     dsakey.X,
		}
		der, err = asn1.Marshal(k)
		if err != nil {
			return
		}
		btype = "DSA PRIVATE KEY"
	default:
		err = ErrInvalidPrivateKey
		return
	}

	if password != "" {
		out, err = encrypt(der, keytype, password)
		return
	}
	var block pem.Block
	block.Type = btype
	block.Bytes = der
	out = pem.EncodeToMemory(&block)
	return
}
Exemplo n.º 10
0
Arquivo: tls.go Projeto: ruflin/beats
func readPEMFile(path, passphrase string) ([]byte, error) {
	pass := []byte(passphrase)
	var blocks []*pem.Block

	content, err := ioutil.ReadFile(path)
	if err != nil {
		return nil, err
	}

	for len(content) > 0 {
		var block *pem.Block

		block, content = pem.Decode(content)
		if block == nil {
			if len(blocks) == 0 {
				return nil, errors.New("no pem file")
			}
			break
		}

		if x509.IsEncryptedPEMBlock(block) {
			var buffer []byte
			var err error
			if len(pass) == 0 {
				err = errors.New("No passphrase available")
			} else {
				// Note, decrypting pem might succeed even with wrong password, but
				// only noise will be stored in buffer in this case.
				buffer, err = x509.DecryptPEMBlock(block, pass)
			}

			if err != nil {
				logp.Err("Dropping encrypted pem '%v' block read from %v. %v",
					block.Type, path, err)
				continue
			}

			// DEK-Info contains encryption info. Remove header to mark block as
			// unencrypted.
			delete(block.Headers, "DEK-Info")
			block.Bytes = buffer
		}
		blocks = append(blocks, block)
	}

	if len(blocks) == 0 {
		return nil, errors.New("no PEM blocks")
	}

	// re-encode available, decrypted blocks
	buffer := bytes.NewBuffer(nil)
	for _, block := range blocks {
		err := pem.Encode(buffer, block)
		if err != nil {
			return nil, err
		}
	}
	return buffer.Bytes(), nil
}
Exemplo n.º 11
0
func convertBag(bag *safeBag, password []byte) (*pem.Block, error) {
	b := new(pem.Block)

	for _, attribute := range bag.Attributes {
		k, v, err := convertAttribute(&attribute)
		if err != nil {
			return nil, err
		}
		if b.Headers == nil {
			b.Headers = make(map[string]string)
		}
		b.Headers[k] = v
	}

	switch {
	case bag.ID.Equal(oidCertBagType):
		b.Type = CertificateType
		certsData, err := decodeCertBag(bag.Value.Bytes)
		if err != nil {
			return nil, err
		}
		b.Bytes = certsData
	case bag.ID.Equal(oidPkcs8ShroudedKeyBagType):
		b.Type = PrivateKeyType

		key, err := decodePkcs8ShroudedKeyBag(bag.Value.Bytes, password)
		if err != nil {
			return nil, err
		}

		switch key := key.(type) {
		case *rsa.PrivateKey:
			b.Bytes = x509.MarshalPKCS1PrivateKey(key)
		case *ecdsa.PrivateKey:
			b.Bytes, err = x509.MarshalECPrivateKey(key)
			if err != nil {
				return nil, err
			}
		default:
			return nil, errors.New("found unknown private key type in PKCS#8 wrapping")
		}
	default:
		return nil, errors.New("don't know how to convert a safe bag of type " + bag.ID.String())
	}
	return b, nil
}
Exemplo n.º 12
0
func main() {
	key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)

	pubkey := key.Public()

	bytes, _ := x509.MarshalECPrivateKey(key)
	block := pem.Block{}
	block.Bytes = bytes
	block.Type = "EC PRIVATE KEY"
	bytes_encoded := pem.EncodeToMemory(&block)

	fmt.Println(string(bytes_encoded))
	if err != nil {
		fmt.Println(err)
	}

	bytes, _ = x509.MarshalPKIXPublicKey(pubkey)
	block = pem.Block{}
	block.Type = "EC PUBLIC KEY"

	block.Bytes = bytes
	bytes_encoded = pem.EncodeToMemory(&block)

	fmt.Println(string(bytes_encoded))
	if err != nil {
		fmt.Println(err)
	}

	//	dat, err := ioutil.ReadFile("prime256v1-key.pem")
	//	pemblock, _ := pem.Decode(dat)
	//	check(err)
	//	privkey, parseerr := x509.ParseECPrivateKey(pemblock.Bytes)
	//
	//	if parseerr != nil {
	//		fmt.Println(err)
	//	}
	//
	//	bytes, _ = x509.MarshalECPrivateKey(privkey)
	//	block = pem.Block{}
	//	block.Bytes = bytes
	//	block.Type = "EC PRIVATE KEY"
	//	bytes_encoded = pem.EncodeToMemory(&block)
	//	fmt.Println(string(bytes_encoded))
}
Exemplo n.º 13
0
func byteToPEM(b []byte, t PEMType) []byte {
	var blk pem.Block = pem.Block{
		Type:    string(t),
		Headers: nil,
	}

	blk.Bytes = b
	data := pem.EncodeToMemory(&blk)
	return data
}
Exemplo n.º 14
0
func (pk *PublicKey) Marshal(ss ...string) ([]byte, error) {
	var k, err = x509.MarshalPKIXPublicKey(&pk.PublicKey)
	if err != nil {
		return nil, err
	}
	var block pem.Block
	block.Bytes = k
	block.Type = strings.Join(ss, " ")
	return pem.EncodeToMemory(&block), nil
}
Exemplo n.º 15
0
Arquivo: rsa.go Projeto: kr/runx
func main() {
	k, err := rsa.GenerateKey(rand.Reader, 768)
	if err != nil {
		log.Fatal(err)
	}
	var b pem.Block
	b.Type = "RSA PRIVATE KEY"
	b.Bytes = x509.MarshalPKCS1PrivateKey(k)
	pem.Encode(os.Stdout, &b)
}
Exemplo n.º 16
0
Arquivo: main.go Projeto: cvvs/csrtool
func saveKey(keyPath string, key crypto.PrivateKey) error {

	if fileExists(keyPath) {
		return nil
	}

	f, err := os.Create(keyPath)
	if err != nil {
		return err
	}
	w := bufio.NewWriter(f)
	defer f.Close()

	var block pem.Block

	switch i := key.(type) {
	case *ecdsa.PrivateKey:
		// TODO: How do we encode and save the parameters of the curve? Do we need to?
		key := key.(*ecdsa.PrivateKey)
		b, err := x509.MarshalECPrivateKey(key)
		if err != nil {
			return err
		}
		block.Type = "EC PARAMETERS"
		err = pem.Encode(w, &block)
		block.Type = "EC PRIVATE KEY"
		block.Bytes = b
	case *rsa.PrivateKey:
		k := x509.MarshalPKCS1PrivateKey(key.(*rsa.PrivateKey))
		block.Type = "RSA PRIVATE KEY"
		block.Bytes = k
	default:
		fmt.Println(i)
		return new(unknownKeyError)
	}

	err = pem.Encode(w, &block)
	if err != nil {
		return err
	}
	return w.Flush()
}
Exemplo n.º 17
0
// ToCertBundle converts a byte-based raw DER certificate bundle
// to a PEM-based string certificate bundle
func (p *ParsedCertBundle) ToCertBundle() (*CertBundle, error) {
	result := &CertBundle{}
	block := pem.Block{
		Type: "CERTIFICATE",
	}

	if p.Certificate != nil {
		result.SerialNumber = strings.TrimSpace(GetHexFormatted(p.Certificate.SerialNumber.Bytes(), ":"))
	}

	if p.CertificateBytes != nil && len(p.CertificateBytes) > 0 {
		block.Bytes = p.CertificateBytes
		result.Certificate = strings.TrimSpace(string(pem.EncodeToMemory(&block)))
	}

	for _, caCert := range p.CAChain {
		block.Bytes = caCert.Bytes
		certificate := strings.TrimSpace(string(pem.EncodeToMemory(&block)))

		result.CAChain = append(result.CAChain, certificate)
	}

	if p.PrivateKeyBytes != nil && len(p.PrivateKeyBytes) > 0 {
		block.Type = string(p.PrivateKeyFormat)
		block.Bytes = p.PrivateKeyBytes
		result.PrivateKeyType = p.PrivateKeyType

		//Handle bundle not parsed by us
		if block.Type == "" {
			switch p.PrivateKeyType {
			case ECPrivateKey:
				block.Type = string(ECBlock)
			case RSAPrivateKey:
				block.Type = string(PKCS1Block)
			}
		}

		result.PrivateKey = strings.TrimSpace(string(pem.EncodeToMemory(&block)))
	}

	return result, nil
}
Exemplo n.º 18
0
func PrintPublicKey(pubkey crypto.PublicKey) {

	bytes, _ := x509.MarshalPKIXPublicKey(pubkey)
	block := pem.Block{}
	block.Type = "EC PUBLIC KEY"

	block.Bytes = bytes
	bytes_encoded := pem.EncodeToMemory(&block)

	log.Debugf("Public key:\n%s", string(bytes_encoded))
}
Exemplo n.º 19
0
// ExportPrivatePEM writes the RSA private key to a file in PEM format.
func ExportPrivatePEM(prv *rsa.PrivateKey, filename string) (err error) {
	cert := x509.MarshalPKCS1PrivateKey(prv)
	blk := new(pem.Block)
	blk.Type = "RSA PRIVATE KEY"
	blk.Bytes = cert
	out, err := os.Create(filename)
	if err == nil {
		err = pem.Encode(out, blk)
	}
	return
}
Exemplo n.º 20
0
func main() {
	var blk pem.Block = pem.Block{
		Type:    "CERTIFICATE",
		Headers: nil,
	}

	ca_b, _ := ioutil.ReadFile("ca.pem")
	blk.Bytes = ca_b

	data := pem.EncodeToMemory(&blk)
	fmt.Printf("%s\n", data)
}
Exemplo n.º 21
0
// Export writes the keychain to a file in PEM format.
func (kc *KeyChain) Export(filename string) (err error) {
	if !kc.Validate() {
		return ErrInvalidKeyChain
	}

	var blk pem.Block
	var buf = new(bytes.Buffer)
	var fail = func() {
		buf.Reset()
		err = ErrInvalidKeyChain
	}

	blk.Type = "RSA PRIVATE KEY"
	blk.Bytes = x509.MarshalPKCS1PrivateKey(kc.Private)
	err = pem.Encode(buf, &blk)
	if err != nil {
		fail()
		return
	}

	blk.Type = "RSA PUBLIC KEY"
	for _, pk := range kc.Public {
		if pk.Key == nil {
			continue
		}
		if pk.Id != "" {
			if blk.Headers == nil {
				blk.Headers = make(map[string]string)
			}
			blk.Headers["id"] = pk.Id
		} else {
			if blk.Headers != nil {
				delete(blk.Headers, "id")
				blk.Headers = nil
			}
		}
		blk.Bytes, err = x509.MarshalPKIXPublicKey(pk.Key)
		if err != nil {
			fail()
			return
		}
		err = pem.Encode(buf, &blk)
		if err != nil {
			fail()
		}
		fmt.Println("wrote a public key")
	}
	err = ioutil.WriteFile(filename, buf.Bytes(), 0400)
	buf.Reset()
	return
}
Exemplo n.º 22
0
func DecryptPemBlock(block *pem.Block, prompt func() (string, error)) (err error) {
	if x509.IsEncryptedPEMBlock(block) {
		if password, err := prompt(); nil != err {
			return err
		} else if data, err := x509.DecryptPEMBlock(block, []byte(password)); nil != err {
			return err
		} else {
			delete(block.Headers, "Proc-Type")
			delete(block.Headers, "DEK-Info")
			block.Bytes = data
		}
	}
	return nil
}
Exemplo n.º 23
0
// ExportPublicPEM writes the public key to a file in PEM format.
func ExportPublicPEM(pub *rsa.PublicKey, filename string) (err error) {
	cert, err := x509.MarshalPKIXPublicKey(pub)
	if err != nil {
		return
	}
	blk := new(pem.Block)
	blk.Type = "RSA PUBLIC KEY"
	blk.Bytes = cert
	out, err := os.Create(filename)
	if err == nil {
		err = pem.Encode(out, blk)
	}
	return
}
Exemplo n.º 24
0
// ToCertBundle converts a byte-based raw DER certificate bundle
// to a PEM-based string certificate bundle
func (p *ParsedCertBundle) ToCertBundle() (*CertBundle, error) {
	result := &CertBundle{}
	block := pem.Block{
		Type: "CERTIFICATE",
	}

	if p.Certificate != nil {
		result.SerialNumber = strings.TrimSpace(GetOctalFormatted(p.Certificate.SerialNumber.Bytes(), ":"))
	}

	if p.CertificateBytes != nil && len(p.CertificateBytes) > 0 {
		block.Bytes = p.CertificateBytes
		result.Certificate = strings.TrimSpace(string(pem.EncodeToMemory(&block)))
	}

	if p.IssuingCABytes != nil && len(p.IssuingCABytes) > 0 {
		block.Bytes = p.IssuingCABytes
		result.IssuingCA = strings.TrimSpace(string(pem.EncodeToMemory(&block)))
	}

	if p.PrivateKeyBytes != nil && len(p.PrivateKeyBytes) > 0 {
		block.Bytes = p.PrivateKeyBytes
		switch p.PrivateKeyType {
		case RSAPrivateKey:
			result.PrivateKeyType = "rsa"
			block.Type = "RSA PRIVATE KEY"
		case ECPrivateKey:
			result.PrivateKeyType = "ec"
			block.Type = "EC PRIVATE KEY"
		default:
			return nil, InternalError{"Could not determine private key type when creating block"}
		}
		result.PrivateKey = strings.TrimSpace(string(pem.EncodeToMemory(&block)))
	}

	return result, nil
}
Exemplo n.º 25
0
func generatePrivatePem(prv *rsa.PrivateKey) (prvPem string, err error) {
	cert := x509.MarshalPKCS1PrivateKey(prv)
	blk := new(pem.Block)
	blk.Type = "RSA PRIVATE KEY"
	blk.Bytes = cert

	var b bytes.Buffer
	err = pem.Encode(&b, blk)
	if err != nil {
		return
	}

	prvPem = b.String()
	return
}
Exemplo n.º 26
0
// packageBox actually handles boxing. It can output either PEM-encoded or
// DER-encoded boxes.
func packageBox(lockedKey, box []byte, armour bool) (pkg []byte, err error) {
	var pkgBox = boxPackage{lockedKey, box}

	pkg, err = asn1.Marshal(pkgBox)
	if err != nil {
		fmt.Println("[!] couldn't package the box")
		return
	}

	if armour {
		var block pem.Block
		block.Type = "SSHBOX ENCRYPTED FILE"
		block.Bytes = pkg
		pkg = pem.EncodeToMemory(&block)
	}
	return
}
Exemplo n.º 27
0
// GenerateKeyAndCSR generates a new PEM-encoded private key and
// certificate signature request. The keyType parameter controls what
// type of key is generated; the size parameter controls what size key
// (in bits) is generated. For ECDSA, valid key sizes are 256, 384,
// and 521; these translate to secp256v1, secp384r1, and secp521r1. The
// SubjectInfo parameter contains the information used to create the CSR.
func GenerateKeyAndCSR(keyType PublicAlgo, size int, si *SubjectInfo) (pemKey []byte, csr []byte, err error) {
	var priv interface{}
	var block pem.Block

	switch keyType {
	case RSA:
		priv, err = rsa.GenerateKey(rand.Reader, size)
		if err != nil {
			return nil, nil, err
		}
		block.Bytes = x509.MarshalPKCS1PrivateKey(priv.(*rsa.PrivateKey))
		block.Type = "RSA PRIVATE KEY"
	case ECDSA:
		var curve elliptic.Curve
		switch size {
		case 256:
			curve = elliptic.P256()
		case 384:
			curve = elliptic.P384()
		case 521:
			curve = elliptic.P521()
		default:
			err = ErrUnsupportedPrivate
			return
		}

		priv, err = ecdsa.GenerateKey(curve, rand.Reader)
		if err != nil {
			return
		}

		block.Bytes, err = x509.MarshalECPrivateKey(priv.(*ecdsa.PrivateKey))
		if err != nil {
			return
		}
		block.Type = "EC PRIVATE KEY"
	default:
		err = ErrUnsupportedPrivate
		return
	}

	pemKey = pem.EncodeToMemory(&block)
	csr, err = NewCertificateRequest(priv, si)
	return
}
Exemplo n.º 28
0
// CertificateLockFile adds a new certificate lock on the given Client that
// ensures that a server's certificate chain is the same from
// connection-to-connection. This is helpful when connecting to servers with
// self-signed certificates.
//
// If filename does not exist, the server's certificate chain will be written
// to that file. If it does exist, certificates will be read from the file and
// checked against the server's certificate chain upon connection.
//
// Example:
//
//  if allowSelfSignedCertificates {
//      config.TLSConfig.InsecureSkipVerify = true
//  }
//  gumbleutil.CertificateLockFile(client, filename)
//
//  if err := client.Connect(); err != nil {
//      panic(err)
//  }
func CertificateLockFile(client *gumble.Client, filename string) {
	client.Config.TLSVerify = func(state *tls.ConnectionState) error {
		if file, err := os.Open(filename); err == nil {
			defer file.Close()
			data, err := ioutil.ReadAll(file)
			if err != nil {
				return err
			}
			i := 0
			for block, data := pem.Decode(data); block != nil; block, data = pem.Decode(data) {
				cert, err := x509.ParseCertificate(block.Bytes)
				if err != nil {
					return err
				}
				if i >= len(state.PeerCertificates) {
					return errors.New("gumbleutil: invalid certificate chain length")
				}
				if !cert.Equal(state.PeerCertificates[i]) {
					return errors.New("gumbleutil: certificate verification failure")
				}
				i++
			}
			if i != len(state.PeerCertificates) {
				return errors.New("gumbleutil: invalid certificate chain length")
			}
			return nil
		}

		file, err := os.Create(filename)
		if err != nil {
			return err
		}
		defer file.Close()
		block := pem.Block{
			Type: "CERTIFICATE",
		}
		for _, cert := range state.PeerCertificates {
			block.Bytes = cert.Raw
			if err := pem.Encode(file, &block); err != nil {
				return err
			}
		}
		return nil
	}
}
Exemplo n.º 29
0
// Export a private key to PEM format.
func ExportPrivatePEM(prv *PrivateKey) (out []byte, err error) {
	der, err := MarshalPrivate(prv)
	if err != nil {
		return
	}

	var block pem.Block
	block.Type = "ELLIPTIC CURVE PRIVATE KEY"
	block.Bytes = der

	buf := new(bytes.Buffer)
	err = pem.Encode(buf, &block)
	if err != nil {
		return
	} else {
		out = buf.Bytes()
	}
	return
}
Exemplo n.º 30
0
// Export a public key to PEM format.
func ExportPublicPEM(pub *PublicKey) (out []byte, err error) {
	der, err := MarshalPublic(pub)
	if err != nil {
		return
	}

	var block pem.Block
	block.Type = "ELLIPTIC CURVE PUBLIC KEY"
	block.Bytes = der

	buf := new(bytes.Buffer)
	err = pem.Encode(buf, &block)
	if err != nil {
		return
	} else {
		out = buf.Bytes()
	}
	return
}