// CreateCertificate requests the creation of a new transaction certificate by the TCA.
//
func (tcap *TCAP) CreateCertificate(ctx context.Context, req *pb.TCertCreateReq) (*pb.Cert, error) {
Trace.Println("grpc TCAP:CreateCertificate")
id := req.Id.Id
raw, err := tcap.tca.eca.readCertificate(id)
if err != nil {
return nil, err
}
cert, err := x509.ParseCertificate(raw)
if err != nil {
return nil, err
}
sig := req.Sig
req.Sig = nil
r, s := big.NewInt(0), big.NewInt(0)
r.UnmarshalText(sig.R)
s.UnmarshalText(sig.S)
raw = req.Pub.Key
if req.Pub.Type != pb.CryptoType_ECDSA {
Error.Println("unsupported key type")
return nil, errors.New("unsupported key type")
}
pub, err := x509.ParsePKIXPublicKey(req.Pub.Key)
if err != nil {
Error.Println(err)
return nil, err
}
hash := sha3.New384()
raw, _ = proto.Marshal(req)
hash.Write(raw)
if ecdsa.Verify(cert.PublicKey.(*ecdsa.PublicKey), hash.Sum(nil), r, s) == false {
Error.Println("signature does not verify")
return nil, errors.New("signature does not verify")
}
if raw, err = tcap.tca.newCertificate(id, pub.(*ecdsa.PublicKey), req.Ts.Seconds); err != nil {
Error.Println(err)
return nil, err
}
return &pb.Cert{raw}, nil
}
// CreateCertificate requests the creation of a new transaction certificate by the TCA.
//
func (tcap *TCAP) CreateCertificate(ctx context.Context, in *pb.TCertCreateReq) (*pb.TCertCreateResp, error) {
Trace.Println("grpc TCAP:CreateCertificate")
id := in.Id.Id
raw, err := tcap.tca.eca.readCertificate(id, x509.KeyUsageDigitalSignature)
if err != nil {
return nil, err
}
cert, err := x509.ParseCertificate(raw)
if err != nil {
return nil, err
}
sig := in.Sig
in.Sig = nil
r, s := big.NewInt(0), big.NewInt(0)
r.UnmarshalText(sig.R)
s.UnmarshalText(sig.S)
raw = in.Pub.Key
if in.Pub.Type != pb.CryptoType_ECDSA {
return nil, errors.New("unsupported key type")
}
pub, err := x509.ParsePKIXPublicKey(in.Pub.Key)
if err != nil {
return nil, err
}
hash := utils.NewHash()
raw, _ = proto.Marshal(in)
hash.Write(raw)
if ecdsa.Verify(cert.PublicKey.(*ecdsa.PublicKey), hash.Sum(nil), r, s) == false {
return nil, errors.New("signature does not verify")
}
if raw, err = tcap.tca.createCertificate(id, pub.(*ecdsa.PublicKey), x509.KeyUsageDigitalSignature, in.Ts.Seconds, nil); err != nil {
Error.Println(err)
return nil, err
}
return &pb.TCertCreateResp{&pb.Cert{raw}}, nil
}