[PD1] Added certificates and fixed a few things
This commit is contained in:
parent
b7023329de
commit
1cb81d2279
SSH key fingerprint:
SHA256:aiLbdlPwXKJS5wMnghdtod0SPy8imZjlVvCyUX9DJNk
28 changed files with 596 additions and 54 deletions
|
|
@ -41,7 +41,7 @@ func Run(port int) {
|
|||
|
||||
//Read server keystore
|
||||
password := AskServerPassword()
|
||||
serverKeyStore := cryptoUtils.LoadKeyStore("certs/serverdata.p12",password)
|
||||
serverKeyStore := cryptoUtils.LoadKeyStore("certs/server/server.p12",password)
|
||||
|
||||
//Create server listener
|
||||
server := networking.NewServer[protocol.Packet](&serverKeyStore,port)
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ import (
|
|||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"encoding/binary"
|
||||
"encoding/pem"
|
||||
"fmt"
|
||||
"log"
|
||||
"os"
|
||||
|
||||
|
|
@ -65,54 +65,28 @@ func LoadKeyStore(keyStorePath string, password string) KeyStore {
|
|||
if err := privKey.Validate(); err != nil {
|
||||
log.Panicln("Private key is not valid")
|
||||
}
|
||||
fmt.Println(cert.SignatureAlgorithm)
|
||||
return KeyStore{cert: cert, caCertChain: caCerts, privKey: privKey}
|
||||
}
|
||||
|
||||
func (k *KeyStore) GetTLSConfig() *tls.Config {
|
||||
|
||||
certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: k.cert.Raw})
|
||||
privKeyPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k.privKey)})
|
||||
certificate, err := tls.X509KeyPair(certPEM, privKeyPEM)
|
||||
if err != nil {
|
||||
log.Panicln("Could not load certificate and privkey to TLS", err)
|
||||
}
|
||||
certificate := tls.Certificate{Certificate: [][]byte{k.cert.Raw}, PrivateKey: k.privKey, Leaf: k.cert}
|
||||
|
||||
//Add the CA certificate chain to a CertPool
|
||||
caCertPool := x509.NewCertPool()
|
||||
for _, caCert := range k.caCertChain {
|
||||
caCertPool.AddCert(caCert)
|
||||
}
|
||||
config := &tls.Config{
|
||||
Certificates: []tls.Certificate{certificate},
|
||||
ClientCAs: caCertPool,
|
||||
RootCAs: caCertPool,
|
||||
ClientAuth: tls.RequireAndVerifyClientCert,
|
||||
}
|
||||
return config
|
||||
}
|
||||
|
||||
func (k *KeyStore) GetTLSConfigServer() *tls.Config {
|
||||
config := k.GetTLSConfig()
|
||||
|
||||
//Add the CA certificate chain to a CertPool
|
||||
caCertPool := x509.NewCertPool()
|
||||
for _, caCert := range k.caCertChain {
|
||||
caCertPool.AddCert(caCert)
|
||||
}
|
||||
config.ClientCAs = caCertPool
|
||||
config.ClientAuth = tls.RequireAndVerifyClientCert
|
||||
|
||||
return config
|
||||
}
|
||||
|
||||
func (k *KeyStore) GetTLSConfigClient() *tls.Config {
|
||||
config := k.GetTLSConfig()
|
||||
|
||||
//Add the CA certificate chain to a CertPool
|
||||
caCertPool := x509.NewCertPool()
|
||||
for _, caCert := range k.caCertChain {
|
||||
caCertPool.AddCert(caCert)
|
||||
}
|
||||
config.RootCAs = caCertPool
|
||||
|
||||
//TODO: FIX THE VERIFICATION OF THE SERVER
|
||||
//config.ServerName = "SERVER"
|
||||
|
||||
return config
|
||||
}
|
||||
|
||||
func (k KeyStore) EncryptMessageContent(receiverCert *x509.Certificate, content []byte) []byte {
|
||||
// Digital envolope
|
||||
|
||||
|
|
@ -128,7 +102,7 @@ func (k KeyStore) EncryptMessageContent(receiverCert *x509.Certificate, content
|
|||
}
|
||||
|
||||
nonce := make([]byte, cipher.NonceSize(), cipher.NonceSize()+len(content)+cipher.Overhead())
|
||||
if _, err := rand.Read(nonce); err != nil {
|
||||
if _, err = rand.Read(nonce); err != nil {
|
||||
log.Panicln("Could not create data nonce properly: ", err)
|
||||
}
|
||||
|
||||
|
|
@ -154,7 +128,7 @@ func (k KeyStore) EncryptMessageContent(receiverCert *x509.Certificate, content
|
|||
|
||||
func (k KeyStore) DecryptMessageContent(senderCert *x509.Certificate, cipherContent []byte) []byte {
|
||||
|
||||
return nil
|
||||
return nil
|
||||
}
|
||||
|
||||
func pair(l []byte, r []byte) []byte {
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ import (
|
|||
|
||||
|
||||
type ClientTLSConfigProvider interface {
|
||||
GetTLSConfigClient() *tls.Config
|
||||
GetTLSConfig() *tls.Config
|
||||
}
|
||||
|
||||
type Client[T any] struct {
|
||||
|
|
@ -15,7 +15,7 @@ type Client[T any] struct {
|
|||
}
|
||||
|
||||
func NewClient[T any](clientTLSConfigProvider ClientTLSConfigProvider) Client[T] {
|
||||
dialConn, err := tls.Dial("tcp", "localhost:8080", clientTLSConfigProvider.GetTLSConfigClient())
|
||||
dialConn, err := tls.Dial("tcp", "localhost:8080", clientTLSConfigProvider.GetTLSConfig())
|
||||
if err != nil {
|
||||
log.Panicln("Could not open connection to server",err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ import (
|
|||
)
|
||||
|
||||
type ServerTLSConfigProvider interface {
|
||||
GetTLSConfigServer() *tls.Config
|
||||
GetTLSConfig() *tls.Config
|
||||
}
|
||||
|
||||
type Server[T any] struct {
|
||||
|
|
@ -18,7 +18,7 @@ type Server[T any] struct {
|
|||
|
||||
func NewServer[T any](serverTLSConfigProvider ServerTLSConfigProvider, port int) Server[T] {
|
||||
|
||||
listener, err := tls.Listen("tcp", fmt.Sprintf("0.0.0.0:%d", port), serverTLSConfigProvider.GetTLSConfigServer())
|
||||
listener, err := tls.Listen("tcp", fmt.Sprintf("0.0.0.0:%d", port), serverTLSConfigProvider.GetTLSConfig())
|
||||
if err != nil {
|
||||
panic("Server could not bind to address")
|
||||
}
|
||||
|
|
@ -39,9 +39,11 @@ func (s *Server[T]) ListenLoop() {
|
|||
if !ok {
|
||||
panic("Connection is not a TLS connection")
|
||||
}
|
||||
fmt.Println(tlsConn)
|
||||
|
||||
state := tlsConn.ConnectionState()
|
||||
if len(state.PeerCertificates) == 0 {
|
||||
fmt.Println(state.PeerCertificates)
|
||||
log.Panicln("Client did not provide a certificate")
|
||||
}
|
||||
conn := NewConnection[T](tlsConn)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue