[PD1] Added certificates and fixed a few things
This commit is contained in:
parent
b7023329de
commit
1cb81d2279
SSH key fingerprint:
SHA256:aiLbdlPwXKJS5wMnghdtod0SPy8imZjlVvCyUX9DJNk
28 changed files with 596 additions and 54 deletions
|
|
@ -8,7 +8,7 @@ import (
|
|||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"encoding/binary"
|
||||
"encoding/pem"
|
||||
"fmt"
|
||||
"log"
|
||||
"os"
|
||||
|
||||
|
|
@ -65,54 +65,28 @@ func LoadKeyStore(keyStorePath string, password string) KeyStore {
|
|||
if err := privKey.Validate(); err != nil {
|
||||
log.Panicln("Private key is not valid")
|
||||
}
|
||||
fmt.Println(cert.SignatureAlgorithm)
|
||||
return KeyStore{cert: cert, caCertChain: caCerts, privKey: privKey}
|
||||
}
|
||||
|
||||
func (k *KeyStore) GetTLSConfig() *tls.Config {
|
||||
|
||||
certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: k.cert.Raw})
|
||||
privKeyPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k.privKey)})
|
||||
certificate, err := tls.X509KeyPair(certPEM, privKeyPEM)
|
||||
if err != nil {
|
||||
log.Panicln("Could not load certificate and privkey to TLS", err)
|
||||
}
|
||||
certificate := tls.Certificate{Certificate: [][]byte{k.cert.Raw}, PrivateKey: k.privKey, Leaf: k.cert}
|
||||
|
||||
//Add the CA certificate chain to a CertPool
|
||||
caCertPool := x509.NewCertPool()
|
||||
for _, caCert := range k.caCertChain {
|
||||
caCertPool.AddCert(caCert)
|
||||
}
|
||||
config := &tls.Config{
|
||||
Certificates: []tls.Certificate{certificate},
|
||||
ClientCAs: caCertPool,
|
||||
RootCAs: caCertPool,
|
||||
ClientAuth: tls.RequireAndVerifyClientCert,
|
||||
}
|
||||
return config
|
||||
}
|
||||
|
||||
func (k *KeyStore) GetTLSConfigServer() *tls.Config {
|
||||
config := k.GetTLSConfig()
|
||||
|
||||
//Add the CA certificate chain to a CertPool
|
||||
caCertPool := x509.NewCertPool()
|
||||
for _, caCert := range k.caCertChain {
|
||||
caCertPool.AddCert(caCert)
|
||||
}
|
||||
config.ClientCAs = caCertPool
|
||||
config.ClientAuth = tls.RequireAndVerifyClientCert
|
||||
|
||||
return config
|
||||
}
|
||||
|
||||
func (k *KeyStore) GetTLSConfigClient() *tls.Config {
|
||||
config := k.GetTLSConfig()
|
||||
|
||||
//Add the CA certificate chain to a CertPool
|
||||
caCertPool := x509.NewCertPool()
|
||||
for _, caCert := range k.caCertChain {
|
||||
caCertPool.AddCert(caCert)
|
||||
}
|
||||
config.RootCAs = caCertPool
|
||||
|
||||
//TODO: FIX THE VERIFICATION OF THE SERVER
|
||||
//config.ServerName = "SERVER"
|
||||
|
||||
return config
|
||||
}
|
||||
|
||||
func (k KeyStore) EncryptMessageContent(receiverCert *x509.Certificate, content []byte) []byte {
|
||||
// Digital envolope
|
||||
|
||||
|
|
@ -128,7 +102,7 @@ func (k KeyStore) EncryptMessageContent(receiverCert *x509.Certificate, content
|
|||
}
|
||||
|
||||
nonce := make([]byte, cipher.NonceSize(), cipher.NonceSize()+len(content)+cipher.Overhead())
|
||||
if _, err := rand.Read(nonce); err != nil {
|
||||
if _, err = rand.Read(nonce); err != nil {
|
||||
log.Panicln("Could not create data nonce properly: ", err)
|
||||
}
|
||||
|
||||
|
|
@ -154,7 +128,7 @@ func (k KeyStore) EncryptMessageContent(receiverCert *x509.Certificate, content
|
|||
|
||||
func (k KeyStore) DecryptMessageContent(senderCert *x509.Certificate, cipherContent []byte) []byte {
|
||||
|
||||
return nil
|
||||
return nil
|
||||
}
|
||||
|
||||
func pair(l []byte, r []byte) []byte {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue