[PD1] Certs done
This commit is contained in:
parent
23584e2901
commit
2c4f1fd2fc
SSH key fingerprint:
SHA256:aiLbdlPwXKJS5wMnghdtod0SPy8imZjlVvCyUX9DJNk
6 changed files with 104 additions and 29 deletions
|
|
@ -2,31 +2,41 @@ package cryptoUtils
|
|||
|
||||
import (
|
||||
"PD1/internal/client"
|
||||
"PD1/internal/protocol"
|
||||
"crypto/rsa"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"fmt"
|
||||
"encoding/pem"
|
||||
"log"
|
||||
"os"
|
||||
|
||||
"software.sslmate.com/src/go-pkcs12"
|
||||
)
|
||||
|
||||
func Print() {
|
||||
fmt.Println("crypto package")
|
||||
type KeyStore struct {
|
||||
cert *x509.Certificate
|
||||
caCertChain []*x509.Certificate
|
||||
privKey rsa.PrivateKey
|
||||
}
|
||||
|
||||
func getUserInfo(certFilename string) (
|
||||
rsa.PrivateKey,
|
||||
*x509.Certificate,
|
||||
[]*x509.Certificate,
|
||||
error) {
|
||||
func (k KeyStore) GetCert() *x509.Certificate {
|
||||
return k.cert
|
||||
}
|
||||
|
||||
func (k KeyStore) GetCACertChain() []*x509.Certificate {
|
||||
return k.caCertChain
|
||||
}
|
||||
|
||||
func (k KeyStore) GetPrivKey() rsa.PrivateKey {
|
||||
return k.privKey
|
||||
}
|
||||
|
||||
func LoadKeyStore(keyStorePath string) KeyStore {
|
||||
|
||||
var privKey rsa.PrivateKey
|
||||
|
||||
certFile, err := os.ReadFile(certFilename)
|
||||
certFile, err := os.ReadFile(keyStorePath)
|
||||
if err != nil {
|
||||
log.Panicln("Provided certificate %v couldn't be opened", certFilename)
|
||||
return rsa.PrivateKey{}, nil, nil, err
|
||||
log.Panicln("Provided certificate %v couldn't be opened", keyStorePath)
|
||||
}
|
||||
|
||||
password := client.AskUserPassword()
|
||||
|
|
@ -34,16 +44,49 @@ func getUserInfo(certFilename string) (
|
|||
privKey = privKeyInterface.(rsa.PrivateKey)
|
||||
if err != nil {
|
||||
log.Panicln("PKCS12 key store couldn't be decoded")
|
||||
return rsa.PrivateKey{}, nil, nil, err
|
||||
}
|
||||
if err := privKey.Validate(); err != nil {
|
||||
log.Panicln("Private key is not valid")
|
||||
return rsa.PrivateKey{}, nil, nil, err
|
||||
}
|
||||
return privKey, cert, caCerts, nil
|
||||
return KeyStore{cert: cert, caCertChain: caCerts, privKey: privKey}
|
||||
}
|
||||
|
||||
func encryptMessageContent(privKey rsa.PrivateKey, peerPubKey rsa.PublicKey, content []byte) []byte {
|
||||
func (k KeyStore)GetTLSConfig() *tls.Config {
|
||||
certificate ,err := tls.X509KeyPair(k.cert.Raw, pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(&k.privKey)}))
|
||||
if err!=nil{
|
||||
log.Panicln("Could not load certificate and privkey to TLS")
|
||||
}
|
||||
|
||||
//Add the CA certificate chain to a CertPool
|
||||
caCertPool := x509.NewCertPool()
|
||||
for _, caCert := range k.caCertChain {
|
||||
caCertPool.AddCert(caCert)
|
||||
}
|
||||
|
||||
config := &tls.Config{
|
||||
Certificates: []tls.Certificate{certificate},
|
||||
ClientCAs: caCertPool,
|
||||
}
|
||||
return config
|
||||
}
|
||||
|
||||
func (k KeyStore)GetTLSConfigServer() *tls.Config {
|
||||
config := k.GetTLSConfig()
|
||||
|
||||
config.ClientAuth = tls.RequireAndVerifyClientCert
|
||||
|
||||
return config
|
||||
}
|
||||
|
||||
func (k KeyStore)GetTLSConfigClient() *tls.Config {
|
||||
config:= k.GetTLSConfig()
|
||||
|
||||
config.ServerName = "SERVER"
|
||||
|
||||
return config
|
||||
}
|
||||
|
||||
func (k KeyStore)EncryptMessageContent(peerPubKey rsa.PublicKey, content []byte) []byte {
|
||||
// Digital envolope
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,13 +1,21 @@
|
|||
package networking
|
||||
|
||||
import "net"
|
||||
import (
|
||||
"crypto/tls"
|
||||
"net"
|
||||
)
|
||||
|
||||
|
||||
type ClientTLSConfigProvider interface {
|
||||
GetTLSConfigClient() *tls.Config
|
||||
}
|
||||
|
||||
type Client[T any] struct {
|
||||
Connection Connection[T]
|
||||
}
|
||||
|
||||
func NewClient[T any]() Client[T] {
|
||||
dialConn, err := net.Dial("tcp", "localhost:8080")
|
||||
func NewClient[T any](clientTLSConfigProvider ClientTLSConfigProvider) Client[T] {
|
||||
dialConn, err := tls.Dial("tcp", "localhost:8080", clientTLSConfigProvider.GetTLSConfigClient())
|
||||
if err != nil {
|
||||
panic("Could not open connection to server")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,18 +1,23 @@
|
|||
package networking
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"net"
|
||||
)
|
||||
|
||||
type ServerTLSConfigProvider interface {
|
||||
GetServerTLSConfig() *tls.Config
|
||||
}
|
||||
|
||||
type Server[T any] struct {
|
||||
listener net.Listener
|
||||
C chan Connection[T]
|
||||
}
|
||||
|
||||
func NewServer[T any](port int) Server[T]{
|
||||
func NewServer[T any](serverTLSConfigProvider ServerTLSConfigProvider,port int) Server[T]{
|
||||
|
||||
listener, err := net.Listen("tcp", fmt.Sprintf("0.0.0.0:%d", port))
|
||||
listener, err := tls.Listen("tcp", fmt.Sprintf("0.0.0.0:%d", port), serverTLSConfigProvider.GetServerTLSConfig())
|
||||
if err != nil {
|
||||
panic("Server could not bind to address")
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue