[PD1] crypto changes and TLS almost done

Projs/PD1/internal/utils/cryptoUtils/cryptoUtils.go

@@ -1,7 +1,6 @@
 package cryptoUtils
 
 import (
-	"PD1/internal/client"
 	"crypto/rsa"
 	"crypto/tls"
 	"crypto/x509"
@@ -15,7 +14,7 @@ import (
 type KeyStore struct {
 	cert        *x509.Certificate
 	caCertChain []*x509.Certificate
-	privKey     rsa.PrivateKey
+	privKey     *rsa.PrivateKey
 }
 
 func (k KeyStore) GetCert() *x509.Certificate {
@@ -26,67 +25,90 @@ func (k KeyStore) GetCACertChain() []*x509.Certificate {
 	return k.caCertChain
 }
 
-func (k KeyStore) GetPrivKey() rsa.PrivateKey {
+func (k KeyStore) GetPrivKey() *rsa.PrivateKey {
 	return k.privKey
 }
 
-func LoadKeyStore(keyStorePath string) KeyStore {
+func ExtractAllOIDValues(cert *x509.Certificate) map[string]string {
+	oidValueMap := make(map[string]string)
+	for _, name := range cert.Subject.Names {
+		oid := name.Type.String()
+		value := name.Value.(string)
+		oidValueMap[oid] = value
+	}
+	return oidValueMap
+}
 
-	var privKey rsa.PrivateKey
+func LoadKeyStore(keyStorePath string, password string) KeyStore {
+
+	var privKey *rsa.PrivateKey
 
 	certFile, err := os.ReadFile(keyStorePath)
 	if err != nil {
-		log.Panicln("Provided certificate %v couldn't be opened", keyStorePath)
+		log.Panicln("Provided certificate couldn't be opened")
 	}
 
-	password := client.AskUserPassword()
 	privKeyInterface, cert, caCerts, err := pkcs12.DecodeChain(certFile, password)
-	privKey = privKeyInterface.(rsa.PrivateKey)
 	if err != nil {
 		log.Panicln("PKCS12 key store couldn't be decoded")
 	}
+	privKey, ok := privKeyInterface.(*rsa.PrivateKey)
+	if !ok {
+		log.Panicln("Failed to convert private key to RSA private key")
+	}
+
 	if err := privKey.Validate(); err != nil {
 		log.Panicln("Private key is not valid")
 	}
 	return KeyStore{cert: cert, caCertChain: caCerts, privKey: privKey}
 }
 
-func (k KeyStore)GetTLSConfig() *tls.Config {
-    certificate ,err := tls.X509KeyPair(k.cert.Raw, pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(&k.privKey)}))
-    if err!=nil{
-        log.Panicln("Could not load certificate and privkey to TLS")
-    }
-    
-    //Add the CA certificate chain to a CertPool
-    caCertPool := x509.NewCertPool()
+func (k *KeyStore) GetTLSConfig() *tls.Config {
+
+	certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: k.cert.Raw})
+	privKeyPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k.privKey)})
+	certificate, err := tls.X509KeyPair(certPEM, privKeyPEM)
+	if err != nil {
+		log.Panicln("Could not load certificate and privkey to TLS", err)
+	}
+
+	config := &tls.Config{
+		Certificates: []tls.Certificate{certificate},
+	}
+	return config
+}
+
+func (k *KeyStore) GetTLSConfigServer() *tls.Config {
+	config := k.GetTLSConfig()
+
+	//Add the CA certificate chain to a CertPool
+	caCertPool := x509.NewCertPool()
 	for _, caCert := range k.caCertChain {
 		caCertPool.AddCert(caCert)
 	}
-
-    config := &tls.Config{
-		Certificates: []tls.Certificate{certificate},
-		ClientCAs:    caCertPool,
-	}
-    return config
-}
-
-func (k KeyStore)GetTLSConfigServer() *tls.Config {
-	config := k.GetTLSConfig()
-
+	config.ClientCAs = caCertPool
 	config.ClientAuth = tls.RequireAndVerifyClientCert
 
 	return config
 }
 
-func (k KeyStore)GetTLSConfigClient() *tls.Config {
-	config:= k.GetTLSConfig()
+func (k *KeyStore) GetTLSConfigClient() *tls.Config {
+	config := k.GetTLSConfig()
 
-	config.ServerName = "SERVER"
+	//Add the CA certificate chain to a CertPool
+	caCertPool := x509.NewCertPool()
+	for _, caCert := range k.caCertChain {
+		caCertPool.AddCert(caCert)
+	}
+	config.RootCAs = caCertPool
+
+	//TODO: FIX THE VERIFICATION OF THE SERVER
+	//config.ServerName = "SERVER"
 
 	return config
 }
 
-func (k KeyStore)EncryptMessageContent(peerPubKey rsa.PublicKey, content []byte) []byte {
+func (k KeyStore) EncryptMessageContent(peerPubKey rsa.PublicKey, content []byte) []byte {
 	// Digital envolope
-    return nil
+	return nil
 }