[PD1] merge
This commit is contained in:
commit
b7023329de
SSH key fingerprint:
SHA256:odOD9vln9U7qNe1R8o3UCbE3jkQCkr5/q5mgd5hwua0
13 changed files with 132 additions and 82 deletions
|
|
@ -1,7 +1,6 @@
|
|||
package cryptoUtils
|
||||
|
||||
import (
|
||||
"PD1/internal/client"
|
||||
"crypto"
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
|
|
@ -13,15 +12,14 @@ import (
|
|||
"log"
|
||||
"os"
|
||||
|
||||
"vendor/golang.org/x/crypto/chacha20poly1305"
|
||||
|
||||
"golang.org/x/crypto/chacha20poly1305"
|
||||
"software.sslmate.com/src/go-pkcs12"
|
||||
)
|
||||
|
||||
type KeyStore struct {
|
||||
cert *x509.Certificate
|
||||
caCertChain []*x509.Certificate
|
||||
privKey rsa.PrivateKey
|
||||
privKey *rsa.PrivateKey
|
||||
}
|
||||
|
||||
func (k KeyStore) GetCert() *x509.Certificate {
|
||||
|
|
@ -32,62 +30,85 @@ func (k KeyStore) GetCACertChain() []*x509.Certificate {
|
|||
return k.caCertChain
|
||||
}
|
||||
|
||||
func (k KeyStore) GetPrivKey() rsa.PrivateKey {
|
||||
func (k KeyStore) GetPrivKey() *rsa.PrivateKey {
|
||||
return k.privKey
|
||||
}
|
||||
|
||||
func LoadKeyStore(keyStorePath string) KeyStore {
|
||||
func ExtractAllOIDValues(cert *x509.Certificate) map[string]string {
|
||||
oidValueMap := make(map[string]string)
|
||||
for _, name := range cert.Subject.Names {
|
||||
oid := name.Type.String()
|
||||
value := name.Value.(string)
|
||||
oidValueMap[oid] = value
|
||||
}
|
||||
return oidValueMap
|
||||
}
|
||||
|
||||
var privKey rsa.PrivateKey
|
||||
func LoadKeyStore(keyStorePath string, password string) KeyStore {
|
||||
|
||||
var privKey *rsa.PrivateKey
|
||||
|
||||
certFile, err := os.ReadFile(keyStorePath)
|
||||
if err != nil {
|
||||
log.Panicln("Provided certificate %v couldn't be opened", keyStorePath)
|
||||
log.Panicln("Provided certificate couldn't be opened")
|
||||
}
|
||||
|
||||
password := client.AskUserPassword()
|
||||
privKeyInterface, cert, caCerts, err := pkcs12.DecodeChain(certFile, password)
|
||||
privKey = privKeyInterface.(rsa.PrivateKey)
|
||||
if err != nil {
|
||||
log.Panicln("PKCS12 key store couldn't be decoded")
|
||||
}
|
||||
privKey, ok := privKeyInterface.(*rsa.PrivateKey)
|
||||
if !ok {
|
||||
log.Panicln("Failed to convert private key to RSA private key")
|
||||
}
|
||||
|
||||
if err := privKey.Validate(); err != nil {
|
||||
log.Panicln("Private key is not valid")
|
||||
}
|
||||
return KeyStore{cert: cert, caCertChain: caCerts, privKey: privKey}
|
||||
}
|
||||
|
||||
func (k KeyStore) GetTLSConfig() *tls.Config {
|
||||
certificate, err := tls.X509KeyPair(k.cert.Raw, pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(&k.privKey)}))
|
||||
func (k *KeyStore) GetTLSConfig() *tls.Config {
|
||||
|
||||
certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: k.cert.Raw})
|
||||
privKeyPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k.privKey)})
|
||||
certificate, err := tls.X509KeyPair(certPEM, privKeyPEM)
|
||||
if err != nil {
|
||||
log.Panicln("Could not load certificate and privkey to TLS")
|
||||
log.Panicln("Could not load certificate and privkey to TLS", err)
|
||||
}
|
||||
|
||||
config := &tls.Config{
|
||||
Certificates: []tls.Certificate{certificate},
|
||||
}
|
||||
return config
|
||||
}
|
||||
|
||||
func (k *KeyStore) GetTLSConfigServer() *tls.Config {
|
||||
config := k.GetTLSConfig()
|
||||
|
||||
//Add the CA certificate chain to a CertPool
|
||||
caCertPool := x509.NewCertPool()
|
||||
for _, caCert := range k.caCertChain {
|
||||
caCertPool.AddCert(caCert)
|
||||
}
|
||||
|
||||
config := &tls.Config{
|
||||
Certificates: []tls.Certificate{certificate},
|
||||
ClientCAs: caCertPool,
|
||||
}
|
||||
return config
|
||||
}
|
||||
|
||||
func (k KeyStore) GetTLSConfigServer() *tls.Config {
|
||||
config := k.GetTLSConfig()
|
||||
|
||||
config.ClientCAs = caCertPool
|
||||
config.ClientAuth = tls.RequireAndVerifyClientCert
|
||||
|
||||
return config
|
||||
}
|
||||
|
||||
func (k KeyStore) GetTLSConfigClient() *tls.Config {
|
||||
func (k *KeyStore) GetTLSConfigClient() *tls.Config {
|
||||
config := k.GetTLSConfig()
|
||||
|
||||
config.ServerName = "SERVER"
|
||||
//Add the CA certificate chain to a CertPool
|
||||
caCertPool := x509.NewCertPool()
|
||||
for _, caCert := range k.caCertChain {
|
||||
caCertPool.AddCert(caCert)
|
||||
}
|
||||
config.RootCAs = caCertPool
|
||||
|
||||
//TODO: FIX THE VERIFICATION OF THE SERVER
|
||||
//config.ServerName = "SERVER"
|
||||
|
||||
return config
|
||||
}
|
||||
|
|
@ -113,7 +134,7 @@ func (k KeyStore) EncryptMessageContent(receiverCert *x509.Certificate, content
|
|||
|
||||
// sign the message and append the signature
|
||||
hashedContent := sha256.Sum256(content)
|
||||
signature, err := rsa.SignPKCS1v15(nil, &k.privKey, crypto.SHA256, hashedContent[:])
|
||||
signature, err := rsa.SignPKCS1v15(nil, k.privKey, crypto.SHA256, hashedContent[:])
|
||||
if err != nil {
|
||||
log.Panicln("Could not create content signature: ", err)
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue