mirror of
https://github.com/wavetermdev/waveterm.git
synced 2024-12-23 16:58:27 +01:00
commit keygen package (unused)
This commit is contained in:
parent
b2347f0b45
commit
b20f85f8a2
112
pkg/keygen/keygen.go
Normal file
112
pkg/keygen/keygen.go
Normal file
@ -0,0 +1,112 @@
|
|||||||
|
// Utility functions for generating and reading public/private keypairs.
|
||||||
|
package keygen
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/ecdsa"
|
||||||
|
"crypto/elliptic"
|
||||||
|
"crypto/rand"
|
||||||
|
"crypto/x509"
|
||||||
|
"crypto/x509/pkix"
|
||||||
|
"encoding/base64"
|
||||||
|
"encoding/pem"
|
||||||
|
"fmt"
|
||||||
|
"math/big"
|
||||||
|
"os"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
const p384Params = "BgUrgQQAIg=="
|
||||||
|
|
||||||
|
// Creates a keypair with CN=[id], private key at keyFileName, and
|
||||||
|
// public key certificate at certFileName.
|
||||||
|
func CreateKeyPair(keyFileName string, certFileName string, id string) error {
|
||||||
|
privateKey, err := CreatePrivateKey(keyFileName)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
err = CreateCertificate(certFileName, privateKey, id)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Creates a private key at keyFileName (ECDSA, secp384r1 (P-384)), PEM format
|
||||||
|
func CreatePrivateKey() (*ecdsa.PrivateKey, error) {
|
||||||
|
curve := elliptic.P384() // secp384r1
|
||||||
|
privateKey, err := ecdsa.GenerateKey(curve, rand.Reader)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("Error generating P-384 key err:%w", err)
|
||||||
|
}
|
||||||
|
keyFile, err := os.Create(keyFileName)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("error opening file:%s err:%w", keyFileName, err)
|
||||||
|
}
|
||||||
|
defer keyFile.Close()
|
||||||
|
pkBytes, err := x509.MarshalPKCS8PrivateKey(privateKey)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("Error MarshalPKCS8PrivateKey err:%w", err)
|
||||||
|
}
|
||||||
|
paramsBytes, err := base64.StdEncoding.DecodeString(p384Params)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("Error decoding bytes for P-384 EC PARAMETERS err:%w", err)
|
||||||
|
}
|
||||||
|
var pemParamsBlock = &pem.Block{
|
||||||
|
Type: "EC PARAMETERS",
|
||||||
|
Bytes: paramsBytes,
|
||||||
|
}
|
||||||
|
err = pem.Encode(keyFile, pemParamsBlock)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("Error writing EC PARAMETERS pem block err:%w", err)
|
||||||
|
}
|
||||||
|
var pemPrivateBlock = &pem.Block{
|
||||||
|
Type: "EC PRIVATE KEY",
|
||||||
|
Bytes: pkBytes,
|
||||||
|
}
|
||||||
|
err = pem.Encode(keyFile, pemPrivateBlock)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("Error writing EC PRIVATE KEY pem block err:%w", err)
|
||||||
|
}
|
||||||
|
return privateKey, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Creates a public key certificate at certFileName using privateKey with CN=[id].
|
||||||
|
func CreateCertificate(certFileName string, privateKey *ecdsa.PrivateKey, id string) error {
|
||||||
|
serialNumber, err := rand.Int(rand.Reader, big.NewInt(1000000000000))
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("Cannot generate serial number err:%w", err)
|
||||||
|
}
|
||||||
|
notBefore, err := time.Parse("Jan 2 15:04:05 2006", "Jan 1 00:00:00 2020")
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("Cannot Parse Date err:%w", err)
|
||||||
|
}
|
||||||
|
notAfter, err := time.Parse("Jan 2 15:04:05 2006", "Jan 1 00:00:00 2030")
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("Cannot Parse Date err:%w", err)
|
||||||
|
}
|
||||||
|
template := x509.Certificate{
|
||||||
|
SerialNumber: serialNumber,
|
||||||
|
Subject: pkix.Name{
|
||||||
|
CommonName: id,
|
||||||
|
},
|
||||||
|
NotBefore: notBefore,
|
||||||
|
NotAfter: notAfter,
|
||||||
|
KeyUsage: x509.KeyUsageDigitalSignature,
|
||||||
|
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
|
||||||
|
BasicConstraintsValid: true,
|
||||||
|
}
|
||||||
|
certBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &privateKey.PublicKey, privateKey)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("Error running x509.CreateCertificate err:%v\n", err)
|
||||||
|
}
|
||||||
|
certFile, err := os.Create(certFileName)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("Error opening file:%s err:%w", certFileName, err)
|
||||||
|
}
|
||||||
|
defer certFile.Close()
|
||||||
|
err = pem.Encode(certFile, &pem.Block{Type: "CERTIFICATE", Bytes: certBytes})
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("Error writing CERTIFICATE pem block err:%w", err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user