Skip to content

Commit

Permalink
improved password handeling
Browse files Browse the repository at this point in the history
  • Loading branch information
@mrjoshuak
mrjoshuak committed Jun 27, 2017
1 parent 9f1597c commit e2d414e
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 13 deletions.
31 changes: 22 additions & 9 deletions pki/builder.go
View file
Expand Up @@ -160,13 +160,13 @@ func (b *Builder) Passphrase(passphrase string) {

func (b *Builder) DistinquisedName(name pkix.Name) {
b.x509name = &name
b.messages <- "added distinquised name"
b.messages <- "Added distinquised name"
}

func (b *Builder) CommonName(name string) {
b.x509name = makename(b.x509name)
b.x509name.CommonName = name
b.messages <- "added CommonName name"
b.messages <- "Added CommonName name"
}

func (b *Builder) Organizations(names ...string) {
Expand Down Expand Up @@ -278,15 +278,24 @@ func (b *Builder) buildDomain() *Domain {
IPs: b.ips,
Salt: b.salt,
}
if len(b.passphrase) == 0 {
b.errors <- errors.New("Warning passphrase not set")
} else {
e.Passphrase(b.passphrase)
}
b.messages <- "Generating Keys"
e.GenerateKeys()
e.Passphrase(b.passphrase)

sn := b.sn
m := "Setting "
if sn == nil {
m += "New "
sn = defaultSNGenerator()
}

b.messages <- m + "SerialNumber"
key_usage := DomainKeyUsage
if b.ca {
b.messages <- "Creating cert with AthortyKeyUsage"
key_usage = AthortyKeyUsage
}

Expand All @@ -309,12 +318,14 @@ func (b *Builder) buildDomain() *Domain {
if err != nil {
b.errors <- err
}
b.messages <- "Certificate created."
// Extract certificate from the DER encoding
cert, err := x509.ParseCertificate(certDER)
if err != nil {
b.errors <- err
}
e.Certificate = (*Cert)(cert)

return &e
}

Expand All @@ -329,11 +340,6 @@ func (b *Builder) buildUser() *User {
Salt: b.salt,
}
e.GenerateKeys()
if len(b.passphrase) == 0 {
b.errors <- errors.New("passphrase not set")
} else {
e.Passphrase(b.passphrase)
}

sn := b.sn
if sn == nil {
Expand Down Expand Up @@ -370,6 +376,13 @@ func (b *Builder) buildUser() *User {
b.errors <- err
}
e.Certificate = (*Cert)(cert)
if len(b.passphrase) == 0 {
b.errors <- errors.New("passphrase not set")
} else {
b.messages <- "Setting phrase on entity."
e.Passphrase(b.passphrase)
}

return &e
}

Expand Down
8 changes: 4 additions & 4 deletions pki/domain.go
View file
Expand Up @@ -334,16 +334,16 @@ func (e *Domain) encode_privatekey() {
// Encode private key to pem block
data, err := x509.MarshalECPrivateKey((*ecdsa.PrivateKey)(e.ClearPrivateKey))
if err != nil {
return
panic(err)
}
blk := &pem.Block{Type: "PRIVATE KEY", Bytes: data}
blk := &pem.Block{Type: "EC PRIVATE KEY", Bytes: data}

// If there is a passphrase available then we encrypt the key
if len(e.ClearPassphrase) > 0 {
key := append(e.Salt, e.ClearPassphrase...)
blk, err = x509.EncryptPEMBlock(rand.Reader, "ENCRYPTED PRIVATE KEY", data, key, x509.PEMCipherAES256)
blk, err = x509.EncryptPEMBlock(rand.Reader, "EC PRIVATE KEY", data, key, x509.PEMCipherAES256)
if err != nil {
return
panic(err)
}
}

Expand Down

0 comments on commit e2d414e

Please sign in to comment.