From e2d414e8a9ef6fc131b65aca71db316e455e74d1 Mon Sep 17 00:00:00 2001 From: Joshua Kolden Date: Mon, 26 Jun 2017 22:41:12 -0700 Subject: [PATCH] improved password handeling --- pki/builder.go | 31 ++++++++++++++++++++++--------- pki/domain.go | 8 ++++---- 2 files changed, 26 insertions(+), 13 deletions(-) diff --git a/pki/builder.go b/pki/builder.go index bdffb40..1b041b0 100644 --- a/pki/builder.go +++ b/pki/builder.go @@ -160,13 +160,13 @@ func (b *Builder) Passphrase(passphrase string) { func (b *Builder) DistinquisedName(name pkix.Name) { b.x509name = &name - b.messages <- "added distinquised name" + b.messages <- "Added distinquised name" } func (b *Builder) CommonName(name string) { b.x509name = makename(b.x509name) b.x509name.CommonName = name - b.messages <- "added CommonName name" + b.messages <- "Added CommonName name" } func (b *Builder) Organizations(names ...string) { @@ -278,15 +278,24 @@ func (b *Builder) buildDomain() *Domain { IPs: b.ips, Salt: b.salt, } + if len(b.passphrase) == 0 { + b.errors <- errors.New("Warning passphrase not set") + } else { + e.Passphrase(b.passphrase) + } + b.messages <- "Generating Keys" e.GenerateKeys() - e.Passphrase(b.passphrase) + sn := b.sn + m := "Setting " if sn == nil { + m += "New " sn = defaultSNGenerator() } - + b.messages <- m + "SerialNumber" key_usage := DomainKeyUsage if b.ca { + b.messages <- "Creating cert with AthortyKeyUsage" key_usage = AthortyKeyUsage } @@ -309,12 +318,14 @@ func (b *Builder) buildDomain() *Domain { if err != nil { b.errors <- err } + b.messages <- "Certificate created." // Extract certificate from the DER encoding cert, err := x509.ParseCertificate(certDER) if err != nil { b.errors <- err } e.Certificate = (*Cert)(cert) + return &e } @@ -329,11 +340,6 @@ func (b *Builder) buildUser() *User { Salt: b.salt, } e.GenerateKeys() - if len(b.passphrase) == 0 { - b.errors <- errors.New("passphrase not set") - } else { - e.Passphrase(b.passphrase) - } sn := b.sn if sn == nil { @@ -370,6 +376,13 @@ func (b *Builder) buildUser() *User { b.errors <- err } e.Certificate = (*Cert)(cert) + if len(b.passphrase) == 0 { + b.errors <- errors.New("passphrase not set") + } else { + b.messages <- "Setting phrase on entity." + e.Passphrase(b.passphrase) + } + return &e } diff --git a/pki/domain.go b/pki/domain.go index 5bb87be..47ae4ad 100644 --- a/pki/domain.go +++ b/pki/domain.go @@ -334,16 +334,16 @@ func (e *Domain) encode_privatekey() { // Encode private key to pem block data, err := x509.MarshalECPrivateKey((*ecdsa.PrivateKey)(e.ClearPrivateKey)) if err != nil { - return + panic(err) } - blk := &pem.Block{Type: "PRIVATE KEY", Bytes: data} + blk := &pem.Block{Type: "EC PRIVATE KEY", Bytes: data} // If there is a passphrase available then we encrypt the key if len(e.ClearPassphrase) > 0 { key := append(e.Salt, e.ClearPassphrase...) - blk, err = x509.EncryptPEMBlock(rand.Reader, "ENCRYPTED PRIVATE KEY", data, key, x509.PEMCipherAES256) + blk, err = x509.EncryptPEMBlock(rand.Reader, "EC PRIVATE KEY", data, key, x509.PEMCipherAES256) if err != nil { - return + panic(err) } }