-
Notifications
You must be signed in to change notification settings - Fork 0
/
provider.go
90 lines (77 loc) · 2.88 KB
/
provider.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
package keys
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"fmt"
"io"
"io/ioutil"
)
const (
bitSize int = 2048
)
// Encrypter encrypts a given reader stream with a given public key.
// This method may be exported into a library and must not be unexported.
type Encrypter func(random io.Reader, pub *rsa.PublicKey, msg []byte) ([]byte, error)
// Decrypter decrypts a given reader stream with a given public key.
// This method may be exported into a library and must not be unexported.
type Decrypter func(rand io.Reader, priv *rsa.PrivateKey, ciphertext []byte) ([]byte, error)
// KeyProvider provides functions for en- and decryption.
// This method may be exported into a library and must not be unexported.
type KeyProvider struct {
Encrypter Encrypter
Decrypter Decrypter
}
// NewKeyProvider creates a new KeyProvider.
// This method may be exported into a library and must not be unexported.
func NewKeyProvider(keyType string) (*KeyProvider, error) {
provider := providers[keyType]
if provider == nil {
return nil, fmt.Errorf("could not find provider from type " + keyType)
}
return provider, nil
}
// Generate creates a new public/private key.
func (provider *KeyProvider) Generate() (*KeyPair, error) {
log.Info("create new key pair")
key, err := rsa.GenerateKey(rand.Reader, bitSize)
if err != nil {
return nil, fmt.Errorf("failed to create rsa key pair: %w", err)
}
return &KeyPair{key: key, encrypter: provider.Encrypter, decrypter: provider.Decrypter}, nil
}
// FromPrivateKeyPath reads the keypair from the private key file path.
func (provider *KeyProvider) FromPrivateKeyPath(path string) (*KeyPair, error) {
pk, err := ioutil.ReadFile(path)
if err != nil {
return nil, fmt.Errorf("failed to read private key file: %w", err)
}
return provider.FromPrivateKey(pk)
}
// FromPrivateKey creates a key pair from the private key.
func (provider *KeyProvider) FromPrivateKey(privateKey []byte) (*KeyPair, error) {
p, _ := pem.Decode(privateKey)
key, err := x509.ParsePKCS1PrivateKey(p.Bytes)
if err != nil {
return nil, fmt.Errorf("failed to parse private rsa key: %w", err)
}
return &KeyPair{key: key, encrypter: provider.Encrypter, decrypter: provider.Decrypter}, nil
}
// ReadPublicKeyFromString reads a public key from its string representation.
func (provider *KeyProvider) ReadPublicKeyFromString(publicKeyString string) (*PublicKey, error) {
return provider.ReadPublicKey([]byte(publicKeyString))
}
// ReadPublicKey reads a public key from an byte array.
func (provider *KeyProvider) ReadPublicKey(publicKey []byte) (*PublicKey, error) {
p, _ := pem.Decode(publicKey)
key, err := x509.ParsePKIXPublicKey(p.Bytes)
if err != nil {
return nil, fmt.Errorf("failed to parse public rsa key: %w", err)
}
pk, ok := key.(*rsa.PublicKey)
if !ok {
return nil, fmt.Errorf("could not cast key to rsa.PublicKey")
}
return &PublicKey{pk, provider.Encrypter}, nil
}