-
Notifications
You must be signed in to change notification settings - Fork 1
/
utils.go
110 lines (92 loc) · 2.22 KB
/
utils.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
package testca
import (
"bytes"
"crypto/ecdsa"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"errors"
"fmt"
"os/exec"
)
// ToPFX converts cert with private key to PFX
func ToPFX(cert *x509.Certificate, priv interface{}, password string) []byte {
// only allow alphanumeric passwords
for _, c := range password {
switch {
case c >= 'a' && c <= 'z':
case c >= 'A' && c <= 'Z':
case c >= '0' && c <= '9':
default:
panic("password must be alphanumeric")
}
}
passout := fmt.Sprintf("pass:%s", password)
cmd := exec.Command("openssl", "pkcs12", "-export", "-passout", passout)
cmd.Stdin = bytes.NewReader(append(append(ToPKCS8(priv), '\n'), ToPEM(cert)...))
out := new(bytes.Buffer)
cmd.Stdout = out
if err := cmd.Run(); err != nil {
panic(err)
}
return out.Bytes()
}
// ToPEM exports cert to PEM
func ToPEM(cert *x509.Certificate) []byte {
buf := new(bytes.Buffer)
if err := pem.Encode(buf, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}); err != nil {
panic(err)
}
return buf.Bytes()
}
// ToDER exports private key to DER
func ToDER(priv interface{}) []byte {
var (
der []byte
err error
)
switch p := priv.(type) {
case *rsa.PrivateKey:
der = x509.MarshalPKCS1PrivateKey(p)
case *ecdsa.PrivateKey:
der, err = x509.MarshalECPrivateKey(p)
default:
err = errors.New("unknown key type")
}
if err != nil {
panic(err)
}
return der
}
// PrivKeyToPEM exports private key to PEM
func PrivKeyToPEM(priv interface{}) []byte {
var (
pemKey []byte
err error
)
switch key := priv.(type) {
case *rsa.PrivateKey:
der := x509.MarshalPKCS1PrivateKey(key)
pemKey = pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: der})
case *ecdsa.PrivateKey:
der, _ := x509.MarshalECPrivateKey(key)
pemKey = pem.EncodeToMemory(&pem.Block{Type: "ECDSA PRIVATE KEY", Bytes: der})
default:
err = errors.New("unknown key type")
}
if err != nil {
panic(err)
}
return pemKey
}
// ToPKCS8 exports private key to PKCS8
func ToPKCS8(priv interface{}) []byte {
cmd := exec.Command("openssl", "pkcs8", "-topk8", "-nocrypt", "-inform", "DER")
cmd.Stdin = bytes.NewReader(ToDER(priv))
out := new(bytes.Buffer)
cmd.Stdout = out
if err := cmd.Run(); err != nil {
panic(err)
}
return out.Bytes()
}