/
selfsigned.go
97 lines (83 loc) · 2.58 KB
/
selfsigned.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
/*
© 2021–present Harald Rudell <harald.rudell@gmail.com> (https://haraldrudell.github.io/haraldrudell/)
ISC License
*/
package parlca
import (
"crypto"
"crypto/rand"
"crypto/x509"
"github.com/haraldrudell/parl"
"github.com/haraldrudell/parl/perrors"
)
const (
/*
NoPassword PasswordType = "\tnoPassword"
GeneratePassword PasswordType = "\tgeneratePassword"
GenerateOnTheFly Strategy = iota << 0
UseFileSystem
DefaultStrategy = GenerateOnTheFly
*/
DefaultCountry = "US" // certificate country: US
notAfterYears = 10 // certificate validity for 10 years
caSubjectSuffix = "ca" // ca appended to commonName
)
type SelfSigned struct {
parl.Certificate // DER() PEM()
PrivateKey parl.PrivateKey
}
func NewSelfSigned(canonicalName string, algo x509.PublicKeyAlgorithm) (ca parl.CertificateAuthority, err error) {
c := SelfSigned{}
// create private key
if c.PrivateKey, err = NewPrivateKey(algo); err != nil {
return
}
// create certificate of certificate authority
var certificateDer parl.CertificateDer
cert := &x509.Certificate{}
EnsureSelfSigned(cert)
if certificateDer, err = x509.CreateCertificate(rand.Reader,
cert, // template
cert, // parent
c.PrivateKey.Public(), // pub any: *rsa.PublicKey *ecdsa.PublicKey ed25519.PublicKey
c.PrivateKey, // priv any: crypto.Signer
); perrors.IsPF(&err, "x509.CreateCertificate %w", err) {
return
}
c.Certificate = NewCertificate(certificateDer)
ca = &c
return
}
func NewSelfSigned2(privateKey parl.PrivateKey, certificate parl.Certificate) (ca parl.CertificateAuthority) {
return &SelfSigned{Certificate: certificate, PrivateKey: privateKey}
}
func (ca *SelfSigned) Sign(template *x509.Certificate, publicKey crypto.PublicKey) (certDER parl.CertificateDer, err error) {
// get certificate authority x509.Certificate
var caCert *x509.Certificate
if caCert, err = ca.Check(); err != nil {
return
}
caSigner := ca.PrivateKey //.Private()
// sign template
if certDER, err = x509.CreateCertificate(rand.Reader, template, caCert, publicKey, caSigner); err != nil {
err = perrors.Errorf("x509.CreateCertificate: '%w'", err)
return
}
return
}
func (ca *SelfSigned) Check() (cert *x509.Certificate, err error) {
if err = ca.PrivateKey.Validate(); err != nil {
return
}
if cert, err = ca.ParseCertificate(); perrors.IsPF(&err, "x509.ParseCertificate: '%w'", err) {
return
}
if cert.PublicKey == nil {
err = perrors.NewPF("public key uninitialied")
return
}
return
}
func (ca *SelfSigned) Private() (privateKey parl.PrivateKey) {
return ca.PrivateKey
}