-
-
Notifications
You must be signed in to change notification settings - Fork 13
/
crypto.go
119 lines (92 loc) · 3.01 KB
/
crypto.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
package crypto
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"fmt"
"path/filepath"
log "github.com/sirupsen/logrus"
"golang.org/x/crypto/ssh"
"github.com/rewardenv/reward/internal/config"
"github.com/rewardenv/reward/pkg/util"
)
type Client struct {
config *config.Config
}
func New(c *config.Config) *Client {
return &Client{
config: c,
}
}
// generateRSAPrivateKey creates an RSA Private Key of specified byte size.
func (c *Client) generateRSAPrivateKey(bitSize int) (*rsa.PrivateKey, error) {
log.Debugln("Generating RSA private key...")
// Private Key generation
privateKey, err := rsa.GenerateKey(rand.Reader, bitSize)
if err != nil {
return nil, fmt.Errorf("cannot generate private key: %w", err)
}
// Validate Private Key
err = privateKey.Validate()
if err != nil {
return nil, fmt.Errorf("cannot validate private key: %w", err)
}
log.Debugln("...private key generated.")
return privateKey, nil
}
// EncodeRSAPrivateKeyToPEM encodes Private Key from RSA to PEM format.
func (c *Client) EncodeRSAPrivateKeyToPEM(privateKey *rsa.PrivateKey) ([]byte, error) {
log.Debugln("Encoding RSA private key to PEM...")
err := privateKey.Validate()
if err != nil {
return nil, fmt.Errorf("cannot validate private key: %w", err)
}
return pem.EncodeToMemory(&pem.Block{
Type: "RSA PRIVATE KEY",
Headers: nil,
Bytes: x509.MarshalPKCS1PrivateKey(privateKey),
}), nil
}
// GenerateSSHPublicKey takes a rsa.PublicKey and return bytes suitable for writing to .pub file
// returns in the format "ssh-rsa ...".
func (c *Client) GenerateSSHPublicKey(publicKey *rsa.PublicKey) ([]byte, error) {
log.Debugln("Generating SSH public key...")
publicSSHKey, err := ssh.NewPublicKey(publicKey)
if err != nil {
return nil, fmt.Errorf("cannot create public key: %w", err)
}
key := ssh.MarshalAuthorizedKey(publicSSHKey)
log.Debugln("...SSH public key generated.")
return key, nil
}
// GenerateSSHKeys generates and writes SSH keys with bitSize and saves them to path.
func (c *Client) GenerateSSHKeys(bitSize int, path string) error {
log.Debugln("Generating SSH keys...")
//nolint:gocritic
privateKeyPath := filepath.Join(path)
//nolint:gocritic
publicKeyPath := filepath.Join(path + ".pub")
privateKey, err := c.generateRSAPrivateKey(bitSize)
if err != nil {
return fmt.Errorf("cannot generate private key: %w", err)
}
privateKeyBytes, err := c.EncodeRSAPrivateKeyToPEM(privateKey)
if err != nil {
return fmt.Errorf("cannot encode private key to PEM: %w", err)
}
publicKeyBytes, err := c.GenerateSSHPublicKey(&privateKey.PublicKey)
if err != nil {
return fmt.Errorf("cannot generate ssh public key: %w", err)
}
err = util.CreateDirAndWriteToFile(privateKeyBytes, privateKeyPath, 0o600)
if err != nil {
return fmt.Errorf("cannot write private key to file: %w", err)
}
err = util.CreateDirAndWriteToFile(publicKeyBytes, publicKeyPath, 0o600)
if err != nil {
return fmt.Errorf("cannot write public key to file: %w", err)
}
log.Debugln("...SSH keys generated.")
return nil
}