forked from github/dynamiclistener
Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
e425269f0e |
22
cert/cert.go
22
cert/cert.go
@ -66,11 +66,16 @@ type AltNames struct {
|
||||
IPs []net.IP
|
||||
}
|
||||
|
||||
// NewPrivateKey creates an RSA private key
|
||||
func NewPrivateKey() (*rsa.PrivateKey, error) {
|
||||
// NewRSAPrivateKey creates an RSA private key
|
||||
func NewRSAPrivateKey() (*rsa.PrivateKey, error) {
|
||||
return rsa.GenerateKey(cryptorand.Reader, rsaKeySize)
|
||||
}
|
||||
|
||||
// NewPrivateKey creates an RSA private key
|
||||
func NewPrivateKey() (*ecdsa.PrivateKey, error) {
|
||||
return ecdsa.GenerateKey(elliptic.P256Sm2(), cryptorand.Reader)
|
||||
}
|
||||
|
||||
// NewSelfSignedCACert creates a CA certificate
|
||||
func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, error) {
|
||||
now := time.Now()
|
||||
@ -153,7 +158,7 @@ func NewSignedCert(cfg Config, key crypto.Signer, caCert *x509.Certificate, caKe
|
||||
|
||||
// MakeEllipticPrivateKeyPEM creates an ECDSA private key
|
||||
func MakeEllipticPrivateKeyPEM() ([]byte, error) {
|
||||
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), cryptorand.Reader)
|
||||
privateKey, err := ecdsa.GenerateKey(elliptic.P256Sm2(), cryptorand.Reader)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -204,7 +209,7 @@ func GenerateSelfSignedCertKeyWithFixtures(host string, alternateIPs []net.IP, a
|
||||
maxAge = 100 * time.Hour * 24 * 365 // 100 years fixtures
|
||||
}
|
||||
|
||||
caKey, err := rsa.GenerateKey(cryptorand.Reader, 2048)
|
||||
caKey, err := NewPrivateKey()
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
@ -232,7 +237,7 @@ func GenerateSelfSignedCertKeyWithFixtures(host string, alternateIPs []net.IP, a
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
priv, err := rsa.GenerateKey(cryptorand.Reader, 2048)
|
||||
priv, err := NewPrivateKey()
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
@ -275,7 +280,12 @@ func GenerateSelfSignedCertKeyWithFixtures(host string, alternateIPs []net.IP, a
|
||||
|
||||
// Generate key
|
||||
keyBuffer := bytes.Buffer{}
|
||||
if err := pem.Encode(&keyBuffer, &pem.Block{Type: RSAPrivateKeyBlockType, Bytes: x509.MarshalPKCS1PrivateKey(priv)}); err != nil {
|
||||
privBuf, err := x509.MarshalECPrivateKey(priv)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
if err := pem.Encode(&keyBuffer, &pem.Block{Type: ECPrivateKeyBlockType, Bytes: privBuf}); err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
|
||||
39
cert/cert_test.go
Normal file
39
cert/cert_test.go
Normal file
@ -0,0 +1,39 @@
|
||||
package cert
|
||||
|
||||
import (
|
||||
"crypto/ecdsa"
|
||||
"fmt"
|
||||
"os"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestCreateAndReadCert(t *testing.T) {
|
||||
kFile := "service.key"
|
||||
defer os.Remove(kFile)
|
||||
key, err := NewPrivateKey()
|
||||
if err != nil {
|
||||
t.Errorf("failed to create private key: %v", err)
|
||||
}
|
||||
|
||||
if err := WriteKey(kFile, EncodePrivateKeyPEM(key)); err != nil {
|
||||
t.Errorf("failed to encode private key to pem: %v", err)
|
||||
}
|
||||
|
||||
keyR, err := PrivateKeyFromFile(kFile)
|
||||
if err != nil {
|
||||
t.Errorf("failed to load private key from file: %v", err)
|
||||
}
|
||||
|
||||
switch k := keyR.(type) {
|
||||
case *ecdsa.PrivateKey:
|
||||
fmt.Println("loaded back ecdsa private key")
|
||||
default:
|
||||
t.Errorf("load back a wrong private key %v", k)
|
||||
}
|
||||
|
||||
buf := EncodePrivateKeyPEM(key)
|
||||
_, err = ParsePrivateKeyPEM(buf)
|
||||
if err != nil {
|
||||
t.Errorf("failed to parse private key from pem: %v", err)
|
||||
}
|
||||
}
|
||||
@ -17,6 +17,7 @@ limitations under the License.
|
||||
package cert
|
||||
|
||||
import (
|
||||
"crypto/ecdsa"
|
||||
cryptorand "crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/x509"
|
||||
@ -60,8 +61,11 @@ func MakeCSRFromTemplate(privateKey interface{}, template *x509.CertificateReque
|
||||
|
||||
func sigType(privateKey interface{}) x509.SignatureAlgorithm {
|
||||
// Customize the signature for RSA keys, depending on the key size
|
||||
if privateKey, ok := privateKey.(*rsa.PrivateKey); ok {
|
||||
keySize := privateKey.N.BitLen()
|
||||
switch privK := privateKey.(type) {
|
||||
case *ecdsa.PrivateKey:
|
||||
return x509.ECDSAWithSHA256
|
||||
case *rsa.PrivateKey:
|
||||
keySize := privK.N.BitLen()
|
||||
switch {
|
||||
case keySize >= 4096:
|
||||
return x509.SHA512WithRSA
|
||||
|
||||
25
cert/pem.go
25
cert/pem.go
@ -41,7 +41,7 @@ const (
|
||||
)
|
||||
|
||||
// EncodePublicKeyPEM returns PEM-encoded public data
|
||||
func EncodePublicKeyPEM(key *rsa.PublicKey) ([]byte, error) {
|
||||
func EncodePublicKeyPEM(key interface{}) ([]byte, error) {
|
||||
der, err := x509.MarshalPKIXPublicKey(key)
|
||||
if err != nil {
|
||||
return []byte{}, err
|
||||
@ -54,12 +54,25 @@ func EncodePublicKeyPEM(key *rsa.PublicKey) ([]byte, error) {
|
||||
}
|
||||
|
||||
// EncodePrivateKeyPEM returns PEM-encoded private key data
|
||||
func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte {
|
||||
block := pem.Block{
|
||||
Type: RSAPrivateKeyBlockType,
|
||||
Bytes: x509.MarshalPKCS1PrivateKey(key),
|
||||
func EncodePrivateKeyPEM(key interface{}) []byte {
|
||||
var block *pem.Block
|
||||
switch privKey := key.(type) {
|
||||
case *ecdsa.PrivateKey:
|
||||
derBytes, _ := x509.MarshalECPrivateKey(privKey)
|
||||
block = &pem.Block{
|
||||
Type: ECPrivateKeyBlockType,
|
||||
Bytes: derBytes,
|
||||
}
|
||||
case *rsa.PrivateKey:
|
||||
block = &pem.Block{
|
||||
Type: RSAPrivateKeyBlockType,
|
||||
Bytes: x509.MarshalPKCS1PrivateKey(privKey),
|
||||
}
|
||||
}
|
||||
return pem.EncodeToMemory(&block)
|
||||
if block != nil {
|
||||
return pem.EncodeToMemory(block)
|
||||
}
|
||||
return []byte{}
|
||||
}
|
||||
|
||||
// EncodeCertPEM returns PEM-endcoded certificate data
|
||||
|
||||
Loading…
Reference in New Issue
Block a user