reformat everything with gofmt
Yes, I know that this will more or less destroy the history, but it had to be done. I also adjusted my editor to use gofmt rules by default now.
This commit is contained in:
parent
b3f621a312
commit
301d931ad7
|
@ -63,14 +63,18 @@ func (c *CertificateData) ToCertificateRequest(private_key PrivateKey) (*Certifi
|
|||
csr.EmailAddresses = c.EmailAddresses
|
||||
|
||||
csr_asn1, err := x509.CreateCertificateRequest(rand.Reader, csr, private_key.PrivateKey())
|
||||
if err != nil { return nil, err }
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return LoadCertificateSignRequest(csr_asn1)
|
||||
}
|
||||
|
||||
// Load a certificate sign request from its asn1 representation.
|
||||
func LoadCertificateSignRequest(raw []byte) (*CertificateRequest, error) {
|
||||
csr, err := x509.ParseCertificateRequest(raw)
|
||||
if err != nil { return nil, err }
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return (*CertificateRequest)(csr), nil
|
||||
}
|
||||
|
||||
|
@ -88,7 +92,9 @@ func (c *CertificateRequest) MarshalPem() (marshalledPemBlock, error) {
|
|||
func (c *CertificateRequest) ToCertificate(private_key PrivateKey,
|
||||
cert_opts CertificateOptions, ca *Certificate) (*Certificate, error) {
|
||||
|
||||
if err := cert_opts.Valid(); err != nil { return nil, err }
|
||||
if err := cert_opts.Valid(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
template := &x509.Certificate{}
|
||||
template.Subject = c.Subject
|
||||
|
@ -124,14 +130,18 @@ func (c *CertificateRequest) ToCertificate(private_key PrivateKey,
|
|||
} else {
|
||||
cert_asn1, err = x509.CreateCertificate(rand.Reader, template, (*x509.Certificate)(ca), c.PublicKey, private_key.PrivateKey())
|
||||
}
|
||||
if err != nil { return nil, err }
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return LoadCertificate(cert_asn1)
|
||||
}
|
||||
|
||||
// Load a certificate from its asn1 representation.
|
||||
func LoadCertificate(raw []byte) (*Certificate, error) {
|
||||
cert, err := x509.ParseCertificate(raw)
|
||||
if err != nil { return nil, err }
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return (*Certificate)(cert), nil
|
||||
}
|
||||
|
||||
|
@ -143,6 +153,8 @@ func (c *Certificate) MarshalPem() (marshalledPemBlock, error) {
|
|||
|
||||
// Check if the certificate options have the required fields set.
|
||||
func (co *CertificateOptions) Valid() error {
|
||||
if co.SerialNumber == nil { return fmt.Errorf("No serial number set!") }
|
||||
if co.SerialNumber == nil {
|
||||
return fmt.Errorf("No serial number set!")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -2,7 +2,6 @@ package pki
|
|||
|
||||
import (
|
||||
"crypto/elliptic"
|
||||
// "crypto/x509"
|
||||
"crypto/x509/pkix"
|
||||
"math/big"
|
||||
"reflect"
|
||||
|
@ -18,10 +17,14 @@ var (
|
|||
|
||||
func TestCertificateCreation(t *testing.T) {
|
||||
pk, err := NewPrivateKeyEcdsa(elliptic.P224())
|
||||
if err != nil { t.Errorf("cert: creating private key failed: %s", err) }
|
||||
if err != nil {
|
||||
t.Errorf("cert: creating private key failed: %s", err)
|
||||
}
|
||||
|
||||
csr, err := TestCertificateData.ToCertificateRequest(pk)
|
||||
if err != nil { t.Errorf("cert: creating csr failed: %s", err) }
|
||||
if err != nil {
|
||||
t.Errorf("cert: creating csr failed: %s", err)
|
||||
}
|
||||
|
||||
cert_opts := CertificateOptions{
|
||||
// KeyUsage: x509.KeyUsageEncipherOnly | x509.KeyUsageKeyEncipherment | x509.KeyUsageCertSign,
|
||||
|
@ -29,7 +32,9 @@ func TestCertificateCreation(t *testing.T) {
|
|||
}
|
||||
|
||||
cert, err := csr.ToCertificate(pk, cert_opts, nil)
|
||||
if err != nil { t.Errorf("cert: creating cert failed: %s", err) }
|
||||
if err != nil {
|
||||
t.Errorf("cert: creating cert failed: %s", err)
|
||||
}
|
||||
|
||||
if !fieldsAreSame(TestCertificateData, cert) {
|
||||
t.Errorf("cert: Fields are not the same")
|
||||
|
@ -37,10 +42,20 @@ func TestCertificateCreation(t *testing.T) {
|
|||
}
|
||||
|
||||
func fieldsAreSame(data CertificateData, cert *Certificate) bool {
|
||||
if data.Subject.CommonName != cert.Subject.CommonName { return false }
|
||||
if !reflect.DeepEqual(data.Subject.Country, cert.Subject.Country) { return false }
|
||||
if !reflect.DeepEqual(data.DNSNames, cert.DNSNames) { return false }
|
||||
if !reflect.DeepEqual(data.IPAddresses, cert.IPAddresses) { return false }
|
||||
if !reflect.DeepEqual(data.EmailAddresses, cert.EmailAddresses) { return false }
|
||||
if data.Subject.CommonName != cert.Subject.CommonName {
|
||||
return false
|
||||
}
|
||||
if !reflect.DeepEqual(data.Subject.Country, cert.Subject.Country) {
|
||||
return false
|
||||
}
|
||||
if !reflect.DeepEqual(data.DNSNames, cert.DNSNames) {
|
||||
return false
|
||||
}
|
||||
if !reflect.DeepEqual(data.IPAddresses, cert.IPAddresses) {
|
||||
return false
|
||||
}
|
||||
if !reflect.DeepEqual(data.EmailAddresses, cert.EmailAddresses) {
|
||||
return false
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
|
28
ecdsa.go
28
ecdsa.go
|
@ -39,14 +39,18 @@ type (
|
|||
// For available curves, please take a look at the crypto/elliptic package.
|
||||
func NewPrivateKeyEcdsa(curve elliptic.Curve) (*EcdsaPrivateKey, error) {
|
||||
key, err := ecdsa.GenerateKey(curve, rand.Reader)
|
||||
if err != nil { return nil, err }
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &EcdsaPrivateKey{key}, nil
|
||||
}
|
||||
|
||||
// Load the private key from the asn1 representation.
|
||||
func LoadPrivateKeyEcdsa(raw []byte) (*EcdsaPrivateKey, error) {
|
||||
key, err := x509.ParseECPrivateKey(raw)
|
||||
if err != nil { return nil, err }
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &EcdsaPrivateKey{key}, nil
|
||||
}
|
||||
|
||||
|
@ -75,7 +79,9 @@ func (pr EcdsaPrivateKey) PrivateKey() crypto.PrivateKey {
|
|||
// into a pem block.
|
||||
func (pr EcdsaPrivateKey) MarshalPem() (io.WriterTo, error) {
|
||||
asn1, err := x509.MarshalECPrivateKey(pr.private_key)
|
||||
if err != nil { return nil, err }
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
pem_block := pem.Block{Type: PemLabelEcdsa, Bytes: asn1}
|
||||
return marshalledPemBlock(pem.EncodeToMemory(&pem_block)), nil
|
||||
}
|
||||
|
@ -83,10 +89,14 @@ func (pr EcdsaPrivateKey) MarshalPem() (io.WriterTo, error) {
|
|||
// This functoin loads an ecdsa public key from the asn.1 representation.
|
||||
func LoadPublicKeyEcdsa(raw []byte) (*EcdsaPublicKey, error) {
|
||||
raw_pub, err := x509.ParsePKIXPublicKey(raw)
|
||||
if err != nil { return nil, err }
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
pub, ok := raw_pub.(*ecdsa.PublicKey)
|
||||
if !ok { return nil, errors.New("Not an ecdsa key!") }
|
||||
if !ok {
|
||||
return nil, errors.New("Not an ecdsa key!")
|
||||
}
|
||||
return &EcdsaPublicKey{pub}, nil
|
||||
}
|
||||
|
||||
|
@ -94,7 +104,9 @@ func LoadPublicKeyEcdsa(raw []byte) (*EcdsaPublicKey, error) {
|
|||
// a pem block.
|
||||
func (pu *EcdsaPublicKey) MarshalPem() (io.WriterTo, error) {
|
||||
asn1, err := x509.MarshalPKIXPublicKey(pu.public_key)
|
||||
if err != nil { return nil, err }
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
pem_block := pem.Block{Type: PemLabelPublic, Bytes: asn1}
|
||||
return marshalledPemBlock(pem.EncodeToMemory(&pem_block)), nil
|
||||
}
|
||||
|
@ -105,7 +117,9 @@ func (pu *EcdsaPublicKey) MarshalPem() (io.WriterTo, error) {
|
|||
func (pu *EcdsaPublicKey) Verify(message []byte, signature_raw []byte, hash crypto.Hash) (bool, error) {
|
||||
var sig signatureEcdsa
|
||||
_, err := asn1.Unmarshal(signature_raw, &sig)
|
||||
if err != nil { return false, err }
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
hashed_message := hash.New()
|
||||
hashed_message.Write(message)
|
||||
return ecdsa.Verify(pu.public_key, hashed_message.Sum(nil), sig.R, sig.S), nil
|
||||
|
|
|
@ -35,29 +35,45 @@ func RunMarshalTest(pkType string, pe Pemmer, label string, t *testing.T) ([]byt
|
|||
// test other private key functions
|
||||
func RunPrivateKeyTests(pkType string, pk PrivateKey, pu PublicKey, t *testing.T) {
|
||||
signature, err := pk.Sign(SignatureMessage, SignatureHash)
|
||||
if err != nil { t.Errorf("%s: error creating a signature: %s", pkType, err) }
|
||||
if err != nil {
|
||||
t.Errorf("%s: error creating a signature: %s", pkType, err)
|
||||
}
|
||||
|
||||
valid, err := pu.Verify(SignatureMessage, signature, SignatureHash)
|
||||
if err != nil { t.Errorf("%s: could not verify message: %s", pkType, err) }
|
||||
if !valid { t.Errorf("%s: signature invalid, but should be valid!", pkType) }
|
||||
if err != nil {
|
||||
t.Errorf("%s: could not verify message: %s", pkType, err)
|
||||
}
|
||||
if !valid {
|
||||
t.Errorf("%s: signature invalid, but should be valid!", pkType)
|
||||
}
|
||||
}
|
||||
|
||||
// test ecdsa private key functions
|
||||
func TestEcdsaFunctions(t *testing.T) {
|
||||
pk, err := NewPrivateKeyEcdsa(elliptic.P521())
|
||||
if err != nil { t.Errorf("ecdsa: creating private key failed: %s", err) }
|
||||
if err != nil {
|
||||
t.Errorf("ecdsa: creating private key failed: %s", err)
|
||||
}
|
||||
|
||||
blockBytes, err := RunMarshalTest("ecdsa", pk, PemLabelEcdsa, t)
|
||||
if err != nil { return }
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
pk, err = LoadPrivateKeyEcdsa(blockBytes)
|
||||
if err != nil { t.Errorf("ecdsa: pem content wrong: %s", err) }
|
||||
if err != nil {
|
||||
t.Errorf("ecdsa: pem content wrong: %s", err)
|
||||
}
|
||||
|
||||
blockBytes, err = RunMarshalTest("ecdsa-public", pk.Public(), PemLabelPublic, t)
|
||||
if err != nil { return }
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
pu, err := LoadPublicKeyEcdsa(blockBytes)
|
||||
if err != nil { t.Errorf("ecdsa-public: pem content wrong: %s", err) }
|
||||
if err != nil {
|
||||
t.Errorf("ecdsa-public: pem content wrong: %s", err)
|
||||
}
|
||||
|
||||
RunPrivateKeyTests("ecdsa", pk, pu, t)
|
||||
}
|
||||
|
@ -65,20 +81,29 @@ func TestEcdsaFunctions(t *testing.T) {
|
|||
// test rsa private key functions
|
||||
func TestRsaFunctions(t *testing.T) {
|
||||
pk, err := NewPrivateKeyRsa(2048)
|
||||
if err != nil { t.Errorf("rsa: creating private key failed: %s", err) }
|
||||
if err != nil {
|
||||
t.Errorf("rsa: creating private key failed: %s", err)
|
||||
}
|
||||
|
||||
blockBytes, err := RunMarshalTest("rsa", pk, PemLabelRsa, t)
|
||||
if err != nil { return }
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
pk, err = LoadPrivateKeyRsa(blockBytes)
|
||||
if err != nil { t.Errorf("rsa: pem content wrong: %s", err) }
|
||||
|
||||
if err != nil {
|
||||
t.Errorf("rsa: pem content wrong: %s", err)
|
||||
}
|
||||
|
||||
blockBytes, err = RunMarshalTest("rsa-public", pk.Public(), PemLabelPublic, t)
|
||||
if err != nil { return }
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
pu, err := LoadPublicKeyRsa(blockBytes)
|
||||
if err != nil { t.Errorf("rsa-public: pem content wrong: %s", err) }
|
||||
if err != nil {
|
||||
t.Errorf("rsa-public: pem content wrong: %s", err)
|
||||
}
|
||||
|
||||
RunPrivateKeyTests("rsa", pk, pu, t)
|
||||
}
|
||||
|
|
12
rsa.go
12
rsa.go
|
@ -27,14 +27,18 @@ type (
|
|||
// generate a new rsa private key
|
||||
func NewPrivateKeyRsa(size int) (*RsaPrivateKey, error) {
|
||||
key, err := rsa.GenerateKey(rand.Reader, size)
|
||||
if err != nil { return nil, err }
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &RsaPrivateKey{key}, nil
|
||||
}
|
||||
|
||||
// load a rsa private key its ASN.1 presentation
|
||||
func LoadPrivateKeyRsa(raw []byte) (*RsaPrivateKey, error) {
|
||||
key, err := x509.ParsePKCS1PrivateKey(raw)
|
||||
if err != nil { return nil, err }
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &RsaPrivateKey{key}, nil
|
||||
}
|
||||
|
||||
|
@ -65,7 +69,9 @@ func LoadPublicKeyRsa(raw []byte) (*RsaPublicKey, error) {
|
|||
// marshal a rsa public key into pem format
|
||||
func (pu *RsaPublicKey) MarshalPem() (io.WriterTo, error) {
|
||||
asn1, err := x509.MarshalPKIXPublicKey(pu.public_key)
|
||||
if err != nil { return nil, err }
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
pem_block := pem.Block{Type: PemLabelPublic, Bytes: asn1}
|
||||
return marshalledPemBlock(pem.EncodeToMemory(&pem_block)), nil
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue