split out all private key related functions
This moves all private key related functions out into a separate file to get flags.go smaller.
This commit is contained in:
parent
8e2db6f6c9
commit
9ba6a88449
97
flags.go
97
flags.go
|
@ -21,14 +21,7 @@ import (
|
|||
"github.com/gibheer/pki"
|
||||
)
|
||||
|
||||
const (
|
||||
RsaLowerLength = 2048
|
||||
RsaUpperLength = 16384
|
||||
)
|
||||
|
||||
var (
|
||||
// the possible ecdsa curves allowed to be used
|
||||
EcdsaCurves = []int{224, 256, 384, 521}
|
||||
// the possible valid key usages to check against the commandline
|
||||
ValidKeyUsages = map[string]x509.KeyUsage{
|
||||
"digitalsignature": x509.KeyUsageDigitalSignature,
|
||||
|
@ -94,12 +87,6 @@ type (
|
|||
certificatePath string // path to a certificate
|
||||
}
|
||||
|
||||
privateKeyGenerationFlags struct {
|
||||
Type string // type of the private key (rsa, ecdsa)
|
||||
Curve elliptic.Curve // curve for ecdsa
|
||||
Size int // bitsize for rsa
|
||||
}
|
||||
|
||||
certGenerationRaw struct {
|
||||
serial int64
|
||||
notBefore string
|
||||
|
@ -121,14 +108,6 @@ var (
|
|||
certificate requests and certificates and sign/verify messages.`,
|
||||
}
|
||||
|
||||
CmdCreatePrivateKey = &Command{
|
||||
Use: "create-private",
|
||||
Short: "create a private key",
|
||||
Long: "Create an ecdsa or rsa key with this command",
|
||||
Example: "create-private -type=ecdsa -length=521",
|
||||
Run: create_private_key,
|
||||
}
|
||||
|
||||
CmdCreatePublicKey = &Command{
|
||||
Use: "create-public",
|
||||
Short: "create a public key from a private key",
|
||||
|
@ -182,8 +161,6 @@ certificate requests and certificates and sign/verify messages.`,
|
|||
FlagOutput io.WriteCloser
|
||||
// signature from the args
|
||||
FlagSignature []byte
|
||||
// private key specific stuff
|
||||
FlagPrivateKeyGeneration privateKeyGenerationFlags
|
||||
// a certificate filled with the parameters
|
||||
FlagCertificateRequestData *pki.CertificateData
|
||||
// the certificate sign request
|
||||
|
@ -238,39 +215,6 @@ func checkFlags(checks ...flagCheck) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
//// print a message with the usage part
|
||||
//func (f *Flags) Usagef(message string, args ...interface{}) {
|
||||
// fmt.Fprintf(os.Stderr, "error: " + message + "\n", args...)
|
||||
// f.flagset.Flags().Usage()
|
||||
//}
|
||||
|
||||
// add the private key option to the requested flags
|
||||
func InitFlagPrivateKey(cmd *Command) {
|
||||
cmd.Flags().StringVar(&flagContainer.privateKeyPath, "private-key", "", "path to the private key (required)")
|
||||
}
|
||||
|
||||
// check the private key flag and load the private key
|
||||
func checkPrivateKey() error {
|
||||
if flagContainer.privateKeyPath == "" {
|
||||
return fmt.Errorf("No private key given!")
|
||||
}
|
||||
// check permissions of private key file
|
||||
info, err := os.Stat(flagContainer.privateKeyPath)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error reading private key: %s", err)
|
||||
}
|
||||
if info.Mode().Perm().String()[4:] != "------" {
|
||||
return fmt.Errorf("private key file modifyable by others!")
|
||||
}
|
||||
|
||||
pk, err := ReadPrivateKeyFile(flagContainer.privateKeyPath)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error reading private key: %s", err)
|
||||
}
|
||||
FlagPrivateKey = pk
|
||||
return nil
|
||||
}
|
||||
|
||||
// add the public key flag
|
||||
func InitFlagPublicKey(cmd *Command) {
|
||||
cmd.Flags().StringVar(&flagContainer.publicKeyPath, "public-key", "", "path to the public key (required)")
|
||||
|
@ -454,47 +398,6 @@ func checkInput() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// This function adds the private key generation flags.
|
||||
func InitFlagPrivateKeyGeneration(cmd *Command) {
|
||||
cmd.Flags().StringVar(&flagContainer.cryptType, "type", "ecdsa", "the type of the private key (ecdsa, rsa)")
|
||||
cmd.Flags().IntVar(
|
||||
&flagContainer.length,
|
||||
"length", 521,
|
||||
fmt.Sprintf("%d - %d for rsa; one of %v for ecdsa", RsaLowerLength, RsaUpperLength, EcdsaCurves),
|
||||
)
|
||||
}
|
||||
|
||||
// check the private key generation variables and move them to the work space
|
||||
func checkPrivateKeyGeneration() error {
|
||||
pk_type := flagContainer.cryptType
|
||||
FlagPrivateKeyGeneration.Type = pk_type
|
||||
switch pk_type {
|
||||
case "ecdsa":
|
||||
switch flagContainer.length {
|
||||
case 224:
|
||||
FlagPrivateKeyGeneration.Curve = elliptic.P224()
|
||||
case 256:
|
||||
FlagPrivateKeyGeneration.Curve = elliptic.P256()
|
||||
case 384:
|
||||
FlagPrivateKeyGeneration.Curve = elliptic.P384()
|
||||
case 521:
|
||||
FlagPrivateKeyGeneration.Curve = elliptic.P521()
|
||||
default:
|
||||
return fmt.Errorf("Curve %d unknown!", flagContainer.length)
|
||||
}
|
||||
case "rsa":
|
||||
size := flagContainer.length
|
||||
if RsaLowerLength <= size && size <= RsaUpperLength {
|
||||
FlagPrivateKeyGeneration.Size = size
|
||||
} else {
|
||||
return fmt.Errorf("Length of %d is not allowed for rsa!", size)
|
||||
}
|
||||
default:
|
||||
return fmt.Errorf("Type %s is unknown!", pk_type)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// add the signature flag to load a signature from a signing process
|
||||
func InitFlagSignature(cmd *Command) {
|
||||
cmd.Flags().StringVar(&flagContainer.signature, "signature", "", "the base64 encoded signature to use for verification")
|
||||
|
|
29
main.go
29
main.go
|
@ -26,35 +26,6 @@ func main() {
|
|||
CmdRoot.Execute()
|
||||
}
|
||||
|
||||
// create a new private key
|
||||
func create_private_key(cmd *Command, args []string) {
|
||||
err := checkFlags(checkOutput, checkPrivateKeyGeneration)
|
||||
if err != nil {
|
||||
crash_with_help(cmd, ErrorFlagInput, "Flags invalid: %s", err)
|
||||
}
|
||||
|
||||
var pk pki.Pemmer
|
||||
switch FlagPrivateKeyGeneration.Type {
|
||||
case "ecdsa":
|
||||
pk, err = pki.NewPrivateKeyEcdsa(FlagPrivateKeyGeneration.Curve)
|
||||
case "rsa":
|
||||
pk, err = pki.NewPrivateKeyRsa(FlagPrivateKeyGeneration.Size)
|
||||
default:
|
||||
crash_with_help(cmd, ErrorInput, "Unknown private key type '%s'", FlagPrivateKeyGeneration.Type)
|
||||
}
|
||||
if err != nil {
|
||||
crash_with_help(cmd, ErrorProgram, "Error creating private key: %s", err)
|
||||
}
|
||||
marsh_pem, err := pk.MarshalPem()
|
||||
if err != nil {
|
||||
crash_with_help(cmd, ErrorProgram, "Error when marshalling to pem: %s", err)
|
||||
}
|
||||
_, err = marsh_pem.WriteTo(FlagOutput)
|
||||
if err != nil {
|
||||
crash_with_help(cmd, ErrorProgram, "Error when writing output: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
// create a public key derived from a private key
|
||||
func create_public_key(cmd *Command, args []string) {
|
||||
err := checkFlags(checkPrivateKey, checkOutput)
|
||||
|
|
126
private_key.go
126
private_key.go
|
@ -5,12 +5,138 @@ import (
|
|||
"github.com/gibheer/pki"
|
||||
)
|
||||
|
||||
const (
|
||||
RsaLowerLength = 2048
|
||||
RsaUpperLength = 16384
|
||||
)
|
||||
|
||||
var (
|
||||
// error messages
|
||||
ErrNoPKFound = errors.New("no private key found")
|
||||
ErrNoPUFound = errors.New("no public key found")
|
||||
ErrUnknownFormat = errors.New("key is an unknown format")
|
||||
|
||||
// the possible ecdsa curves allowed to be used
|
||||
EcdsaCurves = []int{224, 256, 384, 521}
|
||||
|
||||
// Command to create a private key
|
||||
CmdCreatePrivateKey = &Command{
|
||||
Use: "create-private",
|
||||
Short: "create a private key",
|
||||
Long: "Create an ecdsa or rsa key with this command",
|
||||
Example: "create-private -type=ecdsa -length=521",
|
||||
Run: create_private_key,
|
||||
}
|
||||
// private key specific stuff
|
||||
FlagPrivateKeyGeneration privateKeyGenerationFlags
|
||||
)
|
||||
|
||||
type (
|
||||
// The flags specific to create a private key
|
||||
privateKeyGenerationFlags struct {
|
||||
Type string // type of the private key (rsa, ecdsa)
|
||||
Curve elliptic.Curve // curve for ecdsa
|
||||
Size int // bitsize for rsa
|
||||
}
|
||||
)
|
||||
|
||||
// create a new private key
|
||||
func create_private_key(cmd *Command, args []string) {
|
||||
err := checkFlags(checkOutput, checkPrivateKeyGeneration)
|
||||
if err != nil {
|
||||
crash_with_help(cmd, ErrorFlagInput, "Flags invalid: %s", err)
|
||||
}
|
||||
|
||||
var pk pki.Pemmer
|
||||
switch FlagPrivateKeyGeneration.Type {
|
||||
case "ecdsa":
|
||||
pk, err = pki.NewPrivateKeyEcdsa(FlagPrivateKeyGeneration.Curve)
|
||||
case "rsa":
|
||||
pk, err = pki.NewPrivateKeyRsa(FlagPrivateKeyGeneration.Size)
|
||||
default:
|
||||
crash_with_help(cmd, ErrorInput, "Unknown private key type '%s'", FlagPrivateKeyGeneration.Type)
|
||||
}
|
||||
if err != nil {
|
||||
crash_with_help(cmd, ErrorProgram, "Error creating private key: %s", err)
|
||||
}
|
||||
marsh_pem, err := pk.MarshalPem()
|
||||
if err != nil {
|
||||
crash_with_help(cmd, ErrorProgram, "Error when marshalling to pem: %s", err)
|
||||
}
|
||||
_, err = marsh_pem.WriteTo(FlagOutput)
|
||||
if err != nil {
|
||||
crash_with_help(cmd, ErrorProgram, "Error when writing output: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
// This function adds the private key generation flags.
|
||||
func InitFlagPrivateKeyGeneration(cmd *Command) {
|
||||
cmd.Flags().StringVar(&flagContainer.cryptType, "type", "ecdsa", "the type of the private key (ecdsa, rsa)")
|
||||
cmd.Flags().IntVar(
|
||||
&flagContainer.length,
|
||||
"length", 521,
|
||||
fmt.Sprintf("%d - %d for rsa; one of %v for ecdsa", RsaLowerLength, RsaUpperLength, EcdsaCurves),
|
||||
)
|
||||
}
|
||||
|
||||
// check the private key generation variables and move them to the work space
|
||||
func checkPrivateKeyGeneration() error {
|
||||
pk_type := flagContainer.cryptType
|
||||
FlagPrivateKeyGeneration.Type = pk_type
|
||||
switch pk_type {
|
||||
case "ecdsa":
|
||||
switch flagContainer.length {
|
||||
case 224:
|
||||
FlagPrivateKeyGeneration.Curve = elliptic.P224()
|
||||
case 256:
|
||||
FlagPrivateKeyGeneration.Curve = elliptic.P256()
|
||||
case 384:
|
||||
FlagPrivateKeyGeneration.Curve = elliptic.P384()
|
||||
case 521:
|
||||
FlagPrivateKeyGeneration.Curve = elliptic.P521()
|
||||
default:
|
||||
return fmt.Errorf("Curve %d unknown!", flagContainer.length)
|
||||
}
|
||||
case "rsa":
|
||||
size := flagContainer.length
|
||||
if RsaLowerLength <= size && size <= RsaUpperLength {
|
||||
FlagPrivateKeyGeneration.Size = size
|
||||
} else {
|
||||
return fmt.Errorf("Length of %d is not allowed for rsa!", size)
|
||||
}
|
||||
default:
|
||||
return fmt.Errorf("Type %s is unknown!", pk_type)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// add the private key option to the requested flags
|
||||
func InitFlagPrivateKey(cmd *Command) {
|
||||
cmd.Flags().StringVar(&flagContainer.privateKeyPath, "private-key", "", "path to the private key (required)")
|
||||
}
|
||||
|
||||
// check the private key flag and load the private key
|
||||
func checkPrivateKey() error {
|
||||
if flagContainer.privateKeyPath == "" {
|
||||
return fmt.Errorf("No private key given!")
|
||||
}
|
||||
// check permissions of private key file
|
||||
info, err := os.Stat(flagContainer.privateKeyPath)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error reading private key: %s", err)
|
||||
}
|
||||
if info.Mode().Perm().String()[4:] != "------" {
|
||||
return fmt.Errorf("private key file modifyable by others!")
|
||||
}
|
||||
|
||||
pk, err := ReadPrivateKeyFile(flagContainer.privateKeyPath)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error reading private key: %s", err)
|
||||
}
|
||||
FlagPrivateKey = pk
|
||||
return nil
|
||||
}
|
||||
|
||||
// Read the private key from the path and try to figure out which type of key it
|
||||
// might be.
|
||||
func ReadPrivateKeyFile(path string) (pki.PrivateKey, error) {
|
||||
|
|
Loading…
Reference in New Issue