split out all private key related functions
This moves all private key related functions out into a separate file to get flags.go smaller.
This commit is contained in:
parent
8e2db6f6c9
commit
9ba6a88449
97
flags.go
97
flags.go
|
@ -21,14 +21,7 @@ import (
|
||||||
"github.com/gibheer/pki"
|
"github.com/gibheer/pki"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
|
||||||
RsaLowerLength = 2048
|
|
||||||
RsaUpperLength = 16384
|
|
||||||
)
|
|
||||||
|
|
||||||
var (
|
var (
|
||||||
// the possible ecdsa curves allowed to be used
|
|
||||||
EcdsaCurves = []int{224, 256, 384, 521}
|
|
||||||
// the possible valid key usages to check against the commandline
|
// the possible valid key usages to check against the commandline
|
||||||
ValidKeyUsages = map[string]x509.KeyUsage{
|
ValidKeyUsages = map[string]x509.KeyUsage{
|
||||||
"digitalsignature": x509.KeyUsageDigitalSignature,
|
"digitalsignature": x509.KeyUsageDigitalSignature,
|
||||||
|
@ -94,12 +87,6 @@ type (
|
||||||
certificatePath string // path to a certificate
|
certificatePath string // path to a certificate
|
||||||
}
|
}
|
||||||
|
|
||||||
privateKeyGenerationFlags struct {
|
|
||||||
Type string // type of the private key (rsa, ecdsa)
|
|
||||||
Curve elliptic.Curve // curve for ecdsa
|
|
||||||
Size int // bitsize for rsa
|
|
||||||
}
|
|
||||||
|
|
||||||
certGenerationRaw struct {
|
certGenerationRaw struct {
|
||||||
serial int64
|
serial int64
|
||||||
notBefore string
|
notBefore string
|
||||||
|
@ -121,14 +108,6 @@ var (
|
||||||
certificate requests and certificates and sign/verify messages.`,
|
certificate requests and certificates and sign/verify messages.`,
|
||||||
}
|
}
|
||||||
|
|
||||||
CmdCreatePrivateKey = &Command{
|
|
||||||
Use: "create-private",
|
|
||||||
Short: "create a private key",
|
|
||||||
Long: "Create an ecdsa or rsa key with this command",
|
|
||||||
Example: "create-private -type=ecdsa -length=521",
|
|
||||||
Run: create_private_key,
|
|
||||||
}
|
|
||||||
|
|
||||||
CmdCreatePublicKey = &Command{
|
CmdCreatePublicKey = &Command{
|
||||||
Use: "create-public",
|
Use: "create-public",
|
||||||
Short: "create a public key from a private key",
|
Short: "create a public key from a private key",
|
||||||
|
@ -182,8 +161,6 @@ certificate requests and certificates and sign/verify messages.`,
|
||||||
FlagOutput io.WriteCloser
|
FlagOutput io.WriteCloser
|
||||||
// signature from the args
|
// signature from the args
|
||||||
FlagSignature []byte
|
FlagSignature []byte
|
||||||
// private key specific stuff
|
|
||||||
FlagPrivateKeyGeneration privateKeyGenerationFlags
|
|
||||||
// a certificate filled with the parameters
|
// a certificate filled with the parameters
|
||||||
FlagCertificateRequestData *pki.CertificateData
|
FlagCertificateRequestData *pki.CertificateData
|
||||||
// the certificate sign request
|
// the certificate sign request
|
||||||
|
@ -238,39 +215,6 @@ func checkFlags(checks ...flagCheck) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
//// print a message with the usage part
|
|
||||||
//func (f *Flags) Usagef(message string, args ...interface{}) {
|
|
||||||
// fmt.Fprintf(os.Stderr, "error: " + message + "\n", args...)
|
|
||||||
// f.flagset.Flags().Usage()
|
|
||||||
//}
|
|
||||||
|
|
||||||
// add the private key option to the requested flags
|
|
||||||
func InitFlagPrivateKey(cmd *Command) {
|
|
||||||
cmd.Flags().StringVar(&flagContainer.privateKeyPath, "private-key", "", "path to the private key (required)")
|
|
||||||
}
|
|
||||||
|
|
||||||
// check the private key flag and load the private key
|
|
||||||
func checkPrivateKey() error {
|
|
||||||
if flagContainer.privateKeyPath == "" {
|
|
||||||
return fmt.Errorf("No private key given!")
|
|
||||||
}
|
|
||||||
// check permissions of private key file
|
|
||||||
info, err := os.Stat(flagContainer.privateKeyPath)
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("Error reading private key: %s", err)
|
|
||||||
}
|
|
||||||
if info.Mode().Perm().String()[4:] != "------" {
|
|
||||||
return fmt.Errorf("private key file modifyable by others!")
|
|
||||||
}
|
|
||||||
|
|
||||||
pk, err := ReadPrivateKeyFile(flagContainer.privateKeyPath)
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("Error reading private key: %s", err)
|
|
||||||
}
|
|
||||||
FlagPrivateKey = pk
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// add the public key flag
|
// add the public key flag
|
||||||
func InitFlagPublicKey(cmd *Command) {
|
func InitFlagPublicKey(cmd *Command) {
|
||||||
cmd.Flags().StringVar(&flagContainer.publicKeyPath, "public-key", "", "path to the public key (required)")
|
cmd.Flags().StringVar(&flagContainer.publicKeyPath, "public-key", "", "path to the public key (required)")
|
||||||
|
@ -454,47 +398,6 @@ func checkInput() error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// This function adds the private key generation flags.
|
|
||||||
func InitFlagPrivateKeyGeneration(cmd *Command) {
|
|
||||||
cmd.Flags().StringVar(&flagContainer.cryptType, "type", "ecdsa", "the type of the private key (ecdsa, rsa)")
|
|
||||||
cmd.Flags().IntVar(
|
|
||||||
&flagContainer.length,
|
|
||||||
"length", 521,
|
|
||||||
fmt.Sprintf("%d - %d for rsa; one of %v for ecdsa", RsaLowerLength, RsaUpperLength, EcdsaCurves),
|
|
||||||
)
|
|
||||||
}
|
|
||||||
|
|
||||||
// check the private key generation variables and move them to the work space
|
|
||||||
func checkPrivateKeyGeneration() error {
|
|
||||||
pk_type := flagContainer.cryptType
|
|
||||||
FlagPrivateKeyGeneration.Type = pk_type
|
|
||||||
switch pk_type {
|
|
||||||
case "ecdsa":
|
|
||||||
switch flagContainer.length {
|
|
||||||
case 224:
|
|
||||||
FlagPrivateKeyGeneration.Curve = elliptic.P224()
|
|
||||||
case 256:
|
|
||||||
FlagPrivateKeyGeneration.Curve = elliptic.P256()
|
|
||||||
case 384:
|
|
||||||
FlagPrivateKeyGeneration.Curve = elliptic.P384()
|
|
||||||
case 521:
|
|
||||||
FlagPrivateKeyGeneration.Curve = elliptic.P521()
|
|
||||||
default:
|
|
||||||
return fmt.Errorf("Curve %d unknown!", flagContainer.length)
|
|
||||||
}
|
|
||||||
case "rsa":
|
|
||||||
size := flagContainer.length
|
|
||||||
if RsaLowerLength <= size && size <= RsaUpperLength {
|
|
||||||
FlagPrivateKeyGeneration.Size = size
|
|
||||||
} else {
|
|
||||||
return fmt.Errorf("Length of %d is not allowed for rsa!", size)
|
|
||||||
}
|
|
||||||
default:
|
|
||||||
return fmt.Errorf("Type %s is unknown!", pk_type)
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// add the signature flag to load a signature from a signing process
|
// add the signature flag to load a signature from a signing process
|
||||||
func InitFlagSignature(cmd *Command) {
|
func InitFlagSignature(cmd *Command) {
|
||||||
cmd.Flags().StringVar(&flagContainer.signature, "signature", "", "the base64 encoded signature to use for verification")
|
cmd.Flags().StringVar(&flagContainer.signature, "signature", "", "the base64 encoded signature to use for verification")
|
||||||
|
|
29
main.go
29
main.go
|
@ -26,35 +26,6 @@ func main() {
|
||||||
CmdRoot.Execute()
|
CmdRoot.Execute()
|
||||||
}
|
}
|
||||||
|
|
||||||
// create a new private key
|
|
||||||
func create_private_key(cmd *Command, args []string) {
|
|
||||||
err := checkFlags(checkOutput, checkPrivateKeyGeneration)
|
|
||||||
if err != nil {
|
|
||||||
crash_with_help(cmd, ErrorFlagInput, "Flags invalid: %s", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
var pk pki.Pemmer
|
|
||||||
switch FlagPrivateKeyGeneration.Type {
|
|
||||||
case "ecdsa":
|
|
||||||
pk, err = pki.NewPrivateKeyEcdsa(FlagPrivateKeyGeneration.Curve)
|
|
||||||
case "rsa":
|
|
||||||
pk, err = pki.NewPrivateKeyRsa(FlagPrivateKeyGeneration.Size)
|
|
||||||
default:
|
|
||||||
crash_with_help(cmd, ErrorInput, "Unknown private key type '%s'", FlagPrivateKeyGeneration.Type)
|
|
||||||
}
|
|
||||||
if err != nil {
|
|
||||||
crash_with_help(cmd, ErrorProgram, "Error creating private key: %s", err)
|
|
||||||
}
|
|
||||||
marsh_pem, err := pk.MarshalPem()
|
|
||||||
if err != nil {
|
|
||||||
crash_with_help(cmd, ErrorProgram, "Error when marshalling to pem: %s", err)
|
|
||||||
}
|
|
||||||
_, err = marsh_pem.WriteTo(FlagOutput)
|
|
||||||
if err != nil {
|
|
||||||
crash_with_help(cmd, ErrorProgram, "Error when writing output: %s", err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// create a public key derived from a private key
|
// create a public key derived from a private key
|
||||||
func create_public_key(cmd *Command, args []string) {
|
func create_public_key(cmd *Command, args []string) {
|
||||||
err := checkFlags(checkPrivateKey, checkOutput)
|
err := checkFlags(checkPrivateKey, checkOutput)
|
||||||
|
|
126
private_key.go
126
private_key.go
|
@ -5,12 +5,138 @@ import (
|
||||||
"github.com/gibheer/pki"
|
"github.com/gibheer/pki"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
RsaLowerLength = 2048
|
||||||
|
RsaUpperLength = 16384
|
||||||
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
// error messages
|
||||||
ErrNoPKFound = errors.New("no private key found")
|
ErrNoPKFound = errors.New("no private key found")
|
||||||
ErrNoPUFound = errors.New("no public key found")
|
ErrNoPUFound = errors.New("no public key found")
|
||||||
ErrUnknownFormat = errors.New("key is an unknown format")
|
ErrUnknownFormat = errors.New("key is an unknown format")
|
||||||
|
|
||||||
|
// the possible ecdsa curves allowed to be used
|
||||||
|
EcdsaCurves = []int{224, 256, 384, 521}
|
||||||
|
|
||||||
|
// Command to create a private key
|
||||||
|
CmdCreatePrivateKey = &Command{
|
||||||
|
Use: "create-private",
|
||||||
|
Short: "create a private key",
|
||||||
|
Long: "Create an ecdsa or rsa key with this command",
|
||||||
|
Example: "create-private -type=ecdsa -length=521",
|
||||||
|
Run: create_private_key,
|
||||||
|
}
|
||||||
|
// private key specific stuff
|
||||||
|
FlagPrivateKeyGeneration privateKeyGenerationFlags
|
||||||
)
|
)
|
||||||
|
|
||||||
|
type (
|
||||||
|
// The flags specific to create a private key
|
||||||
|
privateKeyGenerationFlags struct {
|
||||||
|
Type string // type of the private key (rsa, ecdsa)
|
||||||
|
Curve elliptic.Curve // curve for ecdsa
|
||||||
|
Size int // bitsize for rsa
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
// create a new private key
|
||||||
|
func create_private_key(cmd *Command, args []string) {
|
||||||
|
err := checkFlags(checkOutput, checkPrivateKeyGeneration)
|
||||||
|
if err != nil {
|
||||||
|
crash_with_help(cmd, ErrorFlagInput, "Flags invalid: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
var pk pki.Pemmer
|
||||||
|
switch FlagPrivateKeyGeneration.Type {
|
||||||
|
case "ecdsa":
|
||||||
|
pk, err = pki.NewPrivateKeyEcdsa(FlagPrivateKeyGeneration.Curve)
|
||||||
|
case "rsa":
|
||||||
|
pk, err = pki.NewPrivateKeyRsa(FlagPrivateKeyGeneration.Size)
|
||||||
|
default:
|
||||||
|
crash_with_help(cmd, ErrorInput, "Unknown private key type '%s'", FlagPrivateKeyGeneration.Type)
|
||||||
|
}
|
||||||
|
if err != nil {
|
||||||
|
crash_with_help(cmd, ErrorProgram, "Error creating private key: %s", err)
|
||||||
|
}
|
||||||
|
marsh_pem, err := pk.MarshalPem()
|
||||||
|
if err != nil {
|
||||||
|
crash_with_help(cmd, ErrorProgram, "Error when marshalling to pem: %s", err)
|
||||||
|
}
|
||||||
|
_, err = marsh_pem.WriteTo(FlagOutput)
|
||||||
|
if err != nil {
|
||||||
|
crash_with_help(cmd, ErrorProgram, "Error when writing output: %s", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// This function adds the private key generation flags.
|
||||||
|
func InitFlagPrivateKeyGeneration(cmd *Command) {
|
||||||
|
cmd.Flags().StringVar(&flagContainer.cryptType, "type", "ecdsa", "the type of the private key (ecdsa, rsa)")
|
||||||
|
cmd.Flags().IntVar(
|
||||||
|
&flagContainer.length,
|
||||||
|
"length", 521,
|
||||||
|
fmt.Sprintf("%d - %d for rsa; one of %v for ecdsa", RsaLowerLength, RsaUpperLength, EcdsaCurves),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
// check the private key generation variables and move them to the work space
|
||||||
|
func checkPrivateKeyGeneration() error {
|
||||||
|
pk_type := flagContainer.cryptType
|
||||||
|
FlagPrivateKeyGeneration.Type = pk_type
|
||||||
|
switch pk_type {
|
||||||
|
case "ecdsa":
|
||||||
|
switch flagContainer.length {
|
||||||
|
case 224:
|
||||||
|
FlagPrivateKeyGeneration.Curve = elliptic.P224()
|
||||||
|
case 256:
|
||||||
|
FlagPrivateKeyGeneration.Curve = elliptic.P256()
|
||||||
|
case 384:
|
||||||
|
FlagPrivateKeyGeneration.Curve = elliptic.P384()
|
||||||
|
case 521:
|
||||||
|
FlagPrivateKeyGeneration.Curve = elliptic.P521()
|
||||||
|
default:
|
||||||
|
return fmt.Errorf("Curve %d unknown!", flagContainer.length)
|
||||||
|
}
|
||||||
|
case "rsa":
|
||||||
|
size := flagContainer.length
|
||||||
|
if RsaLowerLength <= size && size <= RsaUpperLength {
|
||||||
|
FlagPrivateKeyGeneration.Size = size
|
||||||
|
} else {
|
||||||
|
return fmt.Errorf("Length of %d is not allowed for rsa!", size)
|
||||||
|
}
|
||||||
|
default:
|
||||||
|
return fmt.Errorf("Type %s is unknown!", pk_type)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// add the private key option to the requested flags
|
||||||
|
func InitFlagPrivateKey(cmd *Command) {
|
||||||
|
cmd.Flags().StringVar(&flagContainer.privateKeyPath, "private-key", "", "path to the private key (required)")
|
||||||
|
}
|
||||||
|
|
||||||
|
// check the private key flag and load the private key
|
||||||
|
func checkPrivateKey() error {
|
||||||
|
if flagContainer.privateKeyPath == "" {
|
||||||
|
return fmt.Errorf("No private key given!")
|
||||||
|
}
|
||||||
|
// check permissions of private key file
|
||||||
|
info, err := os.Stat(flagContainer.privateKeyPath)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("Error reading private key: %s", err)
|
||||||
|
}
|
||||||
|
if info.Mode().Perm().String()[4:] != "------" {
|
||||||
|
return fmt.Errorf("private key file modifyable by others!")
|
||||||
|
}
|
||||||
|
|
||||||
|
pk, err := ReadPrivateKeyFile(flagContainer.privateKeyPath)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("Error reading private key: %s", err)
|
||||||
|
}
|
||||||
|
FlagPrivateKey = pk
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
// Read the private key from the path and try to figure out which type of key it
|
// Read the private key from the path and try to figure out which type of key it
|
||||||
// might be.
|
// might be.
|
||||||
func ReadPrivateKeyFile(path string) (pki.PrivateKey, error) {
|
func ReadPrivateKeyFile(path string) (pki.PrivateKey, error) {
|
||||||
|
|
Loading…
Reference in New Issue