From d01892150eed9d58210eb40b7c005d5fa8e93238 Mon Sep 17 00:00:00 2001 From: Gibheer Date: Sat, 1 Oct 2016 21:56:29 +0200 Subject: rework program flow This commit is a complete rebuild of pkictl. Before everything was all over the place and adding new commands was kind of a hassle. Now each command has its own file and can be adjusted on a command basis. Options are still used by the same name, but can now use different descriptions. --- private_key.go | 186 --------------------------------------------------------- 1 file changed, 186 deletions(-) delete mode 100644 private_key.go (limited to 'private_key.go') diff --git a/private_key.go b/private_key.go deleted file mode 100644 index aa28e78..0000000 --- a/private_key.go +++ /dev/null @@ -1,186 +0,0 @@ -package main - -import ( - "crypto/elliptic" - "errors" - "fmt" - "os" - - "github.com/gibheer/pki" -) - -const ( - RsaLowerLength = 2048 - RsaUpperLength = 16384 -) - -var ( - // error messages - ErrNoPKFound = errors.New("no private key found") - ErrNoPUFound = errors.New("no public key found") - ErrUnknownFormat = errors.New("key is an unknown format") - - // the possible ecdsa curves allowed to be used - EcdsaCurves = []int{224, 256, 384, 521} - - // Command to create a private key - CmdCreatePrivateKey = &Command{ - Use: "create-private", - Short: "create a private key", - Long: "Create an ecdsa or rsa key with this command", - Example: "create-private -type=ecdsa -length=521", - Run: create_private_key, - } - // private key specific stuff - FlagPrivateKeyGeneration privateKeyGenerationFlags -) - -type ( - // The flags specific to create a private key - privateKeyGenerationFlags struct { - Type string // type of the private key (rsa, ecdsa) - Curve elliptic.Curve // curve for ecdsa - Size int // bitsize for rsa - } -) - -// create a new private key -func create_private_key(cmd *Command, args []string) { - err := checkFlags(checkOutput, checkPrivateKeyGeneration) - if err != nil { - crash_with_help(cmd, ErrorFlagInput, "Flags invalid: %s", err) - } - - var pk pki.Pemmer - switch FlagPrivateKeyGeneration.Type { - case "ecdsa": - pk, err = pki.NewPrivateKeyEcdsa(FlagPrivateKeyGeneration.Curve) - case "rsa": - pk, err = pki.NewPrivateKeyRsa(FlagPrivateKeyGeneration.Size) - case "ed25519": - pk, err = pki.NewPrivateKeyEd25519() - default: - crash_with_help(cmd, ErrorInput, "Unknown private key type '%s'", FlagPrivateKeyGeneration.Type) - } - if err != nil { - crash_with_help(cmd, ErrorProgram, "Error creating private key: %s", err) - } - marsh_pem, err := pk.MarshalPem() - if err != nil { - crash_with_help(cmd, ErrorProgram, "Error when marshalling to pem: %s", err) - } - _, err = marsh_pem.WriteTo(FlagOutput) - if err != nil { - crash_with_help(cmd, ErrorProgram, "Error when writing output: %s", err) - } -} - -// This function adds the private key generation flags. -func InitFlagPrivateKeyGeneration(cmd *Command) { - cmd.Flags().StringVar(&flagContainer.cryptType, "type", "ecdsa", "the type of the private key (ecdsa, rsa)") - cmd.Flags().IntVar( - &flagContainer.length, - "length", 521, - fmt.Sprintf("%d - %d for rsa; one of %v for ecdsa", RsaLowerLength, RsaUpperLength, EcdsaCurves), - ) -} - -// check the private key generation variables and move them to the work space -func checkPrivateKeyGeneration() error { - pk_type := flagContainer.cryptType - FlagPrivateKeyGeneration.Type = pk_type - switch pk_type { - case "ecdsa": - switch flagContainer.length { - case 224: - FlagPrivateKeyGeneration.Curve = elliptic.P224() - case 256: - FlagPrivateKeyGeneration.Curve = elliptic.P256() - case 384: - FlagPrivateKeyGeneration.Curve = elliptic.P384() - case 521: - FlagPrivateKeyGeneration.Curve = elliptic.P521() - default: - return fmt.Errorf("Curve %d unknown!", flagContainer.length) - } - case "rsa": - size := flagContainer.length - if RsaLowerLength <= size && size <= RsaUpperLength { - FlagPrivateKeyGeneration.Size = size - } else { - return fmt.Errorf("Length of %d is not allowed for rsa!", size) - } - case "ed25519": - default: - return fmt.Errorf("Type %s is unknown!", pk_type) - } - return nil -} - -// add the private key option to the requested flags -func InitFlagPrivateKey(cmd *Command) { - cmd.Flags().StringVar(&flagContainer.privateKeyPath, "private-key", "", "path to the private key (required)") -} - -// check the private key flag and load the private key -func checkPrivateKey() error { - if flagContainer.privateKeyPath == "" { - return fmt.Errorf("No private key given!") - } - // check permissions of private key file - info, err := os.Stat(flagContainer.privateKeyPath) - if err != nil { - return fmt.Errorf("Error reading private key: %s", err) - } - if info.Mode().Perm().String()[4:] != "------" { - return fmt.Errorf("private key file modifyable by others!") - } - - pk, err := ReadPrivateKeyFile(flagContainer.privateKeyPath) - if err != nil { - return fmt.Errorf("Error reading private key: %s", err) - } - FlagPrivateKey = pk - return nil -} - -// Read the private key from the path and try to figure out which type of key it -// might be. -func ReadPrivateKeyFile(path string) (pki.PrivateKey, error) { - raw_pk, err := readSectionFromFile(path, pki.PemLabelEcdsa) - if err == nil { - pk, err := pki.LoadPrivateKeyEcdsa(raw_pk) - if err != nil { - return nil, err - } - return pk, nil - } - raw_pk, err = readSectionFromFile(path, pki.PemLabelRsa) - if err == nil { - pk, err := pki.LoadPrivateKeyRsa(raw_pk) - if err != nil { - return nil, err - } - return pk, nil - } - return nil, ErrNoPKFound -} - -// read the public key and try to figure out what kind of key it might be -func ReadPublicKeyFile(path string) (pki.PublicKey, error) { - raw_pu, err := readSectionFromFile(path, pki.PemLabelPublic) - if err != nil { - return nil, ErrNoPUFound - } - - var public pki.PublicKey - public, err = pki.LoadPublicKeyEcdsa(raw_pu) - if err == nil { - return public, nil - } - public, err = pki.LoadPublicKeyRsa(raw_pu) - if err == nil { - return public, nil - } - return nil, ErrUnknownFormat -} -- cgit v1.2.3-70-g09d2