Remove now-unneeded PKCS8 code and update certutil tests for Go 1.10
This commit is contained in:
Jeff Mitchell
parent
aad6d3fac4
commit
ce8f652ef9
|
|
@ -1351,7 +1351,7 @@ func convertRespToPKCS8(resp *logical.Response) error {
|
|||
return errwrap.Wrapf("error converting response to pkcs8: error parsing previous key: {{err}}", err)
|
||||
}
|
||||
|
||||
keyData, err = certutil.MarshalPKCS8PrivateKey(signer)
|
||||
keyData, err = x509.MarshalPKCS8PrivateKey(signer)
|
||||
if err != nil {
|
||||
return errwrap.Wrapf("error converting response to pkcs8: error marshaling pkcs8 key: {{err}}", err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,10 +2,22 @@ package certutil
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/ecdsa"
|
||||
"crypto/elliptic"
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/x509"
|
||||
"crypto/x509/pkix"
|
||||
"encoding/json"
|
||||
"encoding/pem"
|
||||
"fmt"
|
||||
"math/big"
|
||||
mathrand "math/rand"
|
||||
"reflect"
|
||||
"strings"
|
||||
"sync"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/fatih/structs"
|
||||
"github.com/hashicorp/vault/api"
|
||||
|
|
@ -179,7 +191,7 @@ func compareCertBundleToParsedCertBundle(cbut *CertBundle, pcbut *ParsedCertBund
|
|||
return fmt.Errorf("Error when getting subject key id: %s", err)
|
||||
}
|
||||
if bytes.Compare(subjKeyID, pcbut.Certificate.SubjectKeyId) != 0 {
|
||||
return fmt.Errorf("Parsed bundle private key does not match subject key id")
|
||||
return fmt.Errorf("Parsed bundle private key does not match subject key id\nGot\n%#v\nExpected\n%#v\nCert\n%#v", subjKeyID, pcbut.Certificate.SubjectKeyId, *pcbut.Certificate)
|
||||
}
|
||||
|
||||
switch {
|
||||
|
|
@ -307,14 +319,14 @@ func compareCSRBundleToParsedCSRBundle(csrbut *CSRBundle, pcsrbut *ParsedCSRBund
|
|||
return fmt.Errorf("Bundle has wrong private key type")
|
||||
}
|
||||
if csrb.PrivateKey != privRSAKeyPem {
|
||||
return fmt.Errorf("Bundle private key does not match")
|
||||
return fmt.Errorf("Bundle rsa private key does not match\nGot\n%#v\nExpected\n%#v", csrb.PrivateKey, privRSAKeyPem)
|
||||
}
|
||||
case "ec":
|
||||
if pcsrbut.PrivateKeyType != ECPrivateKey {
|
||||
return fmt.Errorf("Bundle has wrong private key type")
|
||||
}
|
||||
if csrb.PrivateKey != privECKeyPem {
|
||||
return fmt.Errorf("Bundle private key does not match")
|
||||
return fmt.Errorf("Bundle ec private key does not match")
|
||||
}
|
||||
default:
|
||||
return fmt.Errorf("Bundle has unknown private key type")
|
||||
|
|
@ -395,6 +407,7 @@ func TestTLSConfig(t *testing.T) {
|
|||
}
|
||||
|
||||
func refreshRSA8CertBundle() *CertBundle {
|
||||
initTest.Do(setCerts)
|
||||
return &CertBundle{
|
||||
Certificate: certRSAPem,
|
||||
PrivateKey: privRSA8KeyPem,
|
||||
|
|
@ -403,12 +416,14 @@ func refreshRSA8CertBundle() *CertBundle {
|
|||
}
|
||||
|
||||
func refreshRSA8CertBundleWithChain() *CertBundle {
|
||||
initTest.Do(setCerts)
|
||||
ret := refreshRSA8CertBundle()
|
||||
ret.CAChain = issuingCaChainPem
|
||||
return ret
|
||||
}
|
||||
|
||||
func refreshRSACertBundle() *CertBundle {
|
||||
initTest.Do(setCerts)
|
||||
return &CertBundle{
|
||||
Certificate: certRSAPem,
|
||||
CAChain: []string{issuingCaChainPem[0]},
|
||||
|
|
@ -417,12 +432,14 @@ func refreshRSACertBundle() *CertBundle {
|
|||
}
|
||||
|
||||
func refreshRSACertBundleWithChain() *CertBundle {
|
||||
initTest.Do(setCerts)
|
||||
ret := refreshRSACertBundle()
|
||||
ret.CAChain = issuingCaChainPem
|
||||
return ret
|
||||
}
|
||||
|
||||
func refreshECCertBundle() *CertBundle {
|
||||
initTest.Do(setCerts)
|
||||
return &CertBundle{
|
||||
Certificate: certECPem,
|
||||
CAChain: []string{issuingCaChainPem[0]},
|
||||
|
|
@ -431,12 +448,14 @@ func refreshECCertBundle() *CertBundle {
|
|||
}
|
||||
|
||||
func refreshECCertBundleWithChain() *CertBundle {
|
||||
initTest.Do(setCerts)
|
||||
ret := refreshECCertBundle()
|
||||
ret.CAChain = issuingCaChainPem
|
||||
return ret
|
||||
}
|
||||
|
||||
func refreshRSACSRBundle() *CSRBundle {
|
||||
initTest.Do(setCerts)
|
||||
return &CSRBundle{
|
||||
CSR: csrRSAPem,
|
||||
PrivateKey: privRSAKeyPem,
|
||||
|
|
@ -444,6 +463,7 @@ func refreshRSACSRBundle() *CSRBundle {
|
|||
}
|
||||
|
||||
func refreshECCSRBundle() *CSRBundle {
|
||||
initTest.Do(setCerts)
|
||||
return &CSRBundle{
|
||||
CSR: csrECPem,
|
||||
PrivateKey: privECKeyPem,
|
||||
|
|
@ -451,6 +471,7 @@ func refreshECCSRBundle() *CSRBundle {
|
|||
}
|
||||
|
||||
func refreshEC8CertBundle() *CertBundle {
|
||||
initTest.Do(setCerts)
|
||||
return &CertBundle{
|
||||
Certificate: certECPem,
|
||||
PrivateKey: privEC8KeyPem,
|
||||
|
|
@ -459,208 +480,230 @@ func refreshEC8CertBundle() *CertBundle {
|
|||
}
|
||||
|
||||
func refreshEC8CertBundleWithChain() *CertBundle {
|
||||
initTest.Do(setCerts)
|
||||
ret := refreshEC8CertBundle()
|
||||
ret.CAChain = issuingCaChainPem
|
||||
return ret
|
||||
}
|
||||
|
||||
func setCerts() {
|
||||
caKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
subjKeyID, err := GetSubjKeyID(caKey)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
caCertTemplate := &x509.Certificate{
|
||||
Subject: pkix.Name{
|
||||
CommonName: "root.localhost",
|
||||
},
|
||||
SubjectKeyId: subjKeyID,
|
||||
DNSNames: []string{"root.localhost"},
|
||||
KeyUsage: x509.KeyUsage(x509.KeyUsageCertSign | x509.KeyUsageCRLSign),
|
||||
SerialNumber: big.NewInt(mathrand.Int63()),
|
||||
NotBefore: time.Now().Add(-30 * time.Second),
|
||||
NotAfter: time.Now().Add(262980 * time.Hour),
|
||||
BasicConstraintsValid: true,
|
||||
IsCA: true,
|
||||
}
|
||||
caBytes, err := x509.CreateCertificate(rand.Reader, caCertTemplate, caCertTemplate, caKey.Public(), caKey)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
caCert, err := x509.ParseCertificate(caBytes)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
caCertPEMBlock := &pem.Block{
|
||||
Type: "CERTIFICATE",
|
||||
Bytes: caBytes,
|
||||
}
|
||||
caCertPEM := strings.TrimSpace(string(pem.EncodeToMemory(caCertPEMBlock)))
|
||||
|
||||
intKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
subjKeyID, err = GetSubjKeyID(intKey)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
intCertTemplate := &x509.Certificate{
|
||||
Subject: pkix.Name{
|
||||
CommonName: "int.localhost",
|
||||
},
|
||||
SubjectKeyId: subjKeyID,
|
||||
DNSNames: []string{"int.localhost"},
|
||||
KeyUsage: x509.KeyUsage(x509.KeyUsageCertSign | x509.KeyUsageCRLSign),
|
||||
SerialNumber: big.NewInt(mathrand.Int63()),
|
||||
NotBefore: time.Now().Add(-30 * time.Second),
|
||||
NotAfter: time.Now().Add(262980 * time.Hour),
|
||||
BasicConstraintsValid: true,
|
||||
IsCA: true,
|
||||
}
|
||||
intBytes, err := x509.CreateCertificate(rand.Reader, intCertTemplate, caCert, intKey.Public(), caKey)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
intCert, err := x509.ParseCertificate(intBytes)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
intCertPEMBlock := &pem.Block{
|
||||
Type: "CERTIFICATE",
|
||||
Bytes: intBytes,
|
||||
}
|
||||
intCertPEM := strings.TrimSpace(string(pem.EncodeToMemory(intCertPEMBlock)))
|
||||
|
||||
// EC generation
|
||||
{
|
||||
key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
subjKeyID, err := GetSubjKeyID(key)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
certTemplate := &x509.Certificate{
|
||||
Subject: pkix.Name{
|
||||
CommonName: "localhost",
|
||||
},
|
||||
SubjectKeyId: subjKeyID,
|
||||
DNSNames: []string{"localhost"},
|
||||
ExtKeyUsage: []x509.ExtKeyUsage{
|
||||
x509.ExtKeyUsageServerAuth,
|
||||
x509.ExtKeyUsageClientAuth,
|
||||
},
|
||||
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment | x509.KeyUsageKeyAgreement,
|
||||
SerialNumber: big.NewInt(mathrand.Int63()),
|
||||
NotBefore: time.Now().Add(-30 * time.Second),
|
||||
NotAfter: time.Now().Add(262980 * time.Hour),
|
||||
}
|
||||
csrTemplate := &x509.CertificateRequest{
|
||||
Subject: pkix.Name{
|
||||
CommonName: "localhost",
|
||||
},
|
||||
DNSNames: []string{"localhost"},
|
||||
}
|
||||
csrBytes, err := x509.CreateCertificateRequest(rand.Reader, csrTemplate, key)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
csrPEMBlock := &pem.Block{
|
||||
Type: "CERTIFICATE REQUEST",
|
||||
Bytes: csrBytes,
|
||||
}
|
||||
csrECPem = strings.TrimSpace(string(pem.EncodeToMemory(csrPEMBlock)))
|
||||
certBytes, err := x509.CreateCertificate(rand.Reader, certTemplate, intCert, key.Public(), intKey)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
certPEMBlock := &pem.Block{
|
||||
Type: "CERTIFICATE",
|
||||
Bytes: certBytes,
|
||||
}
|
||||
certECPem = strings.TrimSpace(string(pem.EncodeToMemory(certPEMBlock)))
|
||||
marshaledKey, err := x509.MarshalECPrivateKey(key)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
keyPEMBlock := &pem.Block{
|
||||
Type: "EC PRIVATE KEY",
|
||||
Bytes: marshaledKey,
|
||||
}
|
||||
privECKeyPem = strings.TrimSpace(string(pem.EncodeToMemory(keyPEMBlock)))
|
||||
marshaledKey, err = x509.MarshalPKCS8PrivateKey(key)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
keyPEMBlock = &pem.Block{
|
||||
Type: "PRIVATE KEY",
|
||||
Bytes: marshaledKey,
|
||||
}
|
||||
privEC8KeyPem = strings.TrimSpace(string(pem.EncodeToMemory(keyPEMBlock)))
|
||||
}
|
||||
|
||||
// RSA generation
|
||||
{
|
||||
key, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
subjKeyID, err := GetSubjKeyID(key)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
certTemplate := &x509.Certificate{
|
||||
Subject: pkix.Name{
|
||||
CommonName: "localhost",
|
||||
},
|
||||
SubjectKeyId: subjKeyID,
|
||||
DNSNames: []string{"localhost"},
|
||||
ExtKeyUsage: []x509.ExtKeyUsage{
|
||||
x509.ExtKeyUsageServerAuth,
|
||||
x509.ExtKeyUsageClientAuth,
|
||||
},
|
||||
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment | x509.KeyUsageKeyAgreement,
|
||||
SerialNumber: big.NewInt(mathrand.Int63()),
|
||||
NotBefore: time.Now().Add(-30 * time.Second),
|
||||
NotAfter: time.Now().Add(262980 * time.Hour),
|
||||
}
|
||||
csrTemplate := &x509.CertificateRequest{
|
||||
Subject: pkix.Name{
|
||||
CommonName: "localhost",
|
||||
},
|
||||
DNSNames: []string{"localhost"},
|
||||
}
|
||||
csrBytes, err := x509.CreateCertificateRequest(rand.Reader, csrTemplate, key)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
csrPEMBlock := &pem.Block{
|
||||
Type: "CERTIFICATE REQUEST",
|
||||
Bytes: csrBytes,
|
||||
}
|
||||
csrRSAPem = strings.TrimSpace(string(pem.EncodeToMemory(csrPEMBlock)))
|
||||
certBytes, err := x509.CreateCertificate(rand.Reader, certTemplate, intCert, key.Public(), intKey)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
certPEMBlock := &pem.Block{
|
||||
Type: "CERTIFICATE",
|
||||
Bytes: certBytes,
|
||||
}
|
||||
certRSAPem = strings.TrimSpace(string(pem.EncodeToMemory(certPEMBlock)))
|
||||
marshaledKey := x509.MarshalPKCS1PrivateKey(key)
|
||||
keyPEMBlock := &pem.Block{
|
||||
Type: "RSA PRIVATE KEY",
|
||||
Bytes: marshaledKey,
|
||||
}
|
||||
privRSAKeyPem = strings.TrimSpace(string(pem.EncodeToMemory(keyPEMBlock)))
|
||||
marshaledKey, err = x509.MarshalPKCS8PrivateKey(key)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
keyPEMBlock = &pem.Block{
|
||||
Type: "PRIVATE KEY",
|
||||
Bytes: marshaledKey,
|
||||
}
|
||||
privRSA8KeyPem = strings.TrimSpace(string(pem.EncodeToMemory(keyPEMBlock)))
|
||||
}
|
||||
|
||||
issuingCaChainPem = []string{intCertPEM, caCertPEM}
|
||||
}
|
||||
|
||||
var (
|
||||
privRSA8KeyPem = `-----BEGIN PRIVATE KEY-----
|
||||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC92mr7+D/tGkW5
|
||||
nvDH/fYkOLywbxsU9wU7lKVPCdj+zNzQYHiixTZtmZPYVTBj27lZgaUDUXuiw9Ru
|
||||
BWHTuAb/Cpn1I+71qJbh8FgWot+MRDFKuV0PLkgHz5eRVC4JmKy9hbcgo1q0FfGf
|
||||
qxL+VQmI0GcQ4IYK/ppVMrKbn4ndIg70uR46vPiU11GqRIz5wkiPeLklrhoWa5qE
|
||||
IHINnR83eHUbijaCuqPEcz0QTz0iLM8dfubVaJ+Gn/DseUtku+qBdcYcUK2hQyCc
|
||||
NRKtu953gr5hhEX0N9x5JBb10WaI1UL5HGa2wa6ndZ7yVb42B2WTHzNQRR5Cr4N4
|
||||
ve31//gRAgMBAAECggEAfEvyvTLDz5zix2tK4vTfYMmQp8amKWysjVx9eijNW8yO
|
||||
SRLQCGkrgEgLJphnjQk+6V3axjhjxKWHf9ygNrgGRJYRRBCZk1YkKpprYa6Sw0em
|
||||
KfD//z9iw1JjPi+p0HiXp6FSytiIOt0fC1U6oy7ThjJDOCZ3O92C94KwsviZjx9r
|
||||
DZbTLDm7Ya2LF4jGCq0dQ+AVqZ65QJ3yjdxm87PSE6q2eiV9wdMUx9RDOmFy+Meq
|
||||
Mm3L9TW1QzyFtFMXeIF5QYGpmxWP/iii5V0CP573apXMIqQ+wTNpwK3WU5iURypZ
|
||||
kJ1Iaxbzjfok6wpwLj7SJytF+fOVcygUxud7GPH8UQKBgQDPhQhB3+o+y+bwkUTx
|
||||
Qdj/YNKcA/bjo/b9KMq+3rufwN9u/DK5z7vVfVklidbh5DVqhlLREsdSuZvb/IHc
|
||||
OdCYwNeDxk1rLr+1W/iPYSBJod4eWDteIH1U9lts+/mH+u+iSsWVuikbeA8/MUJ3
|
||||
nnAYu4FR1nz8I/CrvGbQL/KCdQKBgQDqNNI562Ch+4dJ407F3MC4gNPwPgksfLXn
|
||||
ZRcPVVwGagil9oIIte0BIT0rAG/jVACfghGxfrj719uwjcFFxnUaSHGQcATseSf6
|
||||
SgoruIVF15lI4e8lEcWrOypsW8Id2/amwUiIWYCgwlYG2Q7dggpXfgjmKfjSlvJ8
|
||||
+yKR/Y6zrQKBgQCkx2aqICm5mWEUbtWGmJm9Ft3FQqSdV4n8tZJgAy6KiLUiRKHm
|
||||
x1vIBtNtqkj1b6c2odhK6ZVaS8XF5XgcLdBEKwQ2P5Uj4agaUyBIgYAI174u7DKf
|
||||
6D58423vWRln70qu3J6N6JdRl4DL1cqIf0dVbDYgjKcL82HcjCo7b4cqLQKBgFGU
|
||||
TJX4MxS5NIq8LrglCMw7s5c/RJrGZeZQBBRHO2LQlGqazviRxhhap5/O6ypYHE9z
|
||||
Uw5sgarXqaJ5/hR76FZbXZNeMZjdKtu35osMHwAQ9Ue5yz8yTZQza7eKzrbv4556
|
||||
PPWhl3hnuOdxvAfUQB3xvM/PVuijw5tdLtGDbK2RAoGBAKB7OsTgF7wVEkzccJTE
|
||||
hrbVKD+KBZz8WKnEgNoyyTIT0Kaugk15MCXkGrXIY8bW0IzYAw69qhTOgaWkcu4E
|
||||
JbTK5UerP8V+X7XPBiw72StPVM4bxaXx2/B+78IuMOI/GR0tHQCF8S6DwTHeBXnl
|
||||
ke8GFExnXHTPqG6Bku0r/G47
|
||||
-----END PRIVATE KEY-----`
|
||||
|
||||
privRSAKeyPem = `-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAvdpq+/g/7RpFuZ7wx/32JDi8sG8bFPcFO5SlTwnY/szc0GB4
|
||||
osU2bZmT2FUwY9u5WYGlA1F7osPUbgVh07gG/wqZ9SPu9aiW4fBYFqLfjEQxSrld
|
||||
Dy5IB8+XkVQuCZisvYW3IKNatBXxn6sS/lUJiNBnEOCGCv6aVTKym5+J3SIO9Lke
|
||||
Orz4lNdRqkSM+cJIj3i5Ja4aFmuahCByDZ0fN3h1G4o2grqjxHM9EE89IizPHX7m
|
||||
1Wifhp/w7HlLZLvqgXXGHFCtoUMgnDUSrbved4K+YYRF9DfceSQW9dFmiNVC+Rxm
|
||||
tsGup3We8lW+Ngdlkx8zUEUeQq+DeL3t9f/4EQIDAQABAoIBAHxL8r0yw8+c4sdr
|
||||
SuL032DJkKfGpilsrI1cfXoozVvMjkkS0AhpK4BICyaYZ40JPuld2sY4Y8Slh3/c
|
||||
oDa4BkSWEUQQmZNWJCqaa2GuksNHpinw//8/YsNSYz4vqdB4l6ehUsrYiDrdHwtV
|
||||
OqMu04YyQzgmdzvdgveCsLL4mY8faw2W0yw5u2GtixeIxgqtHUPgFameuUCd8o3c
|
||||
ZvOz0hOqtnolfcHTFMfUQzphcvjHqjJty/U1tUM8hbRTF3iBeUGBqZsVj/4oouVd
|
||||
Aj+e92qVzCKkPsEzacCt1lOYlEcqWZCdSGsW8436JOsKcC4+0icrRfnzlXMoFMbn
|
||||
exjx/FECgYEAz4UIQd/qPsvm8JFE8UHY/2DSnAP246P2/SjKvt67n8Dfbvwyuc+7
|
||||
1X1ZJYnW4eQ1aoZS0RLHUrmb2/yB3DnQmMDXg8ZNay6/tVv4j2EgSaHeHlg7XiB9
|
||||
VPZbbPv5h/rvokrFlbopG3gPPzFCd55wGLuBUdZ8/CPwq7xm0C/ygnUCgYEA6jTS
|
||||
OetgofuHSeNOxdzAuIDT8D4JLHy152UXD1VcBmoIpfaCCLXtASE9KwBv41QAn4IR
|
||||
sX64+9fbsI3BRcZ1GkhxkHAE7Hkn+koKK7iFRdeZSOHvJRHFqzsqbFvCHdv2psFI
|
||||
iFmAoMJWBtkO3YIKV34I5in40pbyfPsikf2Os60CgYEApMdmqiApuZlhFG7VhpiZ
|
||||
vRbdxUKknVeJ/LWSYAMuioi1IkSh5sdbyAbTbapI9W+nNqHYSumVWkvFxeV4HC3Q
|
||||
RCsENj+VI+GoGlMgSIGACNe+Luwyn+g+fONt71kZZ+9KrtyejeiXUZeAy9XKiH9H
|
||||
VWw2IIynC/Nh3IwqO2+HKi0CgYBRlEyV+DMUuTSKvC64JQjMO7OXP0SaxmXmUAQU
|
||||
Rzti0JRqms74kcYYWqefzusqWBxPc1MObIGq16mief4Ue+hWW12TXjGY3Srbt+aL
|
||||
DB8AEPVHucs/Mk2UM2u3is627+Oeejz1oZd4Z7jncbwH1EAd8bzPz1boo8ObXS7R
|
||||
g2ytkQKBgQCgezrE4Be8FRJM3HCUxIa21Sg/igWc/FipxIDaMskyE9CmroJNeTAl
|
||||
5Bq1yGPG1tCM2AMOvaoUzoGlpHLuBCW0yuVHqz/Ffl+1zwYsO9krT1TOG8Wl8dvw
|
||||
fu/CLjDiPxkdLR0AhfEug8Ex3gV55ZHvBhRMZ1x0z6hugZLtK/xuOw==
|
||||
-----END RSA PRIVATE KEY-----`
|
||||
|
||||
csrRSAPem = `-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
|
||||
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN
|
||||
AQEBBQADggEPADCCAQoCggEBALd2SVGs7QkYlYPOz9MvE+0DDRUIutQQkiCnqcV1
|
||||
1nO84uSSUjH0ALLVyRKgWIkobEqWJurKIk+oV9O+Le8EABxkt/ru6jaIFqZkwFE1
|
||||
JzSDPkAsR9jXP5M2MWlmo7qVc4Bry3oqlN3eLSFJP2ZH7b1ia8q9oWXPMxDdwuKR
|
||||
kv9hfkUPszr/gaQCNQXW0BoRe5vdr5+ikv4lrKpsBxvaAoYL1ngR41lCPKhmrgXP
|
||||
oreEuUcXzfCSSAV1CGbW2qhWc4I7/JFA8qqEBr5GP+AntStGxSbDO8JjD7/uULHC
|
||||
AReCloDdJE0jDz1355/0CAH4WmEJE/TI8Bq+vgd0jgzRgk0CAwEAAaAAMA0GCSqG
|
||||
SIb3DQEBCwUAA4IBAQAR8U1vZMJf7YFvGU69QvoWPTDe/o8SwYy1j+++AAO9Y7H2
|
||||
C7nb+9tnEMtXm+3pkY0aJIecAnq8H4QWimOrJa/ZsoZLzz9LKW2nzARdWo63j4nB
|
||||
jKld/EDBzQ/nQSTyoX7s9JiDiSC9yqTXBrPHSXruPbh7sE0yXROar+6atjNdCpDp
|
||||
uLw86gwewDJrMaB1aFAmDvwaRQQDONwRy0zG1UdMxLQxsxpKOHaGM/ZvV3FPir2B
|
||||
7mKupki/dvap5UW0lTMJBlKf3qhoeHKMHFo9i5vGCIkWUIv+XgTF0NjbYv9i7bfq
|
||||
WdW905v4wiuWRlddNwqFtLx9Pf1/fRJVT5mBbjIx
|
||||
-----END CERTIFICATE REQUEST-----`
|
||||
|
||||
certRSAPem = `-----BEGIN CERTIFICATE-----
|
||||
MIIDfDCCAmSgAwIBAgIUad4Q9EhVvqc06H7fCfKaLGcyDw0wDQYJKoZIhvcNAQEL
|
||||
BQAwNzE1MDMGA1UEAxMsVmF1bHQgVGVzdGluZyBJbnRlcm1lZGlhdGUgU3ViIFN1
|
||||
YiBBdXRob3JpdHkwHhcNMTYwODA0MTkyMjAyWhcNMTYwODA0MjAyMjMyWjAhMR8w
|
||||
HQYDVQQDExZWYXVsdCBUZXN0IENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEF
|
||||
AAOCAQ8AMIIBCgKCAQEAvdpq+/g/7RpFuZ7wx/32JDi8sG8bFPcFO5SlTwnY/szc
|
||||
0GB4osU2bZmT2FUwY9u5WYGlA1F7osPUbgVh07gG/wqZ9SPu9aiW4fBYFqLfjEQx
|
||||
SrldDy5IB8+XkVQuCZisvYW3IKNatBXxn6sS/lUJiNBnEOCGCv6aVTKym5+J3SIO
|
||||
9LkeOrz4lNdRqkSM+cJIj3i5Ja4aFmuahCByDZ0fN3h1G4o2grqjxHM9EE89IizP
|
||||
HX7m1Wifhp/w7HlLZLvqgXXGHFCtoUMgnDUSrbved4K+YYRF9DfceSQW9dFmiNVC
|
||||
+RxmtsGup3We8lW+Ngdlkx8zUEUeQq+DeL3t9f/4EQIDAQABo4GVMIGSMA4GA1Ud
|
||||
DwEB/wQEAwIDqDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0O
|
||||
BBYEFMKLVTrdDyyF0kTxkxcAMcGNcGWlMB8GA1UdIwQYMBaAFNmGqFL215GlYyD0
|
||||
mWVIoMB71s+NMCEGA1UdEQQaMBiCFlZhdWx0IFRlc3QgQ2VydGlmaWNhdGUwDQYJ
|
||||
KoZIhvcNAQELBQADggEBAJJP9OWG3W5uUluKdeFYCzKMIY+rsCUb86QrKRqQ5xYR
|
||||
w4pKC3yuryEfreBs3iQA4NNw2mMWxuI8t/i+km2H7NzQytTRn6L0sxTa8ThNZ3e7
|
||||
xCdWaZZzd1O6Xwq/pDbE1MZ/4z5nvsKaKJVVIvVFL5algi4A8njiFMVSww035c1e
|
||||
waLww4AOHydlLky/RJBJPOkQNoDBToC9ojDqPtNJVWWaQL2TsUCu+Q+L5QL5djgj
|
||||
LxPwqGOiM4SLSUrXSXMpHNLX1rhBH1/sNb3Kn1FDBaZ+M9kZglCDwuQyQuH8xKwB
|
||||
qukeKfgFUp7rH0yoQTZa0eaXAYTFoRLjnTQ+fS7e19s=
|
||||
-----END CERTIFICATE-----`
|
||||
|
||||
privECKeyPem = `-----BEGIN EC PRIVATE KEY-----
|
||||
MHcCAQEEICC2XihYLxEYEseFesZEXjV1va6rMAdtkpkaxT4hGu5boAoGCCqGSM49
|
||||
AwEHoUQDQgAEti0uWkq7MAkQevNNrBpYY0FLni8OAZroHXkij2x6Vo0xIvClftbC
|
||||
L33BU/520t23TcewtQYsNqv86Bvhx9PeAw==
|
||||
-----END EC PRIVATE KEY-----`
|
||||
|
||||
csrECPem = `-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIHsMIGcAgEAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
|
||||
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwTjAQBgcqhkjOPQIBBgUr
|
||||
gQQAIQM6AATBZ3VXwBE9oeSREpM5b25PW6WiuLb4EXWpKZyjj552QYKYe7QBuGe9
|
||||
wvvgOeCBovN3tSuGKzTiUKAAMAoGCCqGSM49BAMCAz8AMDwCHFap/5XDuqtXCG1g
|
||||
ljbYH5OWGBqGYCfL2k2+/6cCHAuk1bmOkGx7JAq/fSPd09i0DQIqUu7WHQHms48=
|
||||
-----END CERTIFICATE REQUEST-----`
|
||||
|
||||
privEC8KeyPem = `-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgILZeKFgvERgSx4V6
|
||||
xkReNXW9rqswB22SmRrFPiEa7luhRANCAAS2LS5aSrswCRB6802sGlhjQUueLw4B
|
||||
mugdeSKPbHpWjTEi8KV+1sIvfcFT/nbS3bdNx7C1Biw2q/zoG+HH094D
|
||||
-----END PRIVATE KEY-----`
|
||||
|
||||
certECPem = `-----BEGIN CERTIFICATE-----
|
||||
MIICtzCCAZ+gAwIBAgIUNDYMWd9SOGVMs4I1hezvRnGDMyUwDQYJKoZIhvcNAQEL
|
||||
BQAwNzE1MDMGA1UEAxMsVmF1bHQgVGVzdGluZyBJbnRlcm1lZGlhdGUgU3ViIFN1
|
||||
YiBBdXRob3JpdHkwHhcNMTYwODA0MTkyOTM0WhcNMTYwODA0MjAzMDA0WjAkMSIw
|
||||
IAYDVQQDExlWYXVsdCBUZXN0IEVDIENlcnRpZmljYXRlMFkwEwYHKoZIzj0CAQYI
|
||||
KoZIzj0DAQcDQgAEti0uWkq7MAkQevNNrBpYY0FLni8OAZroHXkij2x6Vo0xIvCl
|
||||
ftbCL33BU/520t23TcewtQYsNqv86Bvhx9PeA6OBmDCBlTAOBgNVHQ8BAf8EBAMC
|
||||
A6gwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBStnbW/
|
||||
ga2/dz4FyRNafwhTzM1UbzAfBgNVHSMEGDAWgBTZhqhS9teRpWMg9JllSKDAe9bP
|
||||
jTAkBgNVHREEHTAbghlWYXVsdCBUZXN0IEVDIENlcnRpZmljYXRlMA0GCSqGSIb3
|
||||
DQEBCwUAA4IBAQBsPhwRB51de3sGBMnjDiOMViYpRH7kKhUWAY1W2W/1hqk5HgZw
|
||||
4c3r0LmdIQ94gShaXng8ojYRDW/5D7LeXJdbtLy9U29xfeCb+vqKDc2oN7Ps3/HB
|
||||
4YLnseqDiZFKPEAdOE4rtwyFWJI7JR9sOSG1B5El6duN0i9FWOLSklQ4EbV5R45r
|
||||
cy/fJq0DOYje7MXsFuNl5iQ92gfDjPD2P98DK9lCIquSzB3WkpjE41UtKJ0IKPeD
|
||||
wYoyl0J33Alxq2eC2subR7xISR3MzZFcdkzNNrBddeaSviYlR4SgTUiqOldAcdR4
|
||||
QZxtxazcUqQDZ+wZFOpBOnp94bzVeXT9BF+L
|
||||
-----END CERTIFICATE-----`
|
||||
|
||||
issuingCaChainPem = []string{`-----BEGIN CERTIFICATE-----
|
||||
MIIDljCCAn6gAwIBAgIUHjciEzUzeNVqI9mwFJeduNtXWzMwDQYJKoZIhvcNAQEL
|
||||
BQAwMzExMC8GA1UEAxMoVmF1bHQgVGVzdGluZyBJbnRlcm1lZGlhdGUgU3ViIEF1
|
||||
dGhvcml0eTAeFw0xNjA4MDQxOTEyNTdaFw0xNjA4MDUyMDEzMjdaMDcxNTAzBgNV
|
||||
BAMTLFZhdWx0IFRlc3RpbmcgSW50ZXJtZWRpYXRlIFN1YiBTdWIgQXV0aG9yaXR5
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2pAH1U8KzhjO+MLRPTb
|
||||
ic7Iyk57d0TFnj6CAJWqZaKNGXoTkwD8wRCirY8mQv8YrfBy3hwGqSLYj6oxwA0R
|
||||
8FxsiWdf4gFTX2cJpxThFnIllGbzqIXnEZLvCIMydp44Ls9eYxoXfZQ9X24u/Wmf
|
||||
kWEQFGUzrpyklkIOx2Yo5g7OHbFLl3OfPz89/TDM8VeymlGzCTJZ+Y+iNGDBPT0L
|
||||
X9aE65lL76dUx/bcKnfQEgAcH4nkE4K/Kgjnj5umZKQUH4+6wKFwDCQT2RwaBkve
|
||||
WyAiz0LY9a1WFXt7RYCPs+QWLJAhv7wJL8l4gnxYA1k+ovLXDjUqYweU+WHV6/lR
|
||||
7wIDAQABo4GdMIGaMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0G
|
||||
A1UdDgQWBBTZhqhS9teRpWMg9JllSKDAe9bPjTAfBgNVHSMEGDAWgBRTY6430DXg
|
||||
cIDAnEnA+fostjcbqDA3BgNVHREEMDAugixWYXVsdCBUZXN0aW5nIEludGVybWVk
|
||||
aWF0ZSBTdWIgU3ViIEF1dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAQEAZp3VwrUw
|
||||
jw6TzjZJEnXkfRxLWZNmqMPAXYOtBl/+5FjAfehifTTzIdIxR4mfdgH5YZnSQpzY
|
||||
m/w17BXElao8uOX6CUaX+sLTVzwsl2csswpcGlNwHooVREoMq9X187qxSr1HS7zF
|
||||
O550XgDVIf5e7sXrVuV1rd1XUo3xZLaSLUhU70y/343mcN2TRUslXO4QrIE5lo2v
|
||||
awyQl0NW0hSO0F9VZYzOvPPVwu7mf1ijTzbkPtUbAXDnmlvOCrlx2JZd/BqXb75e
|
||||
UgYDq7hIyQ109FBOjv0weAM5tZCdesyvro4/43Krd8pa74zHdZMjfQAsTr66WOi4
|
||||
yedj8LnWl66JOA==
|
||||
-----END CERTIFICATE-----`,
|
||||
`-----BEGIN CERTIFICATE-----
|
||||
MIIDijCCAnKgAwIBAgIUBNDYCUsOT2Wth8Fz3layfjEVbcIwDQYJKoZIhvcNAQEL
|
||||
BQAwLzEtMCsGA1UEAxMkVmF1bHQgVGVzdGluZyBJbnRlcm1lZGlhdGUgQXV0aG9y
|
||||
aXR5MB4XDTE2MDgwNDE5MTI1NloXDTE2MDgwNjIxMTMyNlowMzExMC8GA1UEAxMo
|
||||
VmF1bHQgVGVzdGluZyBJbnRlcm1lZGlhdGUgU3ViIEF1dGhvcml0eTCCASIwDQYJ
|
||||
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALHoD7g5YYu2akO8hkFlUCF45Bxjckq4
|
||||
WTyDIcDwv/wr7vhZnngCClnP+7Rc30XTmkq2RnH6N7iuqowGM5RNcBV/C9R1weVx
|
||||
9esXtWr/AUMyuNb3HSjwDwQGuiAVEgk67fXYy08Ii78+ap3uY3CKC1AFDkHdgDZt
|
||||
e946rJ3Nps00TcH0KwyP5voitLgt6dMBR9ttuUdSoQ4uLQDdDf0HRw/IAQswO4Av
|
||||
lgUgQObBecnLGhh7e3PM5VVz5f0IqG2ZYnDs3ncl2UYOrj0/JqOMDIMvSQMc2pzS
|
||||
Hjty0d1wKWWPC9waguL/24oQR4VG5b7TL62elc2kcEg7r8u5L/sCi/8CAwEAAaOB
|
||||
mTCBljAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
|
||||
U2OuN9A14HCAwJxJwPn6LLY3G6gwHwYDVR0jBBgwFoAUgAz80p6Pkzk6Cb7lYmTI
|
||||
T1jc7iYwMwYDVR0RBCwwKoIoVmF1bHQgVGVzdGluZyBJbnRlcm1lZGlhdGUgU3Vi
|
||||
IEF1dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAQEACXjzGVqRZi6suHwBqvXwVxlS
|
||||
nf5YwudfBDJ4LfNd5nTCypsvHkfXnaki6LZMCS1rwPvxzssZ5Wp/7zO5fu6lpSTx
|
||||
yjuiH5fBUGHy+f1Ygu6tlAZtUnxAi6pU4eoCDNZpqunJMM4IdaahHeICdjPhx/bH
|
||||
AlmwaN0FsNvOlgUuPTjQ3z6jMZn3p2lXI3HiRlcz+nR7gQizPb2L7u8mQ+5EZFmC
|
||||
AmXMj40g3bTJVmKoGeAR7cb0pYG/GUELmERjEjCfP7W15eYfuu1j7EYTUAVuPAlJ
|
||||
34HDxCuM8cPJwCGMDKfb3Q39AYRmLT6sE3/sq2CZ5xlj8wfwDpVfpXikRDpI0A==
|
||||
-----END CERTIFICATE-----`,
|
||||
`-----BEGIN CERTIFICATE-----
|
||||
MIIDejCCAmKgAwIBAgIUEtjlbdzIth3U71TELA0PVW7HvaEwDQYJKoZIhvcNAQEL
|
||||
BQAwJzElMCMGA1UEAxMcVmF1bHQgVGVzdGluZyBSb290IEF1dGhvcml0eTAeFw0x
|
||||
NjA4MDQxOTEyNTVaFw0xNjA4MDgyMzEzMjVaMC8xLTArBgNVBAMTJFZhdWx0IFRl
|
||||
c3RpbmcgSW50ZXJtZWRpYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQAD
|
||||
ggEPADCCAQoCggEBAMYAQAHCm9V9062NF/UuAa6z6aYqsS5g2YGkd9DvgYxfU5JI
|
||||
yIdSz7rkp9QprlQYl2abptZocq+1C9yRVmRJWKjZYDckSwXdmQam/sOfNuiw6Gbd
|
||||
3OJGdQ82jhx3v3mIQp+3u9E43wXX0StaJ44+9DgkgwG8iybiv4fh0LzuHPSeKsXe
|
||||
/IvJZ0YAInWuzFNegYxU32UT2CEvLtZdru8+sLr4NFWRu/nYIMPJDeZ2JEQVi9IF
|
||||
lcB3dP63c6vMBrn4Wn2xBo12JPsQp+ezf5Z5zmtAe68PwRmIXZVAUa2q+CfEuJ36
|
||||
66756Ypa0Z3brhPWfX2ahhxSg8DjqFGmZZ5Gfl8CAwEAAaOBlTCBkjAOBgNVHQ8B
|
||||
Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUgAz80p6Pkzk6Cb7l
|
||||
YmTIT1jc7iYwHwYDVR0jBBgwFoAU6dC1U32HZp7iq97KSu2i+g8+rf4wLwYDVR0R
|
||||
BCgwJoIkVmF1bHQgVGVzdGluZyBJbnRlcm1lZGlhdGUgQXV0aG9yaXR5MA0GCSqG
|
||||
SIb3DQEBCwUAA4IBAQA6xVMyuZgpJhIQnG2LwwD5Zcbmm4+rHkGVNSpwkUH8ga8X
|
||||
b4Owog+MvBw8R7ADVwAh/aOh1/qsRfHv8KkMWW+SAQ84ICVXJiPBzEUJaMWujpyr
|
||||
SDkbaD05avRtfvSrPCagaUGVRt+wK24g8hpJqQ+trkufzjq9ySU018+NNX9yGRyA
|
||||
VjwZAqALlNEAkdcvd4adEBpZqum2x1Fl9EXnjp6NEWQ7nuGkp3X2DP4gDtQPxgmn
|
||||
omOo4GHhO0U57exEIl0d4kiy9WU0qcIISOr6I+gzesMooX6aI43CaqJoZKsHXYY6
|
||||
1uxFLss+/wDtvIcyXdTdjPrgD38YIgk1/iKNIgKO
|
||||
-----END CERTIFICATE-----`}
|
||||
initTest sync.Once
|
||||
privRSA8KeyPem string
|
||||
privRSAKeyPem string
|
||||
csrRSAPem string
|
||||
certRSAPem string
|
||||
privECKeyPem string
|
||||
csrECPem string
|
||||
privEC8KeyPem string
|
||||
certECPem string
|
||||
issuingCaChainPem []string
|
||||
)
|
||||
|
|
|
|||
|
|
@ -1,119 +0,0 @@
|
|||
// Copyright 2011 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package certutil
|
||||
|
||||
import (
|
||||
"crypto/ecdsa"
|
||||
"crypto/elliptic"
|
||||
"crypto/rsa"
|
||||
"crypto/x509"
|
||||
"crypto/x509/pkix"
|
||||
"encoding/asn1"
|
||||
"errors"
|
||||
"fmt"
|
||||
)
|
||||
|
||||
var (
|
||||
oidNamedCurveP224 = asn1.ObjectIdentifier{1, 3, 132, 0, 33}
|
||||
oidNamedCurveP256 = asn1.ObjectIdentifier{1, 2, 840, 10045, 3, 1, 7}
|
||||
oidNamedCurveP384 = asn1.ObjectIdentifier{1, 3, 132, 0, 34}
|
||||
oidNamedCurveP521 = asn1.ObjectIdentifier{1, 3, 132, 0, 35}
|
||||
|
||||
oidPublicKeyRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1}
|
||||
oidPublicKeyDSA = asn1.ObjectIdentifier{1, 2, 840, 10040, 4, 1}
|
||||
oidPublicKeyECDSA = asn1.ObjectIdentifier{1, 2, 840, 10045, 2, 1}
|
||||
)
|
||||
|
||||
// pkcs8 reflects an ASN.1, PKCS#8 PrivateKey. See
|
||||
// ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-8/pkcs-8v1_2.asn
|
||||
// and RFC 5208.
|
||||
type pkcs8 struct {
|
||||
Version int
|
||||
Algo pkix.AlgorithmIdentifier
|
||||
PrivateKey []byte
|
||||
// optional attributes omitted.
|
||||
}
|
||||
|
||||
type ecPrivateKey struct {
|
||||
Version int
|
||||
PrivateKey []byte
|
||||
NamedCurveOID asn1.ObjectIdentifier `asn1:"optional,explicit,tag:0"`
|
||||
PublicKey asn1.BitString `asn1:"optional,explicit,tag:1"`
|
||||
}
|
||||
|
||||
// MarshalPKCS8PrivateKey converts a private key to PKCS#8 encoded form.
|
||||
// The following key types are supported: *rsa.PrivateKey, *ecdsa.PublicKey.
|
||||
// Unsupported key types result in an error.
|
||||
//
|
||||
// See RFC 5208.
|
||||
func MarshalPKCS8PrivateKey(key interface{}) ([]byte, error) {
|
||||
var privKey pkcs8
|
||||
|
||||
switch k := key.(type) {
|
||||
case *rsa.PrivateKey:
|
||||
privKey.Algo = pkix.AlgorithmIdentifier{
|
||||
Algorithm: oidPublicKeyRSA,
|
||||
Parameters: asn1.NullRawValue,
|
||||
}
|
||||
privKey.PrivateKey = x509.MarshalPKCS1PrivateKey(k)
|
||||
|
||||
case *ecdsa.PrivateKey:
|
||||
oid, ok := oidFromNamedCurve(k.Curve)
|
||||
if !ok {
|
||||
return nil, errors.New("x509: unknown curve while marshalling to PKCS#8")
|
||||
}
|
||||
|
||||
oidBytes, err := asn1.Marshal(oid)
|
||||
if err != nil {
|
||||
return nil, errors.New("x509: failed to marshal curve OID: " + err.Error())
|
||||
}
|
||||
|
||||
privKey.Algo = pkix.AlgorithmIdentifier{
|
||||
Algorithm: oidPublicKeyECDSA,
|
||||
Parameters: asn1.RawValue{
|
||||
FullBytes: oidBytes,
|
||||
},
|
||||
}
|
||||
|
||||
if privKey.PrivateKey, err = marshalECPrivateKeyWithOID(k, nil); err != nil {
|
||||
return nil, errors.New("x509: failed to marshal EC private key while building PKCS#8: " + err.Error())
|
||||
}
|
||||
|
||||
default:
|
||||
return nil, fmt.Errorf("x509: unknown key type while marshalling PKCS#8: %T", key)
|
||||
}
|
||||
|
||||
return asn1.Marshal(privKey)
|
||||
}
|
||||
|
||||
func oidFromNamedCurve(curve elliptic.Curve) (asn1.ObjectIdentifier, bool) {
|
||||
switch curve {
|
||||
case elliptic.P224():
|
||||
return oidNamedCurveP224, true
|
||||
case elliptic.P256():
|
||||
return oidNamedCurveP256, true
|
||||
case elliptic.P384():
|
||||
return oidNamedCurveP384, true
|
||||
case elliptic.P521():
|
||||
return oidNamedCurveP521, true
|
||||
}
|
||||
|
||||
return nil, false
|
||||
}
|
||||
|
||||
// marshalECPrivateKey marshals an EC private key into ASN.1, DER format and
|
||||
// sets the curve ID to the given OID, or omits it if OID is nil.
|
||||
func marshalECPrivateKeyWithOID(key *ecdsa.PrivateKey, oid asn1.ObjectIdentifier) ([]byte, error) {
|
||||
privateKeyBytes := key.D.Bytes()
|
||||
paddedPrivateKey := make([]byte, (key.Curve.Params().N.BitLen()+7)/8)
|
||||
copy(paddedPrivateKey[len(paddedPrivateKey)-len(privateKeyBytes):], privateKeyBytes)
|
||||
|
||||
return asn1.Marshal(ecPrivateKey{
|
||||
Version: 1,
|
||||
PrivateKey: paddedPrivateKey,
|
||||
NamedCurveOID: oid,
|
||||
PublicKey: asn1.BitString{Bytes: elliptic.Marshal(key.Curve, key.X, key.Y)},
|
||||
})
|
||||
}
|
||||
|
|
@ -1,110 +0,0 @@
|
|||
// Copyright 2011 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package certutil
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/ecdsa"
|
||||
"crypto/elliptic"
|
||||
"crypto/rsa"
|
||||
"crypto/x509"
|
||||
"encoding/hex"
|
||||
"reflect"
|
||||
"testing"
|
||||
)
|
||||
|
||||
// Generated using:
|
||||
// openssl genrsa 1024 | openssl pkcs8 -topk8 -nocrypt
|
||||
var pkcs8RSAPrivateKeyHex = `30820278020100300d06092a864886f70d0101010500048202623082025e02010002818100cfb1b5bf9685ffa97b4f99df4ff122b70e59ac9b992f3bc2b3dde17d53c1a34928719b02e8fd17839499bfbd515bd6ef99c7a1c47a239718fe36bfd824c0d96060084b5f67f0273443007a24dfaf5634f7772c9346e10eb294c2306671a5a5e719ae24b4de467291bc571014b0e02dec04534d66a9bb171d644b66b091780e8d020301000102818100b595778383c4afdbab95d2bfed12b3f93bb0a73a7ad952f44d7185fd9ec6c34de8f03a48770f2009c8580bcd275e9632714e9a5e3f32f29dc55474b2329ff0ebc08b3ffcb35bc96e6516b483df80a4a59cceb71918cbabf91564e64a39d7e35dce21cb3031824fdbc845dba6458852ec16af5dddf51a8397a8797ae0337b1439024100ea0eb1b914158c70db39031dd8904d6f18f408c85fbbc592d7d20dee7986969efbda081fdf8bc40e1b1336d6b638110c836bfdc3f314560d2e49cd4fbde1e20b024100e32a4e793b574c9c4a94c8803db5152141e72d03de64e54ef2c8ed104988ca780cd11397bc359630d01b97ebd87067c5451ba777cf045ca23f5912f1031308c702406dfcdbbd5a57c9f85abc4edf9e9e29153507b07ce0a7ef6f52e60dcfebe1b8341babd8b789a837485da6c8d55b29bbb142ace3c24a1f5b54b454d01b51e2ad03024100bd6a2b60dee01e1b3bfcef6a2f09ed027c273cdbbaf6ba55a80f6dcc64e4509ee560f84b4f3e076bd03b11e42fe71a3fdd2dffe7e0902c8584f8cad877cdc945024100aa512fa4ada69881f1d8bb8ad6614f192b83200aef5edf4811313d5ef30a86cbd0a90f7b025c71ea06ec6b34db6306c86b1040670fd8654ad7291d066d06d031`
|
||||
|
||||
// Generated using:
|
||||
// openssl ecparam -genkey -name secp224r1 | openssl pkcs8 -topk8 -nocrypt
|
||||
var pkcs8P224PrivateKeyHex = `3078020100301006072a8648ce3d020106052b810400210461305f020101041cca3d72b3e88fed2684576dad9b80a9180363a5424986900e3abcab3fa13c033a0004f8f2a6372872a4e61263ed893afb919576a4cacfecd6c081a2cbc76873cf4ba8530703c6042b3a00e2205087e87d2435d2e339e25702fae1`
|
||||
|
||||
// Generated using:
|
||||
// openssl ecparam -genkey -name secp256r1 | openssl pkcs8 -topk8 -nocrypt
|
||||
var pkcs8P256PrivateKeyHex = `308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b0201010420dad6b2f49ca774c36d8ae9517e935226f667c929498f0343d2424d0b9b591b43a14403420004b9c9b90095476afe7b860d8bd43568cab7bcb2eed7b8bf2fa0ce1762dd20b04193f859d2d782b1e4cbfd48492f1f533113a6804903f292258513837f07fda735`
|
||||
|
||||
// Generated using:
|
||||
// openssl ecparam -genkey -name secp384r1 | openssl pkcs8 -topk8 -nocrypt
|
||||
var pkcs8P384PrivateKeyHex = `3081b6020100301006072a8648ce3d020106052b8104002204819e30819b02010104309bf832f6aaaeacb78ce47ffb15e6fd0fd48683ae79df6eca39bfb8e33829ac94aa29d08911568684c2264a08a4ceb679a164036200049070ad4ed993c7770d700e9f6dc2baa83f63dd165b5507f98e8ff29b5d2e78ccbe05c8ddc955dbf0f7497e8222cfa49314fe4e269459f8e880147f70d785e530f2939e4bf9f838325bb1a80ad4cf59272ae0e5efe9a9dc33d874492596304bd3`
|
||||
|
||||
// Generated using:
|
||||
// openssl ecparam -genkey -name secp521r1 | openssl pkcs8 -topk8 -nocrypt
|
||||
//
|
||||
// Note that OpenSSL will truncate the private key if it can (i.e. it emits it
|
||||
// like an integer, even though it's an OCTET STRING field). Thus if you
|
||||
// regenerate this you may, randomly, find that it's a byte shorter than
|
||||
// expected and the Go test will fail to recreate it exactly.
|
||||
var pkcs8P521PrivateKeyHex = `3081ee020100301006072a8648ce3d020106052b810400230481d63081d3020101044200cfe0b87113a205cf291bb9a8cd1a74ac6c7b2ebb8199aaa9a5010d8b8012276fa3c22ac913369fa61beec2a3b8b4516bc049bde4fb3b745ac11b56ab23ac52e361a1818903818600040138f75acdd03fbafa4f047a8e4b272ba9d555c667962b76f6f232911a5786a0964e5edea6bd21a6f8725720958de049c6e3e6661c1c91b227cebee916c0319ed6ca003db0a3206d372229baf9dd25d868bf81140a518114803ce40c1855074d68c4e9dab9e65efba7064c703b400f1767f217dac82715ac1f6d88c74baf47a7971de4ea`
|
||||
|
||||
func TestPKCS8(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
keyHex string
|
||||
keyType reflect.Type
|
||||
curve elliptic.Curve
|
||||
}{
|
||||
{
|
||||
name: "RSA private key",
|
||||
keyHex: pkcs8RSAPrivateKeyHex,
|
||||
keyType: reflect.TypeOf(&rsa.PrivateKey{}),
|
||||
},
|
||||
{
|
||||
name: "P-224 private key",
|
||||
keyHex: pkcs8P224PrivateKeyHex,
|
||||
keyType: reflect.TypeOf(&ecdsa.PrivateKey{}),
|
||||
curve: elliptic.P224(),
|
||||
},
|
||||
{
|
||||
name: "P-256 private key",
|
||||
keyHex: pkcs8P256PrivateKeyHex,
|
||||
keyType: reflect.TypeOf(&ecdsa.PrivateKey{}),
|
||||
curve: elliptic.P256(),
|
||||
},
|
||||
{
|
||||
name: "P-384 private key",
|
||||
keyHex: pkcs8P384PrivateKeyHex,
|
||||
keyType: reflect.TypeOf(&ecdsa.PrivateKey{}),
|
||||
curve: elliptic.P384(),
|
||||
},
|
||||
{
|
||||
name: "P-521 private key",
|
||||
keyHex: pkcs8P521PrivateKeyHex,
|
||||
keyType: reflect.TypeOf(&ecdsa.PrivateKey{}),
|
||||
curve: elliptic.P521(),
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range tests {
|
||||
derBytes, err := hex.DecodeString(test.keyHex)
|
||||
if err != nil {
|
||||
t.Errorf("%s: failed to decode hex: %s", test.name, err)
|
||||
continue
|
||||
}
|
||||
privKey, err := x509.ParsePKCS8PrivateKey(derBytes)
|
||||
if err != nil {
|
||||
t.Errorf("%s: failed to decode PKCS#8: %s", test.name, err)
|
||||
continue
|
||||
}
|
||||
if reflect.TypeOf(privKey) != test.keyType {
|
||||
t.Errorf("%s: decoded PKCS#8 returned unexpected key type: %T", test.name, privKey)
|
||||
continue
|
||||
}
|
||||
if ecKey, isEC := privKey.(*ecdsa.PrivateKey); isEC && ecKey.Curve != test.curve {
|
||||
t.Errorf("%s: decoded PKCS#8 returned unexpected curve %#v", test.name, ecKey.Curve)
|
||||
continue
|
||||
}
|
||||
reserialised, err := MarshalPKCS8PrivateKey(privKey)
|
||||
if err != nil {
|
||||
t.Errorf("%s: failed to marshal into PKCS#8: %s", test.name, err)
|
||||
continue
|
||||
}
|
||||
if !bytes.Equal(derBytes, reserialised) {
|
||||
t.Errorf("%s: marshalled PKCS#8 didn't match original: got %x, want %x", test.name, reserialised, derBytes)
|
||||
continue
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -188,7 +188,7 @@ func (c *CertBundle) ToParsedCertBundle() (*ParsedCertBundle, error) {
|
|||
result.CertificateBytes = pemBlock.Bytes
|
||||
result.Certificate, err = x509.ParseCertificate(result.CertificateBytes)
|
||||
if err != nil {
|
||||
return nil, errutil.UserError{Err: "Error encountered parsing certificate bytes from raw bundle"}
|
||||
return nil, errutil.UserError{Err: fmt.Sprintf("Error encountered parsing certificate bytes from raw bundle: %v", err)}
|
||||
}
|
||||
}
|
||||
switch {
|
||||
|
|
@ -201,7 +201,7 @@ func (c *CertBundle) ToParsedCertBundle() (*ParsedCertBundle, error) {
|
|||
|
||||
parsedCert, err := x509.ParseCertificate(pemBlock.Bytes)
|
||||
if err != nil {
|
||||
return nil, errutil.UserError{Err: "Error encountered parsing certificate bytes from raw bundle"}
|
||||
return nil, errutil.UserError{Err: fmt.Sprintf("Error encountered parsing certificate bytes from raw bundle via CA chain: %v", err)}
|
||||
}
|
||||
|
||||
certBlock := &CertBlock{
|
||||
|
|
@ -220,7 +220,7 @@ func (c *CertBundle) ToParsedCertBundle() (*ParsedCertBundle, error) {
|
|||
|
||||
parsedCert, err := x509.ParseCertificate(pemBlock.Bytes)
|
||||
if err != nil {
|
||||
return nil, errutil.UserError{Err: "Error encountered parsing certificate bytes from raw bundle3"}
|
||||
return nil, errutil.UserError{Err: fmt.Sprintf("Error encountered parsing certificate bytes from raw bundle via issuing CA: %v", err)}
|
||||
}
|
||||
|
||||
result.SerialNumber = result.Certificate.SerialNumber
|
||||
|
|
@ -444,7 +444,7 @@ func (c *CSRBundle) ToParsedCSRBundle() (*ParsedCSRBundle, error) {
|
|||
result.CSRBytes = pemBlock.Bytes
|
||||
result.CSR, err = x509.ParseCertificateRequest(result.CSRBytes)
|
||||
if err != nil {
|
||||
return nil, errutil.UserError{Err: fmt.Sprintf("Error encountered parsing certificate bytes from raw bundle: %v", err)}
|
||||
return nil, errutil.UserError{Err: fmt.Sprintf("Error encountered parsing certificate bytes from raw bundle via CSR: %v", err)}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -49,25 +49,25 @@ func FetchKeybasePubkeys(input []string) (map[string]string, error) {
|
|||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
type publicKeys struct {
|
||||
type PublicKeys struct {
|
||||
Primary struct {
|
||||
Bundle string
|
||||
}
|
||||
}
|
||||
|
||||
type them struct {
|
||||
publicKeys `json:"public_keys"`
|
||||
type LThem struct {
|
||||
PublicKeys `json:"public_keys"`
|
||||
}
|
||||
|
||||
type kbResp struct {
|
||||
type KbResp struct {
|
||||
Status struct {
|
||||
Name string
|
||||
}
|
||||
Them []them
|
||||
Them []LThem
|
||||
}
|
||||
|
||||
out := &kbResp{
|
||||
Them: []them{},
|
||||
out := &KbResp{
|
||||
Them: []LThem{},
|
||||
}
|
||||
|
||||
if err := jsonutil.DecodeJSONFromReader(resp.Body, out); err != nil {
|
||||
|
|
|
|||
Loading…
Reference in New Issue