initial import of sources

2024-06-18 10:15:22 +02:00
commit ada2a49a64
42 changed files with 12444 additions and 0 deletions
--- a/pkg/aux509/x509cert.go
+++ b/pkg/aux509/x509cert.go
@@ -0,0 +1,122 @@
+package aux509
+
+import (
+	"bytes"
+	"crypto"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha256"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"fmt"
+	"math/big"
+	"time"
+)
+
+func CreateX509Cert(subject string, commonNames ...string) ([]byte, []byte, error) {
+	var err error
+	certPem := make([]byte, 0)
+	keyPem := make([]byte, 0)
+
+	now := time.Now()
+
+	const yearsAfter int = 50
+	const keySize int = 2048
+
+	key, err := rsa.GenerateKey(rand.Reader, keySize)
+	if err != nil {
+		err := fmt.Errorf("Can't create a private key: %v", err)
+		return certPem, keyPem, err
+
+	}
+	keyPemBlock := pem.Block{
+		Type:  "RSA PRIVATE KEY",
+		Bytes: x509.MarshalPKCS1PrivateKey(key),
+	}
+	keyPem = pem.EncodeToMemory(&keyPemBlock)
+
+	dnsNames := make([]string, 0)
+	dnsNames = append(dnsNames, subject)
+	dnsNames = append(dnsNames, commonNames...)
+	tml := x509.Certificate{
+		SerialNumber: big.NewInt(now.Unix()),
+		NotBefore:    now,
+		NotAfter:     now.AddDate(yearsAfter, 0, 0),
+		Subject: pkix.Name{
+			CommonName: subject,
+		},
+		DNSNames:              dnsNames,
+		BasicConstraintsValid: true,
+	}
+	certBytes, err := x509.CreateCertificate(rand.Reader, &tml, &tml, &key.PublicKey, key)
+	if err != nil {
+		return certPem, keyPem, fmt.Errorf("Can't create a certificate: %v", err)
+
+	}
+	certPemBlock := pem.Block{
+		Type:  "CERTIFICATE",
+		Bytes: certBytes,
+	}
+	certPem = pem.EncodeToMemory(&certPemBlock)
+	if err != nil {
+		return certPem, keyPem, err
+	}
+	return certPem, keyPem, err
+}
+
+func SignDocument(keyPem, message []byte) ([]byte, error) {
+	var err error
+	res := make([]byte, 0)
+
+	block, _ := pem.Decode(keyPem)
+	if block == nil || block.Type != "RSA PRIVATE KEY" {
+		err = fmt.Errorf("Error decoding RSA key block")
+		return res, err
+	}
+	key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
+	if err != nil {
+		return res, err
+	}
+
+	messageBuffer := bytes.NewBuffer(message)
+	hasher := sha256.New()
+	hasher.Write(messageBuffer.Bytes())
+	digest := hasher.Sum(nil)
+
+	res, err = rsa.SignPKCS1v15(rand.Reader, key, crypto.SHA256, digest)
+	if err != nil {
+		return res, err
+	}
+	return res, err
+}
+
+func VerifySignature(certPem, message, signature []byte) error {
+	var err error
+	block, _ := pem.Decode(certPem)
+	if block == nil || block.Type != "CERTIFICATE" {
+		err = fmt.Errorf("Error decoding X509 cert key block")
+		return err
+	}
+	cert, err := x509.ParseCertificate(block.Bytes)
+	if err != nil {
+		return err
+	}
+
+	messageBuffer := bytes.NewBuffer(message)
+	hasher := sha256.New()
+	hasher.Write(messageBuffer.Bytes())
+	digest := hasher.Sum(nil)
+
+	if cert.PublicKeyAlgorithm != x509.RSA {
+		err := fmt.Errorf("Non RSA public key algoritm")
+		return err
+	}
+
+	publicKey := cert.PublicKey.(*rsa.PublicKey)
+	err = rsa.VerifyPKCS1v15(publicKey, crypto.SHA256, digest, signature)
+	if err != nil {
+		return err
+	}
+	return err
+}