2022-03-28 12:37:58 +00:00
|
|
|
package server
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/ecdsa"
|
2022-06-15 14:49:31 +00:00
|
|
|
"crypto/elliptic"
|
2022-03-28 12:37:58 +00:00
|
|
|
"crypto/rand"
|
2022-06-15 14:49:31 +00:00
|
|
|
"crypto/sha256"
|
|
|
|
"crypto/tls"
|
2022-03-28 12:37:58 +00:00
|
|
|
"crypto/x509"
|
|
|
|
"crypto/x509/pkix"
|
2022-08-09 14:31:35 +00:00
|
|
|
"encoding/asn1"
|
2022-03-28 12:37:58 +00:00
|
|
|
"encoding/pem"
|
2022-06-15 15:36:17 +00:00
|
|
|
"fmt"
|
2022-03-28 12:37:58 +00:00
|
|
|
"math/big"
|
2022-06-15 14:49:31 +00:00
|
|
|
"net"
|
2022-08-09 14:31:35 +00:00
|
|
|
"net/url"
|
2022-03-28 12:37:58 +00:00
|
|
|
"time"
|
|
|
|
)
|
|
|
|
|
2022-06-15 14:49:31 +00:00
|
|
|
var globalCertificate *tls.Certificate = nil
|
|
|
|
var globalPem string
|
|
|
|
|
|
|
|
func makeRandomSerialNumber() (*big.Int, error) {
|
2022-03-28 12:37:58 +00:00
|
|
|
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
|
2022-06-15 14:49:31 +00:00
|
|
|
return rand.Int(rand.Reader, serialNumberLimit)
|
|
|
|
}
|
2022-03-28 12:37:58 +00:00
|
|
|
|
2022-06-15 14:49:31 +00:00
|
|
|
func makeSerialNumberFromKey(pk *ecdsa.PrivateKey) *big.Int {
|
|
|
|
h := sha256.New()
|
|
|
|
h.Write(append(pk.D.Bytes(), append(pk.Y.Bytes(), pk.X.Bytes()...)...))
|
|
|
|
|
|
|
|
return new(big.Int).SetBytes(h.Sum(nil))
|
|
|
|
}
|
2022-03-28 12:37:58 +00:00
|
|
|
|
2022-06-15 14:49:31 +00:00
|
|
|
func GenerateX509Cert(sn *big.Int, from, to time.Time, hostname string) *x509.Certificate {
|
|
|
|
c := &x509.Certificate{
|
|
|
|
SerialNumber: sn,
|
2022-03-28 12:37:58 +00:00
|
|
|
Subject: pkix.Name{Organization: []string{"Self-signed cert"}},
|
|
|
|
NotBefore: from,
|
|
|
|
NotAfter: to,
|
|
|
|
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
|
|
|
|
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
|
|
|
|
BasicConstraintsValid: true,
|
|
|
|
IsCA: true,
|
|
|
|
}
|
|
|
|
|
2022-06-15 14:49:31 +00:00
|
|
|
ip := net.ParseIP(hostname)
|
|
|
|
if ip != nil {
|
|
|
|
c.IPAddresses = []net.IP{ip}
|
|
|
|
} else {
|
|
|
|
c.DNSNames = []string{hostname}
|
|
|
|
}
|
|
|
|
|
|
|
|
return c
|
2022-03-28 12:37:58 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func GenerateX509PEMs(cert *x509.Certificate, key *ecdsa.PrivateKey) (certPem, keyPem []byte, err error) {
|
|
|
|
derBytes, err := x509.CreateCertificate(rand.Reader, cert, cert, &key.PublicKey, key)
|
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
certPem = pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
|
|
|
|
|
|
|
|
privBytes, err := x509.MarshalPKCS8PrivateKey(key)
|
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
keyPem = pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: privBytes})
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|
2022-06-15 14:49:31 +00:00
|
|
|
|
|
|
|
func generateTLSCert() error {
|
|
|
|
if globalCertificate != nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
notBefore := time.Now()
|
|
|
|
notAfter := notBefore.Add(365 * 24 * time.Hour)
|
|
|
|
|
|
|
|
sn, err := makeRandomSerialNumber()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
cert := GenerateX509Cert(sn, notBefore, notAfter, localhost)
|
|
|
|
certPem, keyPem, err := GenerateX509PEMs(cert, priv)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
finalCert, err := tls.X509KeyPair(certPem, keyPem)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
globalCertificate = &finalCert
|
|
|
|
globalPem = string(certPem)
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func PublicTLSCert() (string, error) {
|
|
|
|
err := generateTLSCert()
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
|
|
|
|
return globalPem, nil
|
|
|
|
}
|
|
|
|
|
2022-06-15 15:36:17 +00:00
|
|
|
func GenerateCertFromKey(pk *ecdsa.PrivateKey, from time.Time, hostname string) (tls.Certificate, []byte, error) {
|
|
|
|
cert := GenerateX509Cert(makeSerialNumberFromKey(pk), from, from.Add(time.Hour), hostname)
|
2022-06-15 14:49:31 +00:00
|
|
|
certPem, keyPem, err := GenerateX509PEMs(cert, pk)
|
|
|
|
if err != nil {
|
|
|
|
return tls.Certificate{}, nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
tlsCert, err := tls.X509KeyPair(certPem, keyPem)
|
|
|
|
if err != nil {
|
|
|
|
return tls.Certificate{}, nil, err
|
|
|
|
}
|
|
|
|
|
2022-06-15 15:36:17 +00:00
|
|
|
block, _ := pem.Decode(certPem)
|
|
|
|
if block == nil {
|
|
|
|
return tls.Certificate{}, nil, fmt.Errorf("failed to decode certPem")
|
|
|
|
}
|
|
|
|
leaf, err := x509.ParseCertificate(block.Bytes)
|
|
|
|
if err != nil {
|
|
|
|
return tls.Certificate{}, nil, err
|
|
|
|
}
|
|
|
|
tlsCert.Leaf = leaf
|
|
|
|
|
2022-06-15 14:49:31 +00:00
|
|
|
return tlsCert, certPem, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// ToECDSA takes a []byte of D and uses it to create an ecdsa.PublicKey on the elliptic.P256 curve
|
|
|
|
// this function is basically a P256 curve version of eth-node/crypto.ToECDSA without all the nice validation
|
|
|
|
func ToECDSA(d []byte) *ecdsa.PrivateKey {
|
|
|
|
k := new(ecdsa.PrivateKey)
|
|
|
|
k.D = new(big.Int).SetBytes(d)
|
|
|
|
k.PublicKey.Curve = elliptic.P256()
|
|
|
|
|
|
|
|
k.PublicKey.X, k.PublicKey.Y = k.PublicKey.Curve.ScalarBaseMult(d)
|
|
|
|
return k
|
|
|
|
}
|
2022-08-09 14:31:35 +00:00
|
|
|
|
|
|
|
// verifyCertPublicKey checks that the ecdsa.PublicKey using in a x509.Certificate matches a known ecdsa.PublicKey
|
|
|
|
func verifyCertPublicKey(cert *x509.Certificate, publicKey *ecdsa.PublicKey) error {
|
|
|
|
certKey, ok := cert.PublicKey.(*ecdsa.PublicKey)
|
|
|
|
if !ok {
|
|
|
|
return fmt.Errorf("unexpected public key type, expected ecdsa.PublicKey")
|
|
|
|
}
|
|
|
|
|
|
|
|
if !certKey.Equal(publicKey) {
|
|
|
|
return fmt.Errorf("server certificate MUST match the given public key")
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// verifyCertSig checks that a x509.Certificate's Signature verifies against x509.Certificate's PublicKey
|
|
|
|
// If the x509.Certificate's PublicKey is not an ecdsa.PublicKey an error will be thrown
|
|
|
|
func verifyCertSig(cert *x509.Certificate) (bool, error) {
|
|
|
|
var esig struct {
|
|
|
|
R, S *big.Int
|
|
|
|
}
|
|
|
|
if _, err := asn1.Unmarshal(cert.Signature, &esig); err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
|
|
|
|
hash := sha256.New()
|
|
|
|
hash.Write(cert.RawTBSCertificate)
|
|
|
|
|
|
|
|
ecKey, ok := cert.PublicKey.(*ecdsa.PublicKey)
|
|
|
|
if !ok {
|
|
|
|
return false, fmt.Errorf("certificate public is not an ecdsa.PublicKey")
|
|
|
|
}
|
|
|
|
|
|
|
|
verified := ecdsa.Verify(ecKey, hash.Sum(nil), esig.R, esig.S)
|
|
|
|
return verified, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// verifyCert verifies an x509.Certificate against a known ecdsa.PublicKey
|
|
|
|
// combining the checks of verifyCertPublicKey and verifyCertSig.
|
|
|
|
// If an x509.Certificate fails to verify an error is also thrown
|
|
|
|
func verifyCert(cert *x509.Certificate, publicKey *ecdsa.PublicKey) error {
|
|
|
|
err := verifyCertPublicKey(cert, publicKey)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
verified, err := verifyCertSig(cert)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if !verified {
|
|
|
|
return fmt.Errorf("server certificate signature MUST verify")
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// getServerCert pings a given tls host, extracts and returns its x509.Certificate
|
|
|
|
// the function expects there to be only 1 certificate
|
|
|
|
func getServerCert(URL *url.URL) (*x509.Certificate, error) {
|
|
|
|
conf := &tls.Config{
|
2022-08-24 20:58:11 +00:00
|
|
|
InsecureSkipVerify: true, // nolint: gosec // Only skip verify to get the server's TLS cert. DO NOT skip for any other reason.
|
2022-08-09 14:31:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
conn, err := tls.Dial("tcp", URL.Host, conf)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
defer conn.Close()
|
|
|
|
|
|
|
|
certs := conn.ConnectionState().PeerCertificates
|
|
|
|
if len(certs) != 1 {
|
|
|
|
return nil, fmt.Errorf("expected 1 TLS certificate, received '%d'", len(certs))
|
|
|
|
}
|
|
|
|
|
|
|
|
return certs[0], nil
|
|
|
|
}
|