Reconciled duplicate cert funcs
This commit is contained in:
Samuel Hawksby-Robinson
parent
374898d7c2
commit
013c5addd6
|
|
@ -4,7 +4,6 @@ import (
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
"crypto/elliptic"
|
"crypto/elliptic"
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"crypto/sha256"
|
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"crypto/x509/pkix"
|
"crypto/x509/pkix"
|
||||||
|
|
@ -22,17 +21,6 @@ func makeRandomSerialNumber() (*big.Int, error) {
|
||||||
return rand.Int(rand.Reader, serialNumberLimit)
|
return rand.Int(rand.Reader, serialNumberLimit)
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO duped in pairing
|
|
||||||
|
|
||||||
func makeSerialNumberFromKey(pk *ecdsa.PrivateKey) *big.Int {
|
|
||||||
h := sha256.New()
|
|
||||||
h.Write(append(pk.D.Bytes(), append(pk.Y.Bytes(), pk.X.Bytes()...)...))
|
|
||||||
|
|
||||||
return new(big.Int).SetBytes(h.Sum(nil))
|
|
||||||
}
|
|
||||||
|
|
||||||
// TODO duped in pairing
|
|
||||||
|
|
||||||
func GenerateX509Cert(sn *big.Int, from, to time.Time, hostname string) *x509.Certificate {
|
func GenerateX509Cert(sn *big.Int, from, to time.Time, hostname string) *x509.Certificate {
|
||||||
c := &x509.Certificate{
|
c := &x509.Certificate{
|
||||||
SerialNumber: sn,
|
SerialNumber: sn,
|
||||||
|
|
@ -55,8 +43,6 @@ func GenerateX509Cert(sn *big.Int, from, to time.Time, hostname string) *x509.Ce
|
||||||
return c
|
return c
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO duped in pairing
|
|
||||||
|
|
||||||
func GenerateX509PEMs(cert *x509.Certificate, key *ecdsa.PrivateKey) (certPem, keyPem []byte, err error) {
|
func GenerateX509PEMs(cert *x509.Certificate, key *ecdsa.PrivateKey) (certPem, keyPem []byte, err error) {
|
||||||
derBytes, err := x509.CreateCertificate(rand.Reader, cert, cert, &key.PublicKey, key)
|
derBytes, err := x509.CreateCertificate(rand.Reader, cert, cert, &key.PublicKey, key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
|
|
@ -25,10 +25,6 @@ func (s *CertsSuite) SetupSuite() {
|
||||||
s.SetupCertComponents(s.T())
|
s.SetupCertComponents(s.T())
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *CertsSuite) Test_makeSerialNumberFromKey() {
|
|
||||||
s.Require().Zero(makeSerialNumberFromKey(s.PK).Cmp(s.SN))
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *CertsSuite) TestToECDSA() {
|
func (s *CertsSuite) TestToECDSA() {
|
||||||
k := ToECDSA(base58.Decode(servertest.DB58))
|
k := ToECDSA(base58.Decode(servertest.DB58))
|
||||||
s.Require().NotNil(k.PublicKey.X)
|
s.Require().NotNil(k.PublicKey.X)
|
||||||
|
|
|
||||||
|
|
@ -2,27 +2,20 @@ package pairing
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
"crypto/rand"
|
|
||||||
"crypto/sha256"
|
"crypto/sha256"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"crypto/x509/pkix"
|
|
||||||
"encoding/asn1"
|
"encoding/asn1"
|
||||||
"encoding/pem"
|
"encoding/pem"
|
||||||
"fmt"
|
"fmt"
|
||||||
"math/big"
|
"math/big"
|
||||||
"net"
|
|
||||||
"net/url"
|
"net/url"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/status-im/status-go/server"
|
||||||
"github.com/status-im/status-go/signal"
|
"github.com/status-im/status-go/signal"
|
||||||
)
|
)
|
||||||
|
|
||||||
// TODO Reconcile duplicate function here and in server/certs.go
|
|
||||||
// https://github.com/status-im/status-go/issues/3300
|
|
||||||
|
|
||||||
// TODO duped, but only used here
|
|
||||||
|
|
||||||
func makeSerialNumberFromKey(pk *ecdsa.PrivateKey) *big.Int {
|
func makeSerialNumberFromKey(pk *ecdsa.PrivateKey) *big.Int {
|
||||||
h := sha256.New()
|
h := sha256.New()
|
||||||
h.Write(append(pk.D.Bytes(), append(pk.Y.Bytes(), pk.X.Bytes()...)...))
|
h.Write(append(pk.D.Bytes(), append(pk.Y.Bytes(), pk.X.Bytes()...)...))
|
||||||
|
|
@ -30,51 +23,9 @@ func makeSerialNumberFromKey(pk *ecdsa.PrivateKey) *big.Int {
|
||||||
return new(big.Int).SetBytes(h.Sum(nil))
|
return new(big.Int).SetBytes(h.Sum(nil))
|
||||||
}
|
}
|
||||||
|
|
||||||
// todo duped
|
|
||||||
|
|
||||||
func GenerateX509Cert(sn *big.Int, from, to time.Time, hostname string) *x509.Certificate {
|
|
||||||
c := &x509.Certificate{
|
|
||||||
SerialNumber: sn,
|
|
||||||
Subject: pkix.Name{Organization: []string{"Self-signed cert"}},
|
|
||||||
NotBefore: from,
|
|
||||||
NotAfter: to,
|
|
||||||
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
|
|
||||||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
|
|
||||||
BasicConstraintsValid: true,
|
|
||||||
IsCA: true,
|
|
||||||
}
|
|
||||||
|
|
||||||
ip := net.ParseIP(hostname)
|
|
||||||
if ip != nil {
|
|
||||||
c.IPAddresses = []net.IP{ip}
|
|
||||||
} else {
|
|
||||||
c.DNSNames = []string{hostname}
|
|
||||||
}
|
|
||||||
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
|
|
||||||
// todo duped
|
|
||||||
|
|
||||||
func GenerateX509PEMs(cert *x509.Certificate, key *ecdsa.PrivateKey) (certPem, keyPem []byte, err error) {
|
|
||||||
derBytes, err := x509.CreateCertificate(rand.Reader, cert, cert, &key.PublicKey, key)
|
|
||||||
if err != nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
certPem = pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
|
|
||||||
|
|
||||||
privBytes, err := x509.MarshalPKCS8PrivateKey(key)
|
|
||||||
if err != nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
keyPem = pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: privBytes})
|
|
||||||
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
func GenerateCertFromKey(pk *ecdsa.PrivateKey, from time.Time, hostname string) (tls.Certificate, []byte, error) {
|
func GenerateCertFromKey(pk *ecdsa.PrivateKey, from time.Time, hostname string) (tls.Certificate, []byte, error) {
|
||||||
cert := GenerateX509Cert(makeSerialNumberFromKey(pk), from, from.Add(time.Hour), hostname)
|
cert := server.GenerateX509Cert(makeSerialNumberFromKey(pk), from, from.Add(time.Hour), hostname)
|
||||||
certPem, keyPem, err := GenerateX509PEMs(cert, pk)
|
certPem, keyPem, err := server.GenerateX509PEMs(cert, pk)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return tls.Certificate{}, nil, err
|
return tls.Certificate{}, nil, err
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,28 @@
|
||||||
|
package pairing
|
||||||
|
|
||||||
|
import (
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/suite"
|
||||||
|
|
||||||
|
"github.com/status-im/status-go/server/servertest"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestCerts(t *testing.T) {
|
||||||
|
suite.Run(t, new(CertsSuite))
|
||||||
|
}
|
||||||
|
|
||||||
|
type CertsSuite struct {
|
||||||
|
suite.Suite
|
||||||
|
servertest.TestKeyComponents
|
||||||
|
servertest.TestCertComponents
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *CertsSuite) SetupSuite() {
|
||||||
|
s.SetupKeyComponents(s.T())
|
||||||
|
s.SetupCertComponents(s.T())
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *CertsSuite) Test_makeSerialNumberFromKey() {
|
||||||
|
s.Require().Zero(makeSerialNumberFromKey(s.PK).Cmp(s.SN))
|
||||||
|
}
|
||||||
|
|
@ -9,9 +9,10 @@ import (
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
|
|
||||||
"github.com/status-im/status-go/protocol/common"
|
"github.com/status-im/status-go/protocol/common"
|
||||||
"github.com/status-im/status-go/server"
|
"github.com/status-im/status-go/server"
|
||||||
"github.com/stretchr/testify/require"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type TestPairingServerComponents struct {
|
type TestPairingServerComponents struct {
|
||||||
|
|
|
||||||
|
|
@ -79,7 +79,7 @@ func (s *Server) listenAndServe() {
|
||||||
s.StartTimeout(func() {
|
s.StartTimeout(func() {
|
||||||
err := s.Stop()
|
err := s.Stop()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
s.logger.Error("PairingServer termination fail", zap.Error(err))
|
s.logger.Error("server termination fail", zap.Error(err))
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue