Reconciled duplicate cert funcs

This commit is contained in:
Samuel Hawksby-Robinson 2023-03-21 12:36:34 +00:00
parent 374898d7c2
commit 013c5addd6
6 changed files with 34 additions and 72 deletions

View File

@ -4,7 +4,6 @@ import (
"crypto/ecdsa" "crypto/ecdsa"
"crypto/elliptic" "crypto/elliptic"
"crypto/rand" "crypto/rand"
"crypto/sha256"
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"crypto/x509/pkix" "crypto/x509/pkix"
@ -22,17 +21,6 @@ func makeRandomSerialNumber() (*big.Int, error) {
return rand.Int(rand.Reader, serialNumberLimit) return rand.Int(rand.Reader, serialNumberLimit)
} }
// TODO duped in pairing
func makeSerialNumberFromKey(pk *ecdsa.PrivateKey) *big.Int {
h := sha256.New()
h.Write(append(pk.D.Bytes(), append(pk.Y.Bytes(), pk.X.Bytes()...)...))
return new(big.Int).SetBytes(h.Sum(nil))
}
// TODO duped in pairing
func GenerateX509Cert(sn *big.Int, from, to time.Time, hostname string) *x509.Certificate { func GenerateX509Cert(sn *big.Int, from, to time.Time, hostname string) *x509.Certificate {
c := &x509.Certificate{ c := &x509.Certificate{
SerialNumber: sn, SerialNumber: sn,
@ -55,8 +43,6 @@ func GenerateX509Cert(sn *big.Int, from, to time.Time, hostname string) *x509.Ce
return c return c
} }
// TODO duped in pairing
func GenerateX509PEMs(cert *x509.Certificate, key *ecdsa.PrivateKey) (certPem, keyPem []byte, err error) { func GenerateX509PEMs(cert *x509.Certificate, key *ecdsa.PrivateKey) (certPem, keyPem []byte, err error) {
derBytes, err := x509.CreateCertificate(rand.Reader, cert, cert, &key.PublicKey, key) derBytes, err := x509.CreateCertificate(rand.Reader, cert, cert, &key.PublicKey, key)
if err != nil { if err != nil {

View File

@ -25,10 +25,6 @@ func (s *CertsSuite) SetupSuite() {
s.SetupCertComponents(s.T()) s.SetupCertComponents(s.T())
} }
func (s *CertsSuite) Test_makeSerialNumberFromKey() {
s.Require().Zero(makeSerialNumberFromKey(s.PK).Cmp(s.SN))
}
func (s *CertsSuite) TestToECDSA() { func (s *CertsSuite) TestToECDSA() {
k := ToECDSA(base58.Decode(servertest.DB58)) k := ToECDSA(base58.Decode(servertest.DB58))
s.Require().NotNil(k.PublicKey.X) s.Require().NotNil(k.PublicKey.X)

View File

@ -2,27 +2,20 @@ package pairing
import ( import (
"crypto/ecdsa" "crypto/ecdsa"
"crypto/rand"
"crypto/sha256" "crypto/sha256"
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"crypto/x509/pkix"
"encoding/asn1" "encoding/asn1"
"encoding/pem" "encoding/pem"
"fmt" "fmt"
"math/big" "math/big"
"net"
"net/url" "net/url"
"time" "time"
"github.com/status-im/status-go/server"
"github.com/status-im/status-go/signal" "github.com/status-im/status-go/signal"
) )
// TODO Reconcile duplicate function here and in server/certs.go
// https://github.com/status-im/status-go/issues/3300
// TODO duped, but only used here
func makeSerialNumberFromKey(pk *ecdsa.PrivateKey) *big.Int { func makeSerialNumberFromKey(pk *ecdsa.PrivateKey) *big.Int {
h := sha256.New() h := sha256.New()
h.Write(append(pk.D.Bytes(), append(pk.Y.Bytes(), pk.X.Bytes()...)...)) h.Write(append(pk.D.Bytes(), append(pk.Y.Bytes(), pk.X.Bytes()...)...))
@ -30,51 +23,9 @@ func makeSerialNumberFromKey(pk *ecdsa.PrivateKey) *big.Int {
return new(big.Int).SetBytes(h.Sum(nil)) return new(big.Int).SetBytes(h.Sum(nil))
} }
// todo duped
func GenerateX509Cert(sn *big.Int, from, to time.Time, hostname string) *x509.Certificate {
c := &x509.Certificate{
SerialNumber: sn,
Subject: pkix.Name{Organization: []string{"Self-signed cert"}},
NotBefore: from,
NotAfter: to,
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
IsCA: true,
}
ip := net.ParseIP(hostname)
if ip != nil {
c.IPAddresses = []net.IP{ip}
} else {
c.DNSNames = []string{hostname}
}
return c
}
// todo duped
func GenerateX509PEMs(cert *x509.Certificate, key *ecdsa.PrivateKey) (certPem, keyPem []byte, err error) {
derBytes, err := x509.CreateCertificate(rand.Reader, cert, cert, &key.PublicKey, key)
if err != nil {
return
}
certPem = pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
privBytes, err := x509.MarshalPKCS8PrivateKey(key)
if err != nil {
return
}
keyPem = pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: privBytes})
return
}
func GenerateCertFromKey(pk *ecdsa.PrivateKey, from time.Time, hostname string) (tls.Certificate, []byte, error) { func GenerateCertFromKey(pk *ecdsa.PrivateKey, from time.Time, hostname string) (tls.Certificate, []byte, error) {
cert := GenerateX509Cert(makeSerialNumberFromKey(pk), from, from.Add(time.Hour), hostname) cert := server.GenerateX509Cert(makeSerialNumberFromKey(pk), from, from.Add(time.Hour), hostname)
certPem, keyPem, err := GenerateX509PEMs(cert, pk) certPem, keyPem, err := server.GenerateX509PEMs(cert, pk)
if err != nil { if err != nil {
return tls.Certificate{}, nil, err return tls.Certificate{}, nil, err
} }

View File

@ -0,0 +1,28 @@
package pairing
import (
"testing"
"github.com/stretchr/testify/suite"
"github.com/status-im/status-go/server/servertest"
)
func TestCerts(t *testing.T) {
suite.Run(t, new(CertsSuite))
}
type CertsSuite struct {
suite.Suite
servertest.TestKeyComponents
servertest.TestCertComponents
}
func (s *CertsSuite) SetupSuite() {
s.SetupKeyComponents(s.T())
s.SetupCertComponents(s.T())
}
func (s *CertsSuite) Test_makeSerialNumberFromKey() {
s.Require().Zero(makeSerialNumberFromKey(s.PK).Cmp(s.SN))
}

View File

@ -9,9 +9,10 @@ import (
"testing" "testing"
"time" "time"
"github.com/stretchr/testify/require"
"github.com/status-im/status-go/protocol/common" "github.com/status-im/status-go/protocol/common"
"github.com/status-im/status-go/server" "github.com/status-im/status-go/server"
"github.com/stretchr/testify/require"
) )
type TestPairingServerComponents struct { type TestPairingServerComponents struct {

View File

@ -79,7 +79,7 @@ func (s *Server) listenAndServe() {
s.StartTimeout(func() { s.StartTimeout(func() {
err := s.Stop() err := s.Stop()
if err != nil { if err != nil {
s.logger.Error("PairingServer termination fail", zap.Error(err)) s.logger.Error("server termination fail", zap.Error(err))
} }
}) })