Skip to content

Commit

Permalink
x509 interface added
Browse files Browse the repository at this point in the history
  • Loading branch information
@zLukas
zLukas committed Sep 24, 2023
1 parent ab4f339 commit b56a625
Show file tree
Hide file tree
Showing 5 changed files with 100 additions and 42 deletions.
21 changes: 4 additions & 17 deletions src/cert-generator/pkg/tls/pem.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,23 +5,10 @@ import (
"fmt"
)

type Block struct{
Bytes []byte
}

type IPem interface {
Decode(data []byte) (*Block, []byte)
}


type Ix509 interface {

}

func PemToX509(input []byte, p IPem) (*x509.Certificate, error) {
func PemToX509(input []byte, p IPem, x Ix509) (*x509.Certificate, error) {
block, _ := p.Decode(input)
if block == nil {
return nil, fmt.Errorf("failed to parse certificate PEM")
}
return x509.ParseCertificate(block.Bytes)
}
}
return x.ParseCertificate(block.Bytes)
}
23 changes: 21 additions & 2 deletions src/cert-generator/pkg/tls/types.go
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
package tls

import "math/big"
import (
"crypto/x509"
"encoding/pem"
"io"
"math/big"
)

type CACert struct {
Serial *big.Int `yaml:"serial"`
Expand All @@ -23,4 +28,18 @@ type CertSubject struct {
PostalCode string `yaml:"postalCode"`
SerialNumber string `yaml:"serialNumber"`
CommonName string `yaml:"commonName"`
}
}

type Block struct {
Bytes []byte
}

type IPem interface {
Decode(data []byte) (*Block, []byte)
Encode(out io.Writer, b *pem.Block) error
}

type Ix509 interface {
ParseCertificate(der []byte) (*x509.Certificate, error)
CreateCertificate(rand io.Reader, template *x509.Certificate, parent *x509.Certificate, pub any, priv any) ([]byte, error)
}
20 changes: 10 additions & 10 deletions src/cert-generator/pkg/tls/x509.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ func WriteKeyCertFile(Key []byte, Cert []byte, filePath string) error {
return nil
}

func CreateCACert(ca *CACert) ([]byte, []byte, error) {
func CreateCACert(ca *CACert, p IPem, x Ix509) ([]byte, []byte, error) {
template := &x509.Certificate{
SerialNumber: ca.Serial,
Subject: pkix.Name{
Expand All @@ -43,15 +43,15 @@ func CreateCACert(ca *CACert) ([]byte, []byte, error) {
BasicConstraintsValid: true,
}

keyBytes, certBytes, err := createCert(template, nil, nil)
keyBytes, certBytes, err := createCert(template, nil, nil, p, x)
if err != nil {
return nil, nil, err
}

return keyBytes, certBytes, nil
}

func CreateCert(cert *Cert, caKey []byte, caCert []byte, p IPem) ([]byte, []byte, error) {
func CreateCert(cert *Cert, caKey []byte, caCert []byte, p IPem, x Ix509) ([]byte, []byte, error) {
template := &x509.Certificate{
SerialNumber: cert.Serial,
Subject: pkix.Name{
Expand All @@ -75,19 +75,19 @@ func CreateCert(cert *Cert, caKey []byte, caCert []byte, p IPem) ([]byte, []byte
if err != nil {
return nil, nil, err
}
caCertParsed, err := PemToX509(caCert, p)
caCertParsed, err := PemToX509(caCert, p, x)
if err != nil {
return nil, nil, err
}

keyBytes, certBytes, err := createCert(template, caKeyParsed, caCertParsed)
keyBytes, certBytes, err := createCert(template, caKeyParsed, caCertParsed, p, x)
if err != nil {
return nil, nil, err
}
return keyBytes, certBytes, nil
}

func createCert(template *x509.Certificate, caKey *rsa.PrivateKey, caCert *x509.Certificate) ([]byte, []byte, error) {
func createCert(template *x509.Certificate, caKey *rsa.PrivateKey, caCert *x509.Certificate, p IPem, x Ix509) ([]byte, []byte, error) {
var (
derBytes []byte
certOut bytes.Buffer
Expand All @@ -99,21 +99,21 @@ func createCert(template *x509.Certificate, caKey *rsa.PrivateKey, caCert *x509.
return nil, nil, err
}
if template.IsCA {
derBytes, err = x509.CreateCertificate(rand.Reader, template, template, &privateKey.PublicKey, privateKey)
derBytes, err = x.CreateCertificate(rand.Reader, template, template, &privateKey.PublicKey, privateKey)
if err != nil {
return nil, nil, err
}
} else {
derBytes, err = x509.CreateCertificate(rand.Reader, template, caCert, &privateKey.PublicKey, caKey)
derBytes, err = x.CreateCertificate(rand.Reader, template, caCert, &privateKey.PublicKey, caKey)
if err != nil {
return nil, nil, err
}
}

if err = pem.Encode(&certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}); err != nil {
if err = p.Encode(&certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}); err != nil {
return nil, nil, err
}
if err = pem.Encode(&keyOut, key.RSAPrivateKeyToPEM(privateKey)); err != nil {
if err = p.Encode(&keyOut, key.RSAPrivateKeyToPEM(privateKey)); err != nil {
return nil, nil, err
}

Expand Down
29 changes: 16 additions & 13 deletions src/cert-generator/tests/pkg/tls/pem_test.go
View file
Original file line number Diff line number Diff line change
@@ -1,27 +1,30 @@
package test
package tests

import (
"testing"

"github.com/zLukas/CloudTools/src/cert-generator/pkg/tls"
)

type mockPemOK struct {}
type mockPemFail struct {}

func (m *mockPemOK) Decode(input []byte) (*tls.Block, []byte){
b := tls.Block{Bytes: []byte{0xAA, 0xC5, 0xAB}}
return &b, nil
}
func TestPemToX509_ok(t *testing.T) {
pemMock := mockPemOK{}
x509Mock := mockX509OK{}
var false_bytes = []byte{0xAA, 0xC5, 0xAB}
results, err := tls.PemToX509(false_bytes, &pemMock, &x509Mock)
if err != nil {
t.Errorf("err expected to be nil, got %s ", err)
}
if results == nil {
t.Errorf("results var execept to be %v, got nil ", tls.Block{Bytes: false_bytes})
}

func (m *mockPemFail) Decode(input []byte) (*tls.Block, []byte){
return nil, nil
}


func TestPemToX509_fail(t *testing.T) {
var pemMock = mockPemOK{}
pemMock := mockPemFail{}
x509Mock := mockX509Fail{}
var false_bytes = []byte{0xAA, 0xC5, 0xAB}
results, err := tls.PemToX509(false_bytes, &pemMock)
results, err := tls.PemToX509(false_bytes, &pemMock, &x509Mock)
if results != nil {
t.Errorf("results var execept to be nil, got %v ", results)
}
Expand Down
49 changes: 49 additions & 0 deletions src/cert-generator/tests/pkg/tls/types.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
package tests

import (
"crypto/x509"
"encoding/pem"
"fmt"
"io"

"github.com/zLukas/CloudTools/src/cert-generator/pkg/tls"
)

type mockPemOK struct{}
type mockPemFail struct{}
type mockX509OK struct{}
type mockX509Fail struct{}

func (m *mockPemOK) Decode(input []byte) (*tls.Block, []byte) {
b := tls.Block{Bytes: input}
return &b, nil
}
func (m *mockPemOK) Encode(out io.Writer, b *pem.Block) error {
return nil
}

func (m *mockPemFail) Decode(input []byte) (*tls.Block, []byte) {
return nil, nil
}

func (m *mockPemFail) Encode(out io.Writer, b *pem.Block) error {
return fmt.Errorf("cannot encode buffer")
}

func (m *mockX509OK) CreateCertificate(rand io.Reader, template *x509.Certificate, parent *x509.Certificate, pub any, priv any) ([]byte, error) {
b := []byte{0x56, 0xAA, 0x21}
return b, nil
}

func (m *mockX509Fail) CreateCertificate(rand io.Reader, template *x509.Certificate, parent *x509.Certificate, pub any, priv any) ([]byte, error) {
b := []byte{0x56, 0xAA, 0x21}
return b, nil
}

func (m *mockX509OK) ParseCertificate(der []byte) (*x509.Certificate, error) {
return &x509.Certificate{}, nil
}

func (m *mockX509Fail) ParseCertificate(der []byte) (*x509.Certificate, error) {
return nil, fmt.Errorf("x509: malformed certificate")
}

0 comments on commit b56a625

Please sign in to comment.