rootCA.go 2.56 KB
Newer Older
1
package authority
Caro Axel's avatar
Caro Axel committed
2 3 4 5 6 7 8 9 10 11

import (
	"crypto/rsa"
	"crypto/x509"
	"dfss/auth"
	"io/ioutil"
	"path/filepath"
)

const (
12
	// PkeyFileName is the private key file default name
13
	PkeyFileName = "dfssp_pkey.pem"
14
	// RootCAFileName is the root certificate file default name
15
	RootCAFileName = "dfssp_rootCA.pem"
Caro Axel's avatar
Caro Axel committed
16 17
)

18
// PlatformID contains platform private key and root certificate
Caro Axel's avatar
Caro Axel committed
19
type PlatformID struct {
20 21
	Pkey   *rsa.PrivateKey
	RootCA *x509.Certificate
Caro Axel's avatar
Caro Axel committed
22 23
}

Loïck Bonniot's avatar
Loïck Bonniot committed
24
// GenerateRootCA constructs a self-signed certificate, using a unique serial number randomly generated
Caro Axel's avatar
Caro Axel committed
25
func GenerateRootCA(days int, country, organization, unit, cn string, key *rsa.PrivateKey) ([]byte, error) {
Loïck Bonniot's avatar
Loïck Bonniot committed
26
	serial := auth.GenerateUID()
Caro Axel's avatar
Caro Axel committed
27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74

	cert, err := auth.GetSelfSignedCertificate(days, serial, country, organization, unit, cn, key)

	if err != nil {
		return nil, err
	}

	return cert, nil
}

// Initialize creates and saves the platform's private key and root certificate to a PEM format.
//
// The files are saved at the specified path.
func Initialize(bits, days int, country, organization, unit, cn, path string) error {
	// Generating the private key.
	key, err := auth.GeneratePrivateKey(bits)

	if err != nil {
		return err
	}

	// Generating the root certificate, using the private key.
	cert, err := GenerateRootCA(days, country, organization, unit, cn, key)

	if err != nil {
		return err
	}

	// Converting the private key to a PEM format, and saving it.
	keyPem := auth.PrivateKeyToPEM(key)
	keyPath := filepath.Join(path, PkeyFileName)
	err = ioutil.WriteFile(keyPath, keyPem, 0600)

	if err != nil {
		return err
	}

	// Saving the root certificate.
	certPath := filepath.Join(path, RootCAFileName)
	err = ioutil.WriteFile(certPath, cert, 0600)

	if err != nil {
		return err
	}

	return nil
}

75
// Start fetches the platform's private rsa key and root certificate, and create a PlatformID accordingly.
Caro Axel's avatar
Caro Axel committed
76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110
//
// The specified path should not end by a separator.
//
// The files are fetched using their default name.
func Start(path string) (*PlatformID, error) {
	keyPath := filepath.Join(path, PkeyFileName)
	certPath := filepath.Join(path, RootCAFileName)

	// Recovering the private rsa key from file.
	keyBytes, err := ioutil.ReadFile(keyPath)

	if err != nil {
		return nil, err
	}

	key, err := auth.PEMToPrivateKey(keyBytes)

	if err != nil {
		return nil, err
	}

	// Recovering the root certificate from file.
	certBytes, err := ioutil.ReadFile(certPath)

	if err != nil {
		return nil, err
	}

	cert, err := auth.PEMToCertificate(certBytes)

	if err != nil {
		return nil, err
	}

	res := &PlatformID{
111 112 113
		Pkey:   key,
		RootCA: cert,
	}
Caro Axel's avatar
Caro Axel committed
114 115 116

	return res, nil
}