Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
D
dfss
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
7
Issues
7
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
mpcs
dfss
Commits
c5015c9d
Commit
c5015c9d
authored
Jan 19, 2016
by
Caro Axel
Committed by
Loïck Bonniot
Jan 22, 2016
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
US-176: Implementation
parent
7f0be09a
Pipeline
#151
passed with stage
Changes
6
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
298 additions
and
8 deletions
+298
-8
auth/cert.go
auth/cert.go
+6
-6
auth/cert_test.go
auth/cert_test.go
+1
-1
build/deps.sh
build/deps.sh
+3
-0
dfssp/autority/rootCA.go
dfssp/autority/rootCA.go
+131
-0
dfssp/autority/rootCA_test.go
dfssp/autority/rootCA_test.go
+123
-0
dfssp/main.go
dfssp/main.go
+34
-1
No files found.
auth/cert.go
View file @
c5015c9d
...
...
@@ -44,13 +44,13 @@ func PEMToCertificateRequest(data []byte) (*x509.CertificateRequest, error) {
// GetCertificate builds a certificate from a certificate request and an authoritative certificate (CA), as a PEM-encoded array of bytes.
// This function assumes that the identity of the signee is valid.
//
// The serial has to be unique.
// The serial has to be unique
and positive
.
//
// The generated certificate can safely be distributed to unknown actors.
func
GetCertificate
(
days
int
,
serial
int64
,
req
*
x509
.
CertificateRequest
,
parent
*
x509
.
Certificate
,
key
*
rsa
.
PrivateKey
)
([]
byte
,
error
)
{
func
GetCertificate
(
days
int
,
serial
u
int64
,
req
*
x509
.
CertificateRequest
,
parent
*
x509
.
Certificate
,
key
*
rsa
.
PrivateKey
)
([]
byte
,
error
)
{
template
:=
&
x509
.
Certificate
{
SerialNumber
:
big
.
NewInt
(
serial
),
SerialNumber
:
new
(
big
.
Int
)
.
SetUint64
(
serial
),
Subject
:
req
.
Subject
,
NotBefore
:
time
.
Now
(),
NotAfter
:
time
.
Now
()
.
AddDate
(
0
,
0
,
days
),
...
...
@@ -71,13 +71,13 @@ func GetCertificate(days int, serial int64, req *x509.CertificateRequest, parent
// GetSelfSignedCertificate builds a CA certificate from a private key, as a PEM-encoded array of bytes.
//
// The serial has to be unique.
// The serial has to be unique
and positive
.
//
// The generated certificate should be distributed to any other actor in the network under this CA.
func
GetSelfSignedCertificate
(
days
int
,
serial
int64
,
country
,
organization
,
unit
,
cn
string
,
key
*
rsa
.
PrivateKey
)
([]
byte
,
error
)
{
func
GetSelfSignedCertificate
(
days
int
,
serial
u
int64
,
country
,
organization
,
unit
,
cn
string
,
key
*
rsa
.
PrivateKey
)
([]
byte
,
error
)
{
template
:=
&
x509
.
Certificate
{
SerialNumber
:
big
.
NewInt
(
serial
),
SerialNumber
:
new
(
big
.
Int
)
.
SetUint64
(
serial
),
Subject
:
pkix
.
Name
{
Country
:
[]
string
{
country
},
Organization
:
[]
string
{
organization
},
...
...
auth/cert_test.go
View file @
c5015c9d
...
...
@@ -147,7 +147,7 @@ func ExampleGetCertificate() {
signerKey
,
_
:=
PEMToPrivateKey
([]
byte
(
keyFixture
))
// Generate the certificate for 365 days with a serial of 0x10 (16)
cert
,
err
:=
GetCertificate
(
365
,
int64
(
0x10
),
certificateRequest
,
signerCertificate
,
signerKey
)
cert
,
err
:=
GetCertificate
(
365
,
u
int64
(
0x10
),
certificateRequest
,
signerCertificate
,
signerKey
)
if
cert
==
nil
||
err
!=
nil
{
fmt
.
Println
(
err
)
...
...
build/deps.sh
View file @
c5015c9d
...
...
@@ -5,3 +5,6 @@ go get gopkg.in/mgo.v2
# grpc
go get google.golang.org/grpc
# uuid
go get github.com/pborman/uuid
\ No newline at end of file
dfssp/autority/rootCA.go
0 → 100644
View file @
c5015c9d
package
autority
import
(
"crypto/rsa"
"crypto/x509"
"dfss/auth"
"github.com/pborman/uuid"
"io/ioutil"
"math/big"
"os/user"
"path/filepath"
)
const
(
PkeyFileName
=
"dffsp_pkey.pem"
RootCAFileName
=
"dffsp_rootCA.pem"
)
type
PlatformID
struct
{
pkey
*
rsa
.
PrivateKey
rootCA
*
x509
.
Certificate
}
// GetHomeDir determines the home directory of the current user.
func
GetHomeDir
()
string
{
usr
,
err
:=
user
.
Current
()
if
err
!=
nil
{
panic
(
err
)
}
return
usr
.
HomeDir
}
// GenerateRootCA constructs a self-signed certificate, using a unique serial number randomly generated (see UUID)
func
GenerateRootCA
(
days
int
,
country
,
organization
,
unit
,
cn
string
,
key
*
rsa
.
PrivateKey
)
([]
byte
,
error
)
{
// Generating and converting the uuid to fit our needs: an 8 bytes integer.
uuid
:=
uuid
.
NewRandom
()
var
slice
[]
byte
slice
=
uuid
[
:
8
]
// TODO: improve this conversion method/need
serial
:=
new
(
big
.
Int
)
.
SetBytes
(
slice
)
.
Uint64
()
cert
,
err
:=
auth
.
GetSelfSignedCertificate
(
days
,
serial
,
country
,
organization
,
unit
,
cn
,
key
)
if
err
!=
nil
{
return
nil
,
err
}
return
cert
,
nil
}
// Initialize creates and saves the platform's private key and root certificate to a PEM format.
//
// The files are saved at the specified path.
func
Initialize
(
bits
,
days
int
,
country
,
organization
,
unit
,
cn
,
path
string
)
error
{
// Generating the private key.
key
,
err
:=
auth
.
GeneratePrivateKey
(
bits
)
if
err
!=
nil
{
return
err
}
// Generating the root certificate, using the private key.
cert
,
err
:=
GenerateRootCA
(
days
,
country
,
organization
,
unit
,
cn
,
key
)
if
err
!=
nil
{
return
err
}
// Converting the private key to a PEM format, and saving it.
keyPem
:=
auth
.
PrivateKeyToPEM
(
key
)
keyPath
:=
filepath
.
Join
(
path
,
PkeyFileName
)
err
=
ioutil
.
WriteFile
(
keyPath
,
keyPem
,
0600
)
if
err
!=
nil
{
return
err
}
// Saving the root certificate.
certPath
:=
filepath
.
Join
(
path
,
RootCAFileName
)
err
=
ioutil
.
WriteFile
(
certPath
,
cert
,
0600
)
if
err
!=
nil
{
return
err
}
return
nil
}
// Fetch the platform's private rsa key and root certificate, and create a PlatformID accordingly.
//
// The specified path should not end by a separator.
//
// The files are fetched using their default name.
func
Start
(
path
string
)
(
*
PlatformID
,
error
)
{
keyPath
:=
filepath
.
Join
(
path
,
PkeyFileName
)
certPath
:=
filepath
.
Join
(
path
,
RootCAFileName
)
// Recovering the private rsa key from file.
keyBytes
,
err
:=
ioutil
.
ReadFile
(
keyPath
)
if
err
!=
nil
{
return
nil
,
err
}
key
,
err
:=
auth
.
PEMToPrivateKey
(
keyBytes
)
if
err
!=
nil
{
return
nil
,
err
}
// Recovering the root certificate from file.
certBytes
,
err
:=
ioutil
.
ReadFile
(
certPath
)
if
err
!=
nil
{
return
nil
,
err
}
cert
,
err
:=
auth
.
PEMToCertificate
(
certBytes
)
if
err
!=
nil
{
return
nil
,
err
}
res
:=
&
PlatformID
{
pkey
:
key
,
rootCA
:
cert
}
return
res
,
nil
}
dfssp/autority/rootCA_test.go
0 → 100644
View file @
c5015c9d
package
autority
import
(
"crypto/rsa"
"dfss/auth"
"fmt"
"os"
"path/filepath"
"testing"
)
var
pkey
*
rsa
.
PrivateKey
func
TestMain
(
m
*
testing
.
M
)
{
pkey
,
_
=
auth
.
GeneratePrivateKey
(
512
)
os
.
Exit
(
m
.
Run
())
}
func
TestGetHomeDir
(
t
*
testing
.
T
)
{
res
:=
GetHomeDir
()
if
res
==
""
{
t
.
Fatal
(
"Result is empty"
)
}
}
func
TestGenerateRootCA
(
t
*
testing
.
T
)
{
res
,
err
:=
GenerateRootCA
(
365
,
"country"
,
"organization"
,
"unit"
,
"cn"
,
pkey
)
if
res
==
nil
||
err
!=
nil
{
t
.
Fatal
(
err
)
}
if
res
[
0
]
!=
'-'
{
t
.
Fatalf
(
"Bad format
\n
%s"
,
res
)
}
}
func
TestInitialize
(
t
*
testing
.
T
)
{
path
:=
os
.
TempDir
()
keyPath
:=
filepath
.
Join
(
path
,
PkeyFileName
)
certPath
:=
filepath
.
Join
(
path
,
RootCAFileName
)
err
:=
Initialize
(
1024
,
365
,
"country"
,
"organization"
,
"unit"
,
"cn"
,
path
)
if
err
!=
nil
{
t
.
Fatal
(
err
)
}
if
_
,
err
=
os
.
Stat
(
keyPath
);
os
.
IsNotExist
(
err
)
{
t
.
Fatal
(
"Private key file couldn't be found"
)
}
else
{
os
.
Remove
(
keyPath
)
}
if
_
,
err
=
os
.
Stat
(
certPath
);
os
.
IsNotExist
(
err
)
{
t
.
Fatal
(
"Root certificate file couldn't be found"
)
}
else
{
os
.
Remove
(
certPath
)
}
}
func
ExampleInitialize
()
{
path
:=
os
.
TempDir
()
keyPath
:=
filepath
.
Join
(
path
,
PkeyFileName
)
certPath
:=
filepath
.
Join
(
path
,
RootCAFileName
)
err
:=
Initialize
(
1024
,
365
,
"country"
,
"organization"
,
"unit"
,
"cn"
,
path
)
if
err
!=
nil
{
fmt
.
Println
(
err
)
}
if
_
,
err
=
os
.
Stat
(
keyPath
);
os
.
IsNotExist
(
err
)
{
fmt
.
Println
(
"Private key file couldn't be found"
)
}
else
{
fmt
.
Println
(
"Private key file has been found"
)
err2
:=
os
.
Remove
(
keyPath
)
if
err2
!=
nil
{
fmt
.
Println
(
err2
)
}
else
{
fmt
.
Println
(
"Private key file has been deleted"
)
}
}
if
_
,
err
=
os
.
Stat
(
certPath
);
os
.
IsNotExist
(
err
)
{
fmt
.
Println
(
"Certificate file couldn't be found"
)
}
else
{
fmt
.
Println
(
"Certificate file has been found"
)
err2
:=
os
.
Remove
(
certPath
)
if
err2
!=
nil
{
fmt
.
Println
(
err2
)
}
else
{
fmt
.
Println
(
"Certificate file has been deleted"
)
}
}
// Output:
// Private key file has been found
// Private key file has been deleted
// Certificate file has been found
// Certificate file has been deleted
}
func
TestStart
(
t
*
testing
.
T
)
{
path
:=
os
.
TempDir
()
keyPath
:=
filepath
.
Join
(
path
,
PkeyFileName
)
certPath
:=
filepath
.
Join
(
path
,
RootCAFileName
)
_
=
Initialize
(
1024
,
365
,
"country"
,
"organization"
,
"unit"
,
"cn"
,
path
)
pid
,
err
:=
Start
(
path
)
if
err
!=
nil
{
t
.
Fatal
(
err
)
}
if
pid
==
nil
||
pid
.
pkey
==
nil
||
pid
.
rootCA
==
nil
{
t
.
Fatal
(
"Data was not recovered from saved files"
)
}
os
.
Remove
(
keyPath
)
os
.
Remove
(
certPath
)
}
dfssp/main.go
View file @
c5015c9d
...
...
@@ -2,19 +2,32 @@ package main
import
(
"dfss"
"dfss/dfssp/autority"
"flag"
"fmt"
"runtime"
)
var
(
verbose
bool
verbose
bool
path
,
country
,
org
,
unit
,
cn
string
keySize
,
validity
int
pid
*
autority
.
PlatformID
)
func
init
()
{
flag
.
BoolVar
(
&
verbose
,
"v"
,
false
,
"Print verbose messages"
)
flag
.
StringVar
(
&
path
,
"path"
,
autority
.
GetHomeDir
(),
"Path for the platform's private key and root certificate"
)
flag
.
StringVar
(
&
country
,
"country"
,
"France"
,
"Country for the root certificate"
)
flag
.
StringVar
(
&
org
,
"org"
,
"DFSS"
,
"Organization for the root certificate"
)
flag
.
StringVar
(
&
unit
,
"unit"
,
"INSA Rennes"
,
"Organizational unit for the root certificate"
)
flag
.
StringVar
(
&
cn
,
"cn"
,
"dfssp"
,
"Common name for the root certificate"
)
flag
.
IntVar
(
&
keySize
,
"keySize"
,
512
,
"Encoding size for the private key"
)
flag
.
IntVar
(
&
validity
,
"validity"
,
21
,
"Root certificate's validity duration (days)"
)
flag
.
Usage
=
func
()
{
fmt
.
Println
(
"DFSS platform v"
+
dfss
.
Version
)
fmt
.
Println
(
"Users and contracts manager"
)
...
...
@@ -23,6 +36,10 @@ func init() {
fmt
.
Println
(
" dfssp command [flags]"
)
fmt
.
Println
(
"
\n
The commands are:"
)
fmt
.
Println
(
" init [cn, country, keySize, org, path, unit, validity]"
)
fmt
.
Println
(
" create and save the platform's private key and root certificate"
)
fmt
.
Println
(
" start [path]"
)
fmt
.
Println
(
" start the platform after loading its private key and root certificate"
)
fmt
.
Println
(
" help print this help"
)
fmt
.
Println
(
" version print dfss client version"
)
...
...
@@ -40,6 +57,22 @@ func main() {
switch
command
{
case
"version"
:
fmt
.
Println
(
"v"
+
dfss
.
Version
,
runtime
.
GOOS
,
runtime
.
GOARCH
)
case
"init"
:
err
:=
autority
.
Initialize
(
keySize
,
validity
,
country
,
org
,
unit
,
cn
,
path
)
if
err
!=
nil
{
fmt
.
Println
(
"An error occured during the initialization operation"
)
fmt
.
Println
(
err
)
panic
(
err
)
}
case
"start"
:
pid
,
err
:=
autority
.
Start
(
path
)
if
err
!=
nil
{
fmt
.
Println
(
"An error occured during the start operation"
)
fmt
.
Println
(
err
)
panic
(
err
)
}
// TODO: use pid
_
=
pid
default
:
flag
.
Usage
()
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment