Refactor code structure

Move X.509 and Openpgp operations into custom packages. Implement more robust input reading. Do not convert []byte to string unnecessarily. Finish implementation of X.509 CRL creation.
2021-01-05 19:59:43 +01:00 · 2021-01-05 19:59:43 +01:00 · 9f0916b14a
commit 9f0916b14a
parent 2de9771472
9 changed files with 715 additions and 493 deletions
--- a/signer/protocol_elements.go
+++ b/signer/protocol_elements.go
@ -1,9 +1,14 @@
 package signer

 import (
+	"crypto"
 	"crypto/x509"
+	"fmt"
+	"path"

 	"git.cacert.org/cacert-gosigner/shared"
+	"git.cacert.org/cacert-gosigner/signer/openpgp_ops"
+	"git.cacert.org/cacert-gosigner/signer/x509_ops"
 )

 const (
@ -36,13 +41,13 @@ const (
 )

 const (
-	X509MDDefault   shared.MessageDigestAlgorithmId = 0
-	X509MDMd5       shared.MessageDigestAlgorithmId = 1
-	X509MDSha1      shared.MessageDigestAlgorithmId = 2
-	X509MDRipeMD160 shared.MessageDigestAlgorithmId = 3
-	X509MDSha256    shared.MessageDigestAlgorithmId = 8
-	X509MDSha384    shared.MessageDigestAlgorithmId = 9
-	X509MDSha512    shared.MessageDigestAlgorithmId = 10
+	X509MDDefault shared.MessageDigestAlgorithmId = 0
+	X509MDMd5     shared.MessageDigestAlgorithmId = 1
+	X509MDSha1    shared.MessageDigestAlgorithmId = 2
+	// X509MDRipeMD160 shared.MessageDigestAlgorithmId = 3  x509 package does not support RIPEMD160
+	X509MDSha256 shared.MessageDigestAlgorithmId = 8
+	X509MDSha384 shared.MessageDigestAlgorithmId = 9
+	X509MDSha512 shared.MessageDigestAlgorithmId = 10
 )

 const (
@ -58,74 +63,67 @@ const (
 )

 func NewCommandProcessor() *CommandProcessor {
-	cryptoSystems := make(map[shared.CryptoSystemId]*CryptoSystem)
-	cryptoSystems[CsX509] = &CryptoSystem{
-		Name: "X.509",
-		Roots: map[shared.CryptoSystemRootId]*RootCredentials{
-			X509RootDefault: {
-				Name:            "openssl",
-				PrivateKeyFile:  "/srv/ca/CA/private/ca.key.pem",
-				CertificateFile: "/srv/ca/CA/ca.crt.pem",
-				DatabaseFile:    "/srv/ca/CA/index.txt",
-				CRLNumber:       "/srv/ca/CA/crlnumber",
+	settings := NewCommandProcessorSettings()
+
+	cryptoSystems := map[shared.CryptoSystemId]*CryptoSystem{
+		CsX509: {
+			Name: "X.509",
+			Roots: map[shared.CryptoSystemRootId]interface{}{
+				X509RootDefault: x509_ops.NewRoot(settings.CABaseDir, "openssl", "CA", X509RootDefault),
+				X509RootClass3:  x509_ops.NewRoot(settings.CABaseDir, "class3", "class3", X509RootClass3),
+				X509RootClass3s: &x509_ops.Root{Name: "class3s"},
+				X509Root3:       &x509_ops.Root{Name: "root3"},
+				X509Root4:       &x509_ops.Root{Name: "root4"},
+				X509Root5:       &x509_ops.Root{Name: "root5"},
 			},
-			X509RootClass3: {
-				Name:            "class3",
-				PrivateKeyFile:  "/srv/ca/class3/private/ca.key.pem",
-				CertificateFile: "/srv/ca/class3/ca.crt.pem",
-				DatabaseFile:    "/srv/ca/class3/index.txt",
-				CRLNumber:       "/srv/ca/class3/crlnumber",
+			Profiles: map[shared.CertificateProfileId]interface{}{
+				X509ProfileClient:         &x509_ops.Profile{Name: "client"},
+				X509ProfileClientOrg:      &x509_ops.Profile{Name: "client-org"},
+				X509ProfileClientCodesign: &x509_ops.Profile{Name: "client-codesign"},
+				X509ProfileClientMachine:  &x509_ops.Profile{Name: "client-machine"},
+				X509ProfileClientAds:      &x509_ops.Profile{Name: "client-ads"},
+				X509ProfileServer:         &x509_ops.Profile{Name: "server"},
+				X509ProfileServerOrg:      &x509_ops.Profile{Name: "server-org"},
+				X509ProfileServerJabber:   &x509_ops.Profile{Name: "server-jabber"},
+				X509ProfileOCSP:           &x509_ops.Profile{Name: "ocsp"},
+				X509ProfileTimestamp:      &x509_ops.Profile{Name: "timestamp"},
+				X509ProfileProxy:          &x509_ops.Profile{Name: "proxy"},
+				X509ProfileSubCA:          &x509_ops.Profile{Name: "subca"},
+			},
+			// constants for openssl invocations. Should be replaced with
+			// something more useful
+			DigestAlgorithms: map[shared.MessageDigestAlgorithmId]interface{}{
+				X509MDDefault: x509.SHA256WithRSA,
+				X509MDMd5:     x509.MD5WithRSA,
+				X509MDSha1:    x509.SHA1WithRSA,
+				X509MDSha256:  x509.SHA256WithRSA,
+				X509MDSha384:  x509.SHA384WithRSA,
+				X509MDSha512:  x509.SHA512WithRSA,
 			},
-			X509RootClass3s: {Name: "class3s"},
-			X509Root3:       {Name: "root3"},
-			X509Root4:       {Name: "root4"},
-			X509Root5:       {Name: "root5"},
 		},
-		Profiles: map[shared.CertificateProfileId]string{
-			X509ProfileClient:         "client",
-			X509ProfileClientOrg:      "client-org",
-			X509ProfileClientCodesign: "client-codesign",
-			X509ProfileClientMachine:  "client-machine",
-			X509ProfileClientAds:      "client-ads",
-			X509ProfileServer:         "server",
-			X509ProfileServerOrg:      "server-org",
-			X509ProfileServerJabber:   "server-jabber",
-			X509ProfileOCSP:           "ocsp",
-			X509ProfileTimestamp:      "timestamp",
-			X509ProfileProxy:          "proxy",
-			X509ProfileSubCA:          "subca",
-		},
-		// constants for openssl invocations. Should be replaced with
-		// something more useful
-		DigestAlgorithms: map[shared.MessageDigestAlgorithmId]x509.SignatureAlgorithm{
-			X509MDDefault:   x509.SHA256WithRSA,
-			X509MDMd5:       x509.MD5WithRSA,
-			X509MDSha1:      x509.SHA1WithRSA,
-			X509MDRipeMD160: x509.UnknownSignatureAlgorithm,
-			X509MDSha256:    x509.SHA256WithRSA,
-			X509MDSha384:    x509.SHA384WithRSA,
-			X509MDSha512:    x509.SHA512WithRSA,
+		CsOpenPGP: {
+			Name: "OpenPGP",
+			Roots: map[shared.CryptoSystemRootId]interface{}{
+				OpenPGPRoot0: &openpgp_ops.OpenPGPRoot{
+					Name: "OpenPGP Root",
+					SecretKeyRing: path.Join(
+						settings.OpenPGPKeyRingDir,
+						fmt.Sprintf("gpg_root_%d", OpenPGPRoot0),
+						"secring.gpg",
+					),
+					Identifier: settings.OpenPGPUidEmail,
+				},
+			},
+			Profiles: map[shared.CertificateProfileId]interface{}{
+				OpenPGPDefaultProfile: &openpgp_ops.OpenPGPProfile{Name: "default"},
+			},
+			// constants for gnupg cert-digest-algo parameter. Should be replaced with
+			// something more useful
+			DigestAlgorithms: map[shared.MessageDigestAlgorithmId]interface{}{
+				OpenPGPDefaultMD: crypto.SHA256,
+			},
 		},
 	}

-	cryptoSystems[CsOpenPGP] = &CryptoSystem{
-		Name: "OpenPGP",
-		Roots: map[shared.CryptoSystemRootId]*RootCredentials{
-			OpenPGPRoot0: {
-				Name:           "OpenPGP Root",
-				PrivateKeyFile: "secring0.gpg",
-				PublicKeyFile:  "pubring0.gpg",
-			},
-		},
-		Profiles: map[shared.CertificateProfileId]string{
-			OpenPGPDefaultProfile: "default",
-		},
-		// constants for gnupg cert-digest-algo parameter. Should be replaced with
-		// something more useful
-		DigestAlgorithms: map[shared.MessageDigestAlgorithmId]x509.SignatureAlgorithm{
-			OpenPGPDefaultMD: x509.SHA256WithRSA,
-		},
-	}
-
-	return &CommandProcessor{CryptoSystems: cryptoSystems, Settings: NewCommandProcessorSettings()}
+	return &CommandProcessor{CryptoSystems: cryptoSystems, Settings: settings}
 }