package signer
import (
"crypto/x509"
"git.cacert.org/cacert-gosigner/shared"
)
const (
CsX509 shared.CryptoSystemId = 1
CsOpenPGP shared.CryptoSystemId = 2
)
const (
X509RootDefault shared.CryptoSystemRootId = 0
X509RootClass3 shared.CryptoSystemRootId = 1
X509RootClass3s shared.CryptoSystemRootId = 2
X509Root3 shared.CryptoSystemRootId = 3
X509Root4 shared.CryptoSystemRootId = 4
X509Root5 shared.CryptoSystemRootId = 5
)
const (
X509ProfileClient shared.CertificateProfileId = 0
X509ProfileClientOrg shared.CertificateProfileId = 1
X509ProfileClientCodesign shared.CertificateProfileId = 2
X509ProfileClientMachine shared.CertificateProfileId = 3
X509ProfileClientAds shared.CertificateProfileId = 4
X509ProfileServer shared.CertificateProfileId = 5
X509ProfileServerOrg shared.CertificateProfileId = 6
X509ProfileServerJabber shared.CertificateProfileId = 7
X509ProfileOCSP shared.CertificateProfileId = 8
X509ProfileTimestamp shared.CertificateProfileId = 9
X509ProfileProxy shared.CertificateProfileId = 10
X509ProfileSubCA shared.CertificateProfileId = 11
)
const (
X509MDDefault shared.MessageDigestAlgorithmId = 0
X509MDMd5 shared.MessageDigestAlgorithmId = 1
X509MDSha1 shared.MessageDigestAlgorithmId = 2
X509MDRipeMD160 shared.MessageDigestAlgorithmId = 3
X509MDSha256 shared.MessageDigestAlgorithmId = 8
X509MDSha384 shared.MessageDigestAlgorithmId = 9
X509MDSha512 shared.MessageDigestAlgorithmId = 10
)
const (
OpenPGPRoot0 shared.CryptoSystemRootId = 0
)
const (
OpenPGPDefaultProfile shared.CertificateProfileId = 0
)
const (
OpenPGPDefaultMD shared.MessageDigestAlgorithmId = 0
)
func NewCommandProcessor() *CommandProcessor {
cryptoSystems := make(map[shared.CryptoSystemId]*CryptoSystem)
cryptoSystems[CsX509] = &CryptoSystem{
Name: "X.509",
Roots: map[shared.CryptoSystemRootId]*RootCredentials{
X509RootDefault: {
Name: "openssl",
PrivateKeyFile: "/srv/ca/CA/private/ca.key.pem",
CertificateFile: "/srv/ca/CA/ca.crt.pem",
DatabaseFile: "/srv/ca/CA/index.txt",
CRLNumber: "/srv/ca/CA/crlnumber",
},
X509RootClass3: {
Name: "class3",
PrivateKeyFile: "/srv/ca/class3/private/ca.key.pem",
CertificateFile: "/srv/ca/class3/ca.crt.pem",
DatabaseFile: "/srv/ca/class3/index.txt",
CRLNumber: "/srv/ca/class3/crlnumber",
},
X509RootClass3s: {Name: "class3s"},
X509Root3: {Name: "root3"},
X509Root4: {Name: "root4"},
X509Root5: {Name: "root5"},
},
Profiles: map[shared.CertificateProfileId]string{
X509ProfileClient: "client",
X509ProfileClientOrg: "client-org",
X509ProfileClientCodesign: "client-codesign",
X509ProfileClientMachine: "client-machine",
X509ProfileClientAds: "client-ads",
X509ProfileServer: "server",
X509ProfileServerOrg: "server-org",
X509ProfileServerJabber: "server-jabber",
X509ProfileOCSP: "ocsp",
X509ProfileTimestamp: "timestamp",
X509ProfileProxy: "proxy",
X509ProfileSubCA: "subca",
},
// constants for openssl invocations. Should be replaced with
// something more useful
DigestAlgorithms: map[shared.MessageDigestAlgorithmId]x509.SignatureAlgorithm{
X509MDDefault: x509.SHA256WithRSA,
X509MDMd5: x509.MD5WithRSA,
X509MDSha1: x509.SHA1WithRSA,
X509MDRipeMD160: x509.UnknownSignatureAlgorithm,
X509MDSha256: x509.SHA256WithRSA,
X509MDSha384: x509.SHA384WithRSA,
X509MDSha512: x509.SHA512WithRSA,
},
}
cryptoSystems[CsOpenPGP] = &CryptoSystem{
Name: "OpenPGP",
Roots: map[shared.CryptoSystemRootId]*RootCredentials{
OpenPGPRoot0: {
Name: "OpenPGP Root",
PrivateKeyFile: "secring0.gpg",
PublicKeyFile: "pubring0.gpg",
},
},
Profiles: map[shared.CertificateProfileId]string{
OpenPGPDefaultProfile: "default",
},
// constants for gnupg cert-digest-algo parameter. Should be replaced with
// something more useful
DigestAlgorithms: map[shared.MessageDigestAlgorithmId]x509.SignatureAlgorithm{
OpenPGPDefaultMD: x509.SHA256WithRSA,
},
}
return &CommandProcessor{CryptoSystems: cryptoSystems, Settings: NewCommandProcessorSettings()}
}