package signer import ( "crypto" "crypto/x509" "fmt" "path" "git.cacert.org/cacert-gosigner/shared" "git.cacert.org/cacert-gosigner/signer/openpgp_ops" "git.cacert.org/cacert-gosigner/signer/x509_ops" ) const ( CsX509 shared.CryptoSystemId = 1 CsOpenPGP shared.CryptoSystemId = 2 ) const ( X509RootDefault shared.CryptoSystemRootId = 0 X509RootClass3 shared.CryptoSystemRootId = 1 X509RootClass3s shared.CryptoSystemRootId = 2 X509Root3 shared.CryptoSystemRootId = 3 X509Root4 shared.CryptoSystemRootId = 4 X509Root5 shared.CryptoSystemRootId = 5 ) const ( X509ProfileClient shared.CertificateProfileId = 0 X509ProfileClientOrg shared.CertificateProfileId = 1 X509ProfileClientCodesign shared.CertificateProfileId = 2 X509ProfileClientMachine shared.CertificateProfileId = 3 X509ProfileClientAds shared.CertificateProfileId = 4 X509ProfileServer shared.CertificateProfileId = 5 X509ProfileServerOrg shared.CertificateProfileId = 6 X509ProfileServerJabber shared.CertificateProfileId = 7 X509ProfileOCSP shared.CertificateProfileId = 8 X509ProfileTimestamp shared.CertificateProfileId = 9 X509ProfileProxy shared.CertificateProfileId = 10 X509ProfileSubCA shared.CertificateProfileId = 11 ) const ( X509MDDefault shared.MessageDigestAlgorithmId = 0 X509MDMd5 shared.MessageDigestAlgorithmId = 1 X509MDSha1 shared.MessageDigestAlgorithmId = 2 // X509MDRipeMD160 shared.MessageDigestAlgorithmId = 3 x509 package does not support RIPEMD160 X509MDSha256 shared.MessageDigestAlgorithmId = 8 X509MDSha384 shared.MessageDigestAlgorithmId = 9 X509MDSha512 shared.MessageDigestAlgorithmId = 10 ) const ( OpenPGPRoot0 shared.CryptoSystemRootId = 0 ) const ( OpenPGPDefaultProfile shared.CertificateProfileId = 0 ) const ( OpenPGPDefaultMD shared.MessageDigestAlgorithmId = 0 ) func NewCommandProcessor() *CommandProcessor { settings := NewCommandProcessorSettings() cryptoSystems := map[shared.CryptoSystemId]*CryptoSystem{ CsX509: { Name: "X.509", Roots: map[shared.CryptoSystemRootId]interface{}{ X509RootDefault: x509_ops.NewRoot(settings.CABaseDir, "openssl", "CA", X509RootDefault), X509RootClass3: x509_ops.NewRoot(settings.CABaseDir, "class3", "class3", X509RootClass3), X509RootClass3s: &x509_ops.Root{Name: "class3s"}, X509Root3: &x509_ops.Root{Name: "root3"}, X509Root4: &x509_ops.Root{Name: "root4"}, X509Root5: &x509_ops.Root{Name: "root5"}, }, Profiles: map[shared.CertificateProfileId]interface{}{ X509ProfileClient: &x509_ops.Profile{Name: "client"}, X509ProfileClientOrg: &x509_ops.Profile{Name: "client-org"}, X509ProfileClientCodesign: &x509_ops.Profile{Name: "client-codesign"}, X509ProfileClientMachine: &x509_ops.Profile{Name: "client-machine"}, X509ProfileClientAds: &x509_ops.Profile{Name: "client-ads"}, X509ProfileServer: &x509_ops.Profile{Name: "server"}, X509ProfileServerOrg: &x509_ops.Profile{Name: "server-org"}, X509ProfileServerJabber: &x509_ops.Profile{Name: "server-jabber"}, X509ProfileOCSP: &x509_ops.Profile{Name: "ocsp"}, X509ProfileTimestamp: &x509_ops.Profile{Name: "timestamp"}, X509ProfileProxy: &x509_ops.Profile{Name: "proxy"}, X509ProfileSubCA: &x509_ops.Profile{Name: "subca"}, }, // constants for openssl invocations. Should be replaced with // something more useful DigestAlgorithms: map[shared.MessageDigestAlgorithmId]interface{}{ X509MDDefault: x509.SHA256WithRSA, X509MDMd5: x509.MD5WithRSA, X509MDSha1: x509.SHA1WithRSA, X509MDSha256: x509.SHA256WithRSA, X509MDSha384: x509.SHA384WithRSA, X509MDSha512: x509.SHA512WithRSA, }, }, CsOpenPGP: { Name: "OpenPGP", Roots: map[shared.CryptoSystemRootId]interface{}{ OpenPGPRoot0: &openpgp_ops.OpenPGPRoot{ Name: "OpenPGP Root", SecretKeyRing: path.Join( settings.OpenPGPKeyRingDir, fmt.Sprintf("gpg_root_%d", OpenPGPRoot0), "secring.gpg", ), Identifier: settings.OpenPGPUidEmail, }, }, Profiles: map[shared.CertificateProfileId]interface{}{ OpenPGPDefaultProfile: &openpgp_ops.OpenPGPProfile{Name: "default"}, }, // constants for gnupg cert-digest-algo parameter. Should be replaced with // something more useful DigestAlgorithms: map[shared.MessageDigestAlgorithmId]interface{}{ OpenPGPDefaultMD: crypto.SHA256, }, }, } return &CommandProcessor{CryptoSystems: cryptoSystems, Settings: settings} }