Jan Dittberner
9f0916b14a
Move X.509 and Openpgp operations into custom packages. Implement more robust input reading. Do not convert []byte to string unnecessarily. Finish implementation of X.509 CRL creation.
130 lines
4.5 KiB
Go
130 lines
4.5 KiB
Go
package signer
|
|
|
|
import (
|
|
"crypto"
|
|
"crypto/x509"
|
|
"fmt"
|
|
"path"
|
|
|
|
"git.cacert.org/cacert-gosigner/shared"
|
|
"git.cacert.org/cacert-gosigner/signer/openpgp_ops"
|
|
"git.cacert.org/cacert-gosigner/signer/x509_ops"
|
|
)
|
|
|
|
const (
|
|
CsX509 shared.CryptoSystemId = 1
|
|
CsOpenPGP shared.CryptoSystemId = 2
|
|
)
|
|
|
|
const (
|
|
X509RootDefault shared.CryptoSystemRootId = 0
|
|
X509RootClass3 shared.CryptoSystemRootId = 1
|
|
X509RootClass3s shared.CryptoSystemRootId = 2
|
|
X509Root3 shared.CryptoSystemRootId = 3
|
|
X509Root4 shared.CryptoSystemRootId = 4
|
|
X509Root5 shared.CryptoSystemRootId = 5
|
|
)
|
|
|
|
const (
|
|
X509ProfileClient shared.CertificateProfileId = 0
|
|
X509ProfileClientOrg shared.CertificateProfileId = 1
|
|
X509ProfileClientCodesign shared.CertificateProfileId = 2
|
|
X509ProfileClientMachine shared.CertificateProfileId = 3
|
|
X509ProfileClientAds shared.CertificateProfileId = 4
|
|
X509ProfileServer shared.CertificateProfileId = 5
|
|
X509ProfileServerOrg shared.CertificateProfileId = 6
|
|
X509ProfileServerJabber shared.CertificateProfileId = 7
|
|
X509ProfileOCSP shared.CertificateProfileId = 8
|
|
X509ProfileTimestamp shared.CertificateProfileId = 9
|
|
X509ProfileProxy shared.CertificateProfileId = 10
|
|
X509ProfileSubCA shared.CertificateProfileId = 11
|
|
)
|
|
|
|
const (
|
|
X509MDDefault shared.MessageDigestAlgorithmId = 0
|
|
X509MDMd5 shared.MessageDigestAlgorithmId = 1
|
|
X509MDSha1 shared.MessageDigestAlgorithmId = 2
|
|
// X509MDRipeMD160 shared.MessageDigestAlgorithmId = 3 x509 package does not support RIPEMD160
|
|
X509MDSha256 shared.MessageDigestAlgorithmId = 8
|
|
X509MDSha384 shared.MessageDigestAlgorithmId = 9
|
|
X509MDSha512 shared.MessageDigestAlgorithmId = 10
|
|
)
|
|
|
|
const (
|
|
OpenPGPRoot0 shared.CryptoSystemRootId = 0
|
|
)
|
|
|
|
const (
|
|
OpenPGPDefaultProfile shared.CertificateProfileId = 0
|
|
)
|
|
|
|
const (
|
|
OpenPGPDefaultMD shared.MessageDigestAlgorithmId = 0
|
|
)
|
|
|
|
func NewCommandProcessor() *CommandProcessor {
|
|
settings := NewCommandProcessorSettings()
|
|
|
|
cryptoSystems := map[shared.CryptoSystemId]*CryptoSystem{
|
|
CsX509: {
|
|
Name: "X.509",
|
|
Roots: map[shared.CryptoSystemRootId]interface{}{
|
|
X509RootDefault: x509_ops.NewRoot(settings.CABaseDir, "openssl", "CA", X509RootDefault),
|
|
X509RootClass3: x509_ops.NewRoot(settings.CABaseDir, "class3", "class3", X509RootClass3),
|
|
X509RootClass3s: &x509_ops.Root{Name: "class3s"},
|
|
X509Root3: &x509_ops.Root{Name: "root3"},
|
|
X509Root4: &x509_ops.Root{Name: "root4"},
|
|
X509Root5: &x509_ops.Root{Name: "root5"},
|
|
},
|
|
Profiles: map[shared.CertificateProfileId]interface{}{
|
|
X509ProfileClient: &x509_ops.Profile{Name: "client"},
|
|
X509ProfileClientOrg: &x509_ops.Profile{Name: "client-org"},
|
|
X509ProfileClientCodesign: &x509_ops.Profile{Name: "client-codesign"},
|
|
X509ProfileClientMachine: &x509_ops.Profile{Name: "client-machine"},
|
|
X509ProfileClientAds: &x509_ops.Profile{Name: "client-ads"},
|
|
X509ProfileServer: &x509_ops.Profile{Name: "server"},
|
|
X509ProfileServerOrg: &x509_ops.Profile{Name: "server-org"},
|
|
X509ProfileServerJabber: &x509_ops.Profile{Name: "server-jabber"},
|
|
X509ProfileOCSP: &x509_ops.Profile{Name: "ocsp"},
|
|
X509ProfileTimestamp: &x509_ops.Profile{Name: "timestamp"},
|
|
X509ProfileProxy: &x509_ops.Profile{Name: "proxy"},
|
|
X509ProfileSubCA: &x509_ops.Profile{Name: "subca"},
|
|
},
|
|
// constants for openssl invocations. Should be replaced with
|
|
// something more useful
|
|
DigestAlgorithms: map[shared.MessageDigestAlgorithmId]interface{}{
|
|
X509MDDefault: x509.SHA256WithRSA,
|
|
X509MDMd5: x509.MD5WithRSA,
|
|
X509MDSha1: x509.SHA1WithRSA,
|
|
X509MDSha256: x509.SHA256WithRSA,
|
|
X509MDSha384: x509.SHA384WithRSA,
|
|
X509MDSha512: x509.SHA512WithRSA,
|
|
},
|
|
},
|
|
CsOpenPGP: {
|
|
Name: "OpenPGP",
|
|
Roots: map[shared.CryptoSystemRootId]interface{}{
|
|
OpenPGPRoot0: &openpgp_ops.OpenPGPRoot{
|
|
Name: "OpenPGP Root",
|
|
SecretKeyRing: path.Join(
|
|
settings.OpenPGPKeyRingDir,
|
|
fmt.Sprintf("gpg_root_%d", OpenPGPRoot0),
|
|
"secring.gpg",
|
|
),
|
|
Identifier: settings.OpenPGPUidEmail,
|
|
},
|
|
},
|
|
Profiles: map[shared.CertificateProfileId]interface{}{
|
|
OpenPGPDefaultProfile: &openpgp_ops.OpenPGPProfile{Name: "default"},
|
|
},
|
|
// constants for gnupg cert-digest-algo parameter. Should be replaced with
|
|
// something more useful
|
|
DigestAlgorithms: map[shared.MessageDigestAlgorithmId]interface{}{
|
|
OpenPGPDefaultMD: crypto.SHA256,
|
|
},
|
|
},
|
|
}
|
|
|
|
return &CommandProcessor{CryptoSystems: cryptoSystems, Settings: settings}
|
|
}
|