本文整理汇总了Golang中github.com/cloudflare/cfssl/helpers.ParsePrivateKeyPEM函数的典型用法代码示例。如果您正苦于以下问题:Golang ParsePrivateKeyPEM函数的具体用法?Golang ParsePrivateKeyPEM怎么用?Golang ParsePrivateKeyPEM使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了ParsePrivateKeyPEM函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: TestCAIssuing
func TestCAIssuing(t *testing.T) {
var caCerts = []string{testCaFile, testECDSACaFile}
var caKeys = []string{testCaKeyFile, testECDSACaKeyFile}
var interCSRs = []string{ecdsaInterCSR, rsaInterCSR}
var interKeys = []string{ecdsaInterKey, rsaInterKey}
var CAPolicy = &config.Signing{
Default: &config.SigningProfile{
Usage: []string{"cert sign", "crl sign"},
ExpiryString: "1h",
Expiry: 1 * time.Hour,
CA: true,
},
}
var hostname = "cloudflare-inter.com"
// Each RSA or ECDSA root CA issues two intermediate CAs (one ECDSA and one RSA).
// For each intermediate CA, use it to issue additional RSA and ECDSA intermediate CSRs.
for i, caFile := range caCerts {
caKeyFile := caKeys[i]
s := newCustomSigner(t, caFile, caKeyFile)
s.policy = CAPolicy
for j, csr := range interCSRs {
csrBytes, _ := ioutil.ReadFile(csr)
certBytes, err := s.Sign(signer.SignRequest{Hosts: signer.SplitHosts(hostname), Request: string(csrBytes)})
if err != nil {
t.Fatal(err)
}
interCert, err := helpers.ParseCertificatePEM(certBytes)
if err != nil {
t.Fatal(err)
}
keyBytes, _ := ioutil.ReadFile(interKeys[j])
interKey, _ := helpers.ParsePrivateKeyPEM(keyBytes)
interSigner := &Signer{
ca: interCert,
priv: interKey,
policy: CAPolicy,
sigAlgo: signer.DefaultSigAlgo(interKey),
}
for _, anotherCSR := range interCSRs {
anotherCSRBytes, _ := ioutil.ReadFile(anotherCSR)
bytes, err := interSigner.Sign(
signer.SignRequest{
Hosts: signer.SplitHosts(hostname),
Request: string(anotherCSRBytes),
})
if err != nil {
t.Fatal(err)
}
cert, err := helpers.ParseCertificatePEM(bytes)
if err != nil {
t.Fatal(err)
}
if cert.SignatureAlgorithm != interSigner.SigAlgo() {
t.Fatal("Cert Signature Algorithm does not match the issuer.")
}
}
}
}
}
示例2: makeCASigner
func makeCASigner(certBytes, keyBytes []byte, sigAlgo x509.SignatureAlgorithm, t *testing.T) signer.Signer {
cert, err := helpers.ParseCertificatePEM(certBytes)
if err != nil {
t.Fatal(err)
}
key, err := helpers.ParsePrivateKeyPEM(keyBytes)
if err != nil {
t.Fatal(err)
}
defaultProfile := &config.SigningProfile{
Usage: []string{"cert sign"},
CAConstraint: config.CAConstraint{IsCA: true},
Expiry: time.Hour,
ExpiryString: "1h",
}
policy := &config.Signing{
Profiles: map[string]*config.SigningProfile{},
Default: defaultProfile,
}
s, err := local.NewSigner(key, cert, sigAlgo, policy)
if err != nil {
t.Fatal(err)
}
return s
}
示例3: TestReGenerate
func TestReGenerate(t *testing.T) {
var req = &CertificateRequest{
Names: []Name{
{
C: "US",
ST: "California",
L: "San Francisco",
O: "CloudFlare",
OU: "Systems Engineering",
},
},
CN: "cloudflare.com",
Hosts: []string{"cloudflare.com", "www.cloudflare.com", "192.168.0.1"},
KeyRequest: &BasicKeyRequest{"ecdsa", 256},
}
csr, key, err := ParseRequest(req)
if err != nil {
t.Fatalf("%v", err)
}
priv, err := helpers.ParsePrivateKeyPEM(key)
if err != nil {
t.Fatalf("%v", err)
}
csr, err = Generate(priv, req)
if err != nil {
t.Fatalf("%v", err)
}
if _, _, err = helpers.ParseCSR(csr); err != nil {
t.Fatalf("%v", err)
}
}
示例4: NewSignerFromFile
// NewSignerFromFile generates a new local signer from a caFile
// and a caKey file, both PEM encoded.
func NewSignerFromFile(caFile, caKeyFile string, policy *config.Signing) (*Signer, error) {
log.Debug("Loading CA: ", caFile)
ca, err := ioutil.ReadFile(caFile)
if err != nil {
return nil, err
}
log.Debug("Loading CA key: ", caKeyFile)
cakey, err := ioutil.ReadFile(caKeyFile)
if err != nil {
return nil, cferr.Wrap(cferr.CertificateError, cferr.ReadFailed, err)
}
parsedCa, err := helpers.ParseCertificatePEM(ca)
if err != nil {
return nil, err
}
priv, err := helpers.ParsePrivateKeyPEM(cakey)
if err != nil {
log.Debug("Malformed private key %v", err)
return nil, err
}
return NewSigner(priv, parsedCa, signer.DefaultSigAlgo(priv), policy)
}
示例5: NewSignerFromFile
// NewSignerFromFile reads the issuer cert, the responder cert and the responder key
// from PEM files, and takes an interval in seconds
func NewSignerFromFile(issuerFile, responderFile, keyFile string, interval time.Duration) (Signer, error) {
log.Debug("Loading issuer cert: ", issuerFile)
issuerBytes, err := ioutil.ReadFile(issuerFile)
if err != nil {
return nil, err
}
log.Debug("Loading responder cert: ", responderFile)
responderBytes, err := ioutil.ReadFile(responderFile)
if err != nil {
return nil, err
}
log.Debug("Loading responder key: ", keyFile)
keyBytes, err := ioutil.ReadFile(keyFile)
if err != nil {
return nil, cferr.Wrap(cferr.CertificateError, cferr.ReadFailed, err)
}
issuerCert, err := helpers.ParseCertificatePEM(issuerBytes)
if err != nil {
return nil, err
}
responderCert, err := helpers.ParseCertificatePEM(responderBytes)
if err != nil {
return nil, err
}
key, err := helpers.ParsePrivateKeyPEM(keyBytes)
if err != nil {
log.Debug("Malformed private key %v", err)
return nil, err
}
return NewSigner(issuerCert, responderCert, key, interval)
}
示例6: LoadKey
// LoadKey attempts to load a private key from PEM or DER.
func LoadKey(in []byte) (priv crypto.Signer, err error) {
priv, err = helpers.ParsePrivateKeyPEM(in)
if err == nil {
return priv, nil
}
return derhelpers.ParsePrivateKeyDER(in)
}
示例7: createAndWriteRootCA
// createAndWriteca.RootCA creates a Certificate authority for a new Swarm Cluster.
// We're copying CreateAndWriteca.RootCA, so we can have smaller key-sizes for tests
func createAndWriteRootCA(rootCN string, paths ca.CertPaths, expiry time.Duration) (ca.RootCA, error) {
// Create a simple CSR for the CA using the default CA validator and policy
req := cfcsr.CertificateRequest{
CN: rootCN,
KeyRequest: cfcsr.NewBasicKeyRequest(),
CA: &cfcsr.CAConfig{Expiry: ca.RootCAExpiration},
}
// Generate the CA and get the certificate and private key
cert, _, key, err := initca.New(&req)
if err != nil {
return ca.RootCA{}, err
}
// Convert the key given by initca to an object to create a ca.RootCA
parsedKey, err := helpers.ParsePrivateKeyPEM(key)
if err != nil {
log.Errorf("failed to parse private key: %v", err)
return ca.RootCA{}, err
}
// Convert the certificate into an object to create a ca.RootCA
parsedCert, err := helpers.ParseCertificatePEM(cert)
if err != nil {
return ca.RootCA{}, err
}
// Create a Signer out of the private key
signer, err := local.NewSigner(parsedKey, parsedCert, cfsigner.DefaultSigAlgo(parsedKey), ca.SigningPolicy(expiry))
if err != nil {
log.Errorf("failed to create signer: %v", err)
return ca.RootCA{}, err
}
// Ensure directory exists
err = os.MkdirAll(filepath.Dir(paths.Cert), 0755)
if err != nil {
return ca.RootCA{}, err
}
// Write the Private Key and Certificate to disk, using decent permissions
if err := ioutils.AtomicWriteFile(paths.Cert, cert, 0644); err != nil {
return ca.RootCA{}, err
}
if err := ioutils.AtomicWriteFile(paths.Key, key, 0600); err != nil {
return ca.RootCA{}, err
}
// Create a Pool with our Root CA Certificate
pool := x509.NewCertPool()
if !pool.AppendCertsFromPEM(cert) {
return ca.RootCA{}, fmt.Errorf("failed to append certificate to cert pool")
}
return ca.RootCA{Signer: signer, Key: key, Cert: cert, Pool: pool}, nil
}
示例8: createAndWriteRootCA
// createAndWriteRootCA creates a Certificate authority for a new Swarm Cluster.
// We're copying ca.CreateRootCA, so we can have smaller key-sizes for tests
func createAndWriteRootCA(rootCN string, paths ca.CertPaths, expiry time.Duration) (ca.RootCA, error) {
cert, key, err := CreateRootCertAndKey(rootCN)
if err != nil {
return ca.RootCA{}, err
}
// Convert the key given by initca to an object to create a ca.RootCA
parsedKey, err := helpers.ParsePrivateKeyPEM(key)
if err != nil {
log.Errorf("failed to parse private key: %v", err)
return ca.RootCA{}, err
}
// Convert the certificate into an object to create a ca.RootCA
parsedCert, err := helpers.ParseCertificatePEM(cert)
if err != nil {
return ca.RootCA{}, err
}
// Create a Signer out of the private key
signer, err := local.NewSigner(parsedKey, parsedCert, cfsigner.DefaultSigAlgo(parsedKey), ca.SigningPolicy(expiry))
if err != nil {
log.Errorf("failed to create signer: %v", err)
return ca.RootCA{}, err
}
// Ensure directory exists
err = os.MkdirAll(filepath.Dir(paths.Cert), 0755)
if err != nil {
return ca.RootCA{}, err
}
// Write the Private Key and Certificate to disk, using decent permissions
if err := ioutils.AtomicWriteFile(paths.Cert, cert, 0644); err != nil {
return ca.RootCA{}, err
}
if err := ioutils.AtomicWriteFile(paths.Key, key, 0600); err != nil {
return ca.RootCA{}, err
}
// Create a Pool with our Root CA Certificate
pool := x509.NewCertPool()
if !pool.AppendCertsFromPEM(cert) {
return ca.RootCA{}, errors.New("failed to append certificate to cert pool")
}
return ca.RootCA{
Signer: signer,
Key: key,
Cert: cert,
Pool: pool,
Digest: digest.FromBytes(cert),
}, nil
}
示例9: init
func init() {
var err error
caKey, err = helpers.ParsePrivateKeyPEM(mustRead(caKeyFile))
if err != nil {
panic(fmt.Sprintf("Unable to parse %s: %s", caKeyFile, err))
}
caCert, err = core.LoadCert(caCertFile)
if err != nil {
panic(fmt.Sprintf("Unable to parse %s: %s", caCertFile, err))
}
}
示例10: NewFromPEM
// NewFromPEM creates a new root certificate from the key file passed in.
func NewFromPEM(req *csr.CertificateRequest, keyFile string) (cert, csrPEM []byte, err error) {
privData, err := ioutil.ReadFile(keyFile)
if err != nil {
return nil, nil, err
}
priv, err := helpers.ParsePrivateKeyPEM(privData)
if err != nil {
return nil, nil, err
}
return NewFromSigner(req, priv)
}
示例11: NewCRLFromFile
// NewCRLFromFile takes in a list of serial numbers, one per line, as well as the issuing certificate
// of the CRL, and the private key. This function is then used to parse the list and generate a CRL
func NewCRLFromFile(serialList, issuerFile, keyFile []byte, expiryTime string) ([]byte, error) {
var revokedCerts []pkix.RevokedCertificate
var oneWeek = time.Duration(604800) * time.Second
expiryInt, err := strconv.ParseInt(expiryTime, 0, 32)
if err != nil {
return nil, err
}
newDurationFromInt := time.Duration(expiryInt) * time.Second
newExpiryTime := time.Now().Add(newDurationFromInt)
if expiryInt == 0 {
newExpiryTime = time.Now().Add(oneWeek)
}
// Parse the PEM encoded certificate
issuerCert, err := helpers.ParseCertificatePEM(issuerFile)
if err != nil {
return nil, err
}
// Split input file by new lines
individualCerts := strings.Split(string(serialList), "\n")
// For every new line, create a new revokedCertificate and add it to slice
for _, value := range individualCerts {
if len(strings.TrimSpace(value)) == 0 {
continue
}
tempBigInt := new(big.Int)
tempBigInt.SetString(value, 10)
tempCert := pkix.RevokedCertificate{
SerialNumber: tempBigInt,
RevocationTime: time.Now(),
}
revokedCerts = append(revokedCerts, tempCert)
}
// Parse the key given
key, err := helpers.ParsePrivateKeyPEM(keyFile)
if err != nil {
log.Debug("Malformed private key %v", err)
return nil, err
}
return CreateGenericCRL(revokedCerts, key, issuerCert, newExpiryTime)
}
示例12: TestBadReGenerate
// TestBadReGenerator ensures that a request that fails the ParseCSR is
// not processed.
func TestBadReGenerate(t *testing.T) {
var req = &CertificateRequest{
Names: []Name{
{
C: "US",
ST: "California",
L: "San Francisco",
O: "CloudFlare",
OU: "Systems Engineering",
},
},
CN: "cloudflare.com",
Hosts: []string{"cloudflare.com", "www.cloudflare.com", "192.168.0.1"},
KeyRequest: &BasicKeyRequest{"ecdsa", 256},
}
csr, key, err := ParseRequest(req)
if err != nil {
t.Fatalf("%v", err)
}
priv, err := helpers.ParsePrivateKeyPEM(key)
if err != nil {
t.Fatalf("%v", err)
}
csr, err = Generate(priv, req)
if err != nil {
t.Fatalf("%v", err)
}
block := pem.Block{
Type: "CERTIFICATE REQUEST",
Headers: map[string]string{
"Location": "UCSD",
},
Bytes: csr,
}
csr = pem.EncodeToMemory(&block)
_, err = Regenerate(priv, csr)
if err == nil {
t.Fatalf("%v", err)
}
}
示例13: testGenerateKeypair
func testGenerateKeypair(req *csr.CertificateRequest) (keyFile, certFile string, err error) {
fail := func(err error) (string, string, error) {
if keyFile != "" {
os.Remove(keyFile)
}
if certFile != "" {
os.Remove(certFile)
}
return "", "", err
}
keyFile, err = tempName()
if err != nil {
return fail(err)
}
certFile, err = tempName()
if err != nil {
return fail(err)
}
csrPEM, keyPEM, err := csr.ParseRequest(req)
if err != nil {
return fail(err)
}
if err = ioutil.WriteFile(keyFile, keyPEM, 0644); err != nil {
return fail(err)
}
priv, err := helpers.ParsePrivateKeyPEM(keyPEM)
if err != nil {
return fail(err)
}
cert, err := selfsign.Sign(priv, csrPEM, config.DefaultConfig())
if err != nil {
return fail(err)
}
if err = ioutil.WriteFile(certFile, cert, 0644); err != nil {
return fail(err)
}
return
}
示例14: New
// New creates a new root certificate from the certificate request.
func New(req *csr.CertificateRequest) (cert, csrPEM, key []byte, err error) {
policy := CAPolicy()
if req.CA != nil {
if req.CA.Expiry != "" {
policy.Default.ExpiryString = req.CA.Expiry
policy.Default.Expiry, err = time.ParseDuration(req.CA.Expiry)
if err != nil {
return
}
}
policy.Default.CAConstraint.MaxPathLen = req.CA.PathLength
if req.CA.PathLength != 0 && req.CA.PathLenZero == true {
log.Infof("ignore invalid 'pathlenzero' value")
} else {
policy.Default.CAConstraint.MaxPathLenZero = req.CA.PathLenZero
}
}
g := &csr.Generator{Validator: validator}
csrPEM, key, err = g.ProcessRequest(req)
if err != nil {
log.Errorf("failed to process request: %v", err)
key = nil
return
}
priv, err := helpers.ParsePrivateKeyPEM(key)
if err != nil {
log.Errorf("failed to parse private key: %v", err)
return
}
s, err := local.NewSigner(priv, nil, signer.DefaultSigAlgo(priv), policy)
if err != nil {
log.Errorf("failed to create signer: %v", err)
return
}
signReq := signer.SignRequest{Hosts: req.Hosts, Request: string(csrPEM)}
cert, err = s.Sign(signReq)
return
}
示例15: loadSigner
func loadSigner(issuerConfig cmd.IssuerConfig) (crypto.Signer, error) {
if issuerConfig.File != "" {
keyBytes, err := ioutil.ReadFile(issuerConfig.File)
if err != nil {
return nil, fmt.Errorf("Could not read key file %s", issuerConfig.File)
}
signer, err := helpers.ParsePrivateKeyPEM(keyBytes)
if err != nil {
return nil, err
}
return signer, nil
}
var pkcs11Config *pkcs11key.Config
if issuerConfig.ConfigFile != "" {
contents, err := ioutil.ReadFile(issuerConfig.ConfigFile)
if err != nil {
return nil, err
}
pkcs11Config = new(pkcs11key.Config)
err = json.Unmarshal(contents, pkcs11Config)
if err != nil {
return nil, err
}
} else {
pkcs11Config = issuerConfig.PKCS11
}
if pkcs11Config.Module == "" ||
pkcs11Config.TokenLabel == "" ||
pkcs11Config.PIN == "" ||
pkcs11Config.PrivateKeyLabel == "" {
return nil, fmt.Errorf("Missing a field in pkcs11Config %#v", pkcs11Config)
}
numSessions := issuerConfig.NumSessions
if numSessions <= 0 {
numSessions = 1
}
return pkcs11key.NewPool(numSessions, pkcs11Config.Module,
pkcs11Config.TokenLabel, pkcs11Config.PIN, pkcs11Config.PrivateKeyLabel)
}