go-http-peering/cmd/keygen/util.go

package main

import (
	"bytes"
	"crypto/rand"
	"crypto/rsa"
	"crypto/x509"
	"encoding/pem"
	"fmt"
	"io/ioutil"
	"os"
	"syscall"

	"forge.cadoles.com/Cadoles/go-http-peering/crypto"
	"github.com/pkg/errors"

	"golang.org/x/crypto/ssh/terminal"
)

func getPassphrase() ([]byte, error) {
	passphrase, exists := os.LookupEnv("KEY_PASSPHRASE")
	if exists {
		return []byte(passphrase), nil
	}
	return askPassphrase()
}

func askPassphrase() ([]byte, error) {
	fmt.Print("Passphrase: ")
	passphrase, err := terminal.ReadPassword(syscall.Stdin)
	if err != nil {
		return nil, errors.WithStack(err)
	}
	fmt.Println()

	fmt.Print("Confirm passphrase: ")
	passphraseConfirmation, err := terminal.ReadPassword(syscall.Stdin)
	if err != nil {
		return nil, errors.WithStack(err)
	}
	fmt.Println()

	if !bytes.Equal(passphrase, passphraseConfirmation) {
		return nil, errors.New("passphrases does not match")
	}

	return passphrase, nil
}

func privateKeyToEncryptedPEM(key *rsa.PrivateKey, passphrase []byte) ([]byte, error) {
	if passphrase == nil {
		return nil, errors.New("passphrase cannot be empty")
	}

	// Convert it to pem
	block := &pem.Block{
		Type:  "RSA PRIVATE KEY",
		Bytes: x509.MarshalPKCS1PrivateKey(key),
	}

	block, err := x509.EncryptPEMBlock(rand.Reader, block.Type, block.Bytes, passphrase, x509.PEMCipherAES256)
	if err != nil {
		return nil, errors.WithStack(err)
	}

	return pem.EncodeToMemory(block), nil
}

func loadPrivateKey() (*rsa.PrivateKey, error) {
	if keyFile == "" {
		return nil, errors.New("you must specify a key file to load")
	}
	pem, err := ioutil.ReadFile(keyFile)
	if err != nil {
		return nil, errors.WithStack(err)
	}
	passphrase, err := getPassphrase()
	if err != nil {
		return nil, errors.WithStack(err)
	}
	privateKey, err := crypto.DecodePEMEncryptedPrivateKey(pem, passphrase)
	if err != nil {
		return nil, errors.WithStack(err)
	}
	return privateKey, nil
}

func handleError(err error) {
	if !debug {
		fmt.Printf("%+v\n", errors.WithStack(err))
	} else {
		panic(fmt.Sprintf("%+v", errors.WithStack(err)))
	}
	os.Exit(1)
}
Redesign authentication protocol 2019-02-22 17:35:49 +01:00			`package main`

			`import (`
			`"bytes"`
			`"crypto/rand"`
			`"crypto/rsa"`
			`"crypto/x509"`
			`"encoding/pem"`
			`"fmt"`
			`"io/ioutil"`
			`"os"`
			`"syscall"`

Migrate to namespace forge.cadoles.com/Cadoles/go-http-peering 2019-10-16 11:09:29 +02:00			`"forge.cadoles.com/Cadoles/go-http-peering/crypto"`
Return wrapped errors 2022-09-12 17:46:59 +02:00			`"github.com/pkg/errors"`
Redesign authentication protocol 2019-02-22 17:35:49 +01:00
			`"golang.org/x/crypto/ssh/terminal"`
			`)`

			`func getPassphrase() ([]byte, error) {`
Allow empty passphrase when using environment variable 2019-03-29 15:15:38 +01:00			`passphrase, exists := os.LookupEnv("KEY_PASSPHRASE")`
			`if exists {`
Redesign authentication protocol 2019-02-22 17:35:49 +01:00			`return []byte(passphrase), nil`
			`}`
			`return askPassphrase()`
			`}`

			`func askPassphrase() ([]byte, error) {`
			`fmt.Print("Passphrase: ")`
			`passphrase, err := terminal.ReadPassword(syscall.Stdin)`
			`if err != nil {`
Return wrapped errors 2022-09-12 17:46:59 +02:00			`return nil, errors.WithStack(err)`
Redesign authentication protocol 2019-02-22 17:35:49 +01:00			`}`
			`fmt.Println()`

			`fmt.Print("Confirm passphrase: ")`
			`passphraseConfirmation, err := terminal.ReadPassword(syscall.Stdin)`
			`if err != nil {`
Return wrapped errors 2022-09-12 17:46:59 +02:00			`return nil, errors.WithStack(err)`
Redesign authentication protocol 2019-02-22 17:35:49 +01:00			`}`
			`fmt.Println()`

			`if !bytes.Equal(passphrase, passphraseConfirmation) {`
			`return nil, errors.New("passphrases does not match")`
			`}`

			`return passphrase, nil`
			`}`

			`func privateKeyToEncryptedPEM(key *rsa.PrivateKey, passphrase []byte) ([]byte, error) {`
			`if passphrase == nil {`
			`return nil, errors.New("passphrase cannot be empty")`
			`}`

			`// Convert it to pem`
			`block := &pem.Block{`
			`Type: "RSA PRIVATE KEY",`
			`Bytes: x509.MarshalPKCS1PrivateKey(key),`
			`}`

			`block, err := x509.EncryptPEMBlock(rand.Reader, block.Type, block.Bytes, passphrase, x509.PEMCipherAES256)`
			`if err != nil {`
Return wrapped errors 2022-09-12 17:46:59 +02:00			`return nil, errors.WithStack(err)`
Redesign authentication protocol 2019-02-22 17:35:49 +01:00			`}`

			`return pem.EncodeToMemory(block), nil`
			`}`

			`func loadPrivateKey() (*rsa.PrivateKey, error) {`
			`if keyFile == "" {`
			`return nil, errors.New("you must specify a key file to load")`
			`}`
			`pem, err := ioutil.ReadFile(keyFile)`
			`if err != nil {`
Return wrapped errors 2022-09-12 17:46:59 +02:00			`return nil, errors.WithStack(err)`
Redesign authentication protocol 2019-02-22 17:35:49 +01:00			`}`
			`passphrase, err := getPassphrase()`
			`if err != nil {`
Return wrapped errors 2022-09-12 17:46:59 +02:00			`return nil, errors.WithStack(err)`
Redesign authentication protocol 2019-02-22 17:35:49 +01:00			`}`
			`privateKey, err := crypto.DecodePEMEncryptedPrivateKey(pem, passphrase)`
			`if err != nil {`
Return wrapped errors 2022-09-12 17:46:59 +02:00			`return nil, errors.WithStack(err)`
Redesign authentication protocol 2019-02-22 17:35:49 +01:00			`}`
			`return privateKey, nil`
			`}`

			`func handleError(err error) {`
			`if !debug {`
Return wrapped errors 2022-09-12 17:46:59 +02:00			`fmt.Printf("%+v\n", errors.WithStack(err))`
Redesign authentication protocol 2019-02-22 17:35:49 +01:00			`} else {`
Return wrapped errors 2022-09-12 17:46:59 +02:00			`panic(fmt.Sprintf("%+v", errors.WithStack(err)))`
Redesign authentication protocol 2019-02-22 17:35:49 +01:00			`}`
			`os.Exit(1)`
			`}`