go-http-peering/cmd/keygen/util.go

96 lines
2.0 KiB
Go
Raw Permalink Normal View History

2019-02-22 17:35:49 +01:00
package main
import (
"bytes"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"fmt"
"io/ioutil"
"os"
"syscall"
"forge.cadoles.com/Cadoles/go-http-peering/crypto"
2022-09-12 17:46:59 +02:00
"github.com/pkg/errors"
2019-02-22 17:35:49 +01:00
"golang.org/x/crypto/ssh/terminal"
)
func getPassphrase() ([]byte, error) {
passphrase, exists := os.LookupEnv("KEY_PASSPHRASE")
if exists {
2019-02-22 17:35:49 +01:00
return []byte(passphrase), nil
}
return askPassphrase()
}
func askPassphrase() ([]byte, error) {
fmt.Print("Passphrase: ")
passphrase, err := terminal.ReadPassword(syscall.Stdin)
if err != nil {
2022-09-12 17:46:59 +02:00
return nil, errors.WithStack(err)
2019-02-22 17:35:49 +01:00
}
fmt.Println()
fmt.Print("Confirm passphrase: ")
passphraseConfirmation, err := terminal.ReadPassword(syscall.Stdin)
if err != nil {
2022-09-12 17:46:59 +02:00
return nil, errors.WithStack(err)
2019-02-22 17:35:49 +01:00
}
fmt.Println()
if !bytes.Equal(passphrase, passphraseConfirmation) {
return nil, errors.New("passphrases does not match")
}
return passphrase, nil
}
func privateKeyToEncryptedPEM(key *rsa.PrivateKey, passphrase []byte) ([]byte, error) {
if passphrase == nil {
return nil, errors.New("passphrase cannot be empty")
}
// Convert it to pem
block := &pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(key),
}
block, err := x509.EncryptPEMBlock(rand.Reader, block.Type, block.Bytes, passphrase, x509.PEMCipherAES256)
if err != nil {
2022-09-12 17:46:59 +02:00
return nil, errors.WithStack(err)
2019-02-22 17:35:49 +01:00
}
return pem.EncodeToMemory(block), nil
}
func loadPrivateKey() (*rsa.PrivateKey, error) {
if keyFile == "" {
return nil, errors.New("you must specify a key file to load")
}
pem, err := ioutil.ReadFile(keyFile)
if err != nil {
2022-09-12 17:46:59 +02:00
return nil, errors.WithStack(err)
2019-02-22 17:35:49 +01:00
}
passphrase, err := getPassphrase()
if err != nil {
2022-09-12 17:46:59 +02:00
return nil, errors.WithStack(err)
2019-02-22 17:35:49 +01:00
}
privateKey, err := crypto.DecodePEMEncryptedPrivateKey(pem, passphrase)
if err != nil {
2022-09-12 17:46:59 +02:00
return nil, errors.WithStack(err)
2019-02-22 17:35:49 +01:00
}
return privateKey, nil
}
func handleError(err error) {
if !debug {
2022-09-12 17:46:59 +02:00
fmt.Printf("%+v\n", errors.WithStack(err))
2019-02-22 17:35:49 +01:00
} else {
2022-09-12 17:46:59 +02:00
panic(fmt.Sprintf("%+v", errors.WithStack(err)))
2019-02-22 17:35:49 +01:00
}
os.Exit(1)
}