rsa/pkg/ca/ca.go

/*
Package ca implements a disk file-backed certificate authority with a built-in
CRL signer. The certificate authority can issue new certificates (including the
creation of intermediate CAs) and revoke existing certificates, resulting in a
fresh CRL.
*/
package ca

import (
	"crypto/rsa"
	"crypto/sha1"
	"crypto/x509"
	"encoding/asn1"
	"fmt"
	"path/filepath"

	"src.lwithers.me.uk/go/rsa/pkg/pemfile"
)

type CA struct {
	dir string

	key  *rsa.PrivateKey
	root *x509.Certificate

	crl     *x509.RevocationList
	crlKey  *rsa.PrivateKey
	crlCert *x509.Certificate
}

const (
	rootKeyFilename  = "root-key.pem"
	rootCertFilename = "root-cert.pem"
)

// Open an existing certificate authority in the given directory.
func Open(dir string) (*CA, error) {
	ca := &CA{
		dir: dir,
	}
	var err error
	ca.key, err = pemfile.ReadKey(filepath.Join(dir, rootKeyFilename))
	if err != nil {
		return nil, fmt.Errorf("while opening CA (root key): %w", err)
	}
	ca.root, err = pemfile.ReadCert(filepath.Join(dir, rootCertFilename))
	if err != nil {
		return nil, fmt.Errorf("while opening CA (root cert): %w", err)
	}
	if err = ca.loadCRLState(); err != nil {
		return nil, fmt.Errorf("while opening CA (CRL state): %w", err)
	}
	return ca, nil
}

func (ca *CA) GetRoot() *x509.Certificate {
	return ca.root
}

func (ca *CA) GetCRLSigner() *x509.Certificate {
	return ca.crlCert
}

func (ca *CA) GetCRL() *x509.RevocationList {
	return ca.crl
}

func ComputeSubjectKeyId(key *rsa.PublicKey) []byte {
	der, _ := asn1.Marshal(key)
	h := sha1.Sum(der)
	return h[:]
}
Initial commit of pkg functions 2023-03-01 21:28:48 +00:00			`/*`
			`Package ca implements a disk file-backed certificate authority with a built-in`
			`CRL signer. The certificate authority can issue new certificates (including the`
			`creation of intermediate CAs) and revoke existing certificates, resulting in a`
			`fresh CRL.`
			`*/`
			`package ca`

			`import (`
			`"crypto/rsa"`
			`"crypto/sha1"`
			`"crypto/x509"`
			`"encoding/asn1"`
			`"fmt"`
			`"path/filepath"`

			`"src.lwithers.me.uk/go/rsa/pkg/pemfile"`
			`)`

			`type CA struct {`
			`dir string`

			`key *rsa.PrivateKey`
			`root *x509.Certificate`

			`crl *x509.RevocationList`
			`crlKey *rsa.PrivateKey`
			`crlCert *x509.Certificate`
			`}`

			`const (`
			`rootKeyFilename = "root-key.pem"`
			`rootCertFilename = "root-cert.pem"`
			`)`

			`// Open an existing certificate authority in the given directory.`
			`func Open(dir string) (*CA, error) {`
			`ca := &CA{`
			`dir: dir,`
			`}`
			`var err error`
			`ca.key, err = pemfile.ReadKey(filepath.Join(dir, rootKeyFilename))`
			`if err != nil {`
			`return nil, fmt.Errorf("while opening CA (root key): %w", err)`
			`}`
			`ca.root, err = pemfile.ReadCert(filepath.Join(dir, rootCertFilename))`
			`if err != nil {`
			`return nil, fmt.Errorf("while opening CA (root cert): %w", err)`
			`}`
			`if err = ca.loadCRLState(); err != nil {`
			`return nil, fmt.Errorf("while opening CA (CRL state): %w", err)`
			`}`
			`return ca, nil`
			`}`

			`func (ca CA) GetRoot() x509.Certificate {`
			`return ca.root`
			`}`

			`func (ca CA) GetCRLSigner() x509.Certificate {`
			`return ca.crlCert`
			`}`

			`func (ca CA) GetCRL() x509.RevocationList {`
			`return ca.crl`
			`}`

			`func ComputeSubjectKeyId(key *rsa.PublicKey) []byte {`
			`der, _ := asn1.Marshal(key)`
			`h := sha1.Sum(der)`
			`return h[:]`
			`}`