auth

package
v0.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 27, 2016 License: MIT Imports: 12 Imported by: 0

Documentation

Overview

Package auth provides simple ways to handle user authentication

Index

Examples

Constants

This section is empty.

Variables

View Source 
var Cipher = x509.PEMCipherAES256

Cipher used to encrypt private key content in PEM format

Functions

func EncryptedPEMToPrivateKey 

func EncryptedPEMToPrivateKey(data []byte, pwd string) (*rsa.PrivateKey, error)

EncryptedPEMToPrivateKey tries to decrypt and decode a PEM-encoded array of bytes to a private key. If pwd is empty, then the function will not try to decrypt the PEM block.

In case of wrong password, the returned error will be equals to x509.IncorrectPasswordError

Example 
// Generate a new private key for example
key, err := GeneratePrivateKey(512)

if err != nil {
	panic(err)
}

// Get the encrypted PEM data

p, err := PrivateKeyToEncryptedPEM(key, "myPassword")

if err != nil {
	panic(err)
}

// Reverse the process

newKey, err := EncryptedPEMToPrivateKey(p, "badPassword")

if err == x509.IncorrectPasswordError {
	fmt.Println("Bad password")
}

newKey, err = EncryptedPEMToPrivateKey(p, "myPassword")

if newKey != nil && err == nil {
	fmt.Println("OK")
}

Output:

Bad password
OK

func GeneratePrivateKey 

func GeneratePrivateKey(bits int) (*rsa.PrivateKey, error)

GeneratePrivateKey builds a private key of given size from default random

func GenerateUID 

func GenerateUID() uint64

GenerateUID generates a unique identifier as a uint64

func GetCertificate 

func GetCertificate(days int, serial uint64, req *x509.CertificateRequest, parent *x509.Certificate, key *rsa.PrivateKey) ([]byte, error)

GetCertificate builds a certificate from a certificate request and an authoritative certificate (CA), as a PEM-encoded array of bytes. This function assumes that the identity of the signee is valid.

The serial has to be unique and positive.

The generated certificate can safely be distributed to unknown actors.

Example 
// Load elements from PEM files
certificateRequest, _ := PEMToCertificateRequest([]byte(csrFixture))
signerCertificate, _ := PEMToCertificate([]byte(crtFixture))
signerKey, _ := PEMToPrivateKey([]byte(keyFixture))

// Generate the certificate for 365 days with a serial of 0x10 (16)
cert, err := GetCertificate(365, uint64(0x10), certificateRequest, signerCertificate, signerKey)

if cert == nil || err != nil {
	fmt.Println(err)
} else {
	fmt.Println("Certificate generated")
}

// Check certificate validity

roots := x509.NewCertPool()
roots.AddCert(signerCertificate)

signeeCertificate, _ := PEMToCertificate(cert)

_, err = signeeCertificate.Verify(x509.VerifyOptions{
	Roots: roots,
})

if err != nil {
	fmt.Println(err)
} else {
	fmt.Println("Certificate authenticated")
}

Output:

Certificate generated
Certificate authenticated

func GetCertificateHash 

func GetCertificateHash(cert *x509.Certificate) []byte

GetCertificateHash returns the SHA512 hash of a certificate

func GetCertificateRequest 

func GetCertificateRequest(country, organization, unit, mail string, key *rsa.PrivateKey) ([]byte, error)

GetCertificateRequest creates a request to be sent to any authoritative signer, as a PEM-encoded array of bytes.

It can be safely sent via the network.

func GetSelfSignedCertificate 

func GetSelfSignedCertificate(days int, serial uint64, country, organization, unit, cn string, key *rsa.PrivateKey) ([]byte, error)

GetSelfSignedCertificate builds a CA certificate from a private key, as a PEM-encoded array of bytes.

The serial has to be unique and positive.

The generated certificate should be distributed to any other actor in the network under this CA.

func IsPEMEncrypted 

func IsPEMEncrypted(data []byte) bool

IsPEMEncrypted tests whether a PEM-encoded array of bytes is encrypted or not.

func PEMToCertificate 

func PEMToCertificate(data []byte) (*x509.Certificate, error)

PEMToCertificate tries to decode a PEM-encoded array of bytes to a certificate

func PEMToCertificateRequest 

func PEMToCertificateRequest(data []byte) (*x509.CertificateRequest, error)

PEMToCertificateRequest tries to decode a PEM-encoded array of bytes to a certificate request

func PEMToPrivateKey 

func PEMToPrivateKey(data []byte) (*rsa.PrivateKey, error)

PEMToPrivateKey tries to decode a plain PEM-encoded array of bytes to a private key.

func PrivateKeyToEncryptedPEM 

func PrivateKeyToEncryptedPEM(key *rsa.PrivateKey, pwd string) ([]byte, error)

PrivateKeyToEncryptedPEM builds a PEM-encoded array of bytes from a private key and a password. If pwd is empty, then the resulting PEM will not be encrypted.

func PrivateKeyToPEM 

func PrivateKeyToPEM(key *rsa.PrivateKey) []byte

PrivateKeyToPEM produces a unencrypted PEM-encoded array of bytes from a private key.

func SignStructure added in v0.3.0 

func SignStructure(key *rsa.PrivateKey, structure interface{}) ([]byte, error)

SignStructure signs the provided structure with the private key. The used protocol is RSA PKCS#1 v1.5 with SHA-512 hash. The structure is serialized to a string representation using the fmt package.

func VerifyStructure added in v0.3.0 

func VerifyStructure(cert *x509.Certificate, structure interface{}, signed []byte) (bool, error)

VerifyStructure verifies the signed message according to the provided structure and certificate. See SignStructure for protocol definition.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.