gitee.com/lh-her-team/common@v1.5.1/cert/cert_p11.go

gitee.com/lh-her-team/common@v1.5.1/cert/cert_p11.go (about)

     1  package cert
     2  
     3  import (
     4  	"encoding/json"
     5  	"sync"
     6  
     7  	"gitee.com/lh-her-team/common/crypto"
     8  	"gitee.com/lh-her-team/common/crypto/pkcs11"
     9  	"gitee.com/lh-her-team/common/crypto/sdf"
    10  	"github.com/pkg/errors"
    11  )
    12  
    13  var once sync.Once
    14  var P11Context *pkcs11Context
    15  
    16  type pkcs11Context struct {
    17  	handle  interface{}
    18  	enable  bool
    19  	keyId   string
    20  	keyType crypto.KeyType
    21  	keyPwd  string
    22  }
    23  
    24  func InitP11Handle(handle interface{}) {
    25  	once.Do(func() {
    26  		if P11Context == nil {
    27  			P11Context = &pkcs11Context{
    28  				handle: handle,
    29  				enable: true,
    30  			}
    31  		}
    32  	})
    33  }
    34  
    35  func (p *pkcs11Context) WithPrivKeyId(keyId string) *pkcs11Context {
    36  	p.keyId = keyId
    37  	return p
    38  }
    39  
    40  func (p *pkcs11Context) WithPrivKeyType(keyType crypto.KeyType) *pkcs11Context {
    41  	p.keyType = keyType
    42  	return p
    43  }
    44  
    45  func (p *pkcs11Context) WithPrivKeyPwd(keyPwd string) *pkcs11Context {
    46  	p.keyPwd = keyPwd
    47  	return p
    48  }
    49  
    50  type pkcs11KeySpec struct {
    51  	KeyId   string `json:"key_id"`
    52  	KeyType string `json:"key_type"`
    53  	KeyPwd  string `json:"key_pwd"`
    54  }
    55  
    56  // CreateP11Key - create pkcs11 private key
    57  func CreateP11Key(handle interface{}, keyType crypto.KeyType, keyId, keyPwd string) ([]byte, crypto.PrivateKey, error) {
    58  	var privKey crypto.PrivateKey
    59  	var err error
    60  	switch h := handle.(type) {
    61  	case *pkcs11.P11Handle:
    62  		privKey, err = pkcs11.NewPrivateKey(h, keyId, keyType)
    63  	case *sdf.SDFHandle:
    64  		privKey, err = sdf.NewPrivateKey(h, keyId, []byte(keyPwd), keyType)
    65  	default:
    66  		err = errors.New("handle type is not supported, must be SDFHandle or P11Handle")
    67  	}
    68  	if err != nil {
    69  		return nil, nil, errors.WithMessage(err, "failed to construct hsm private key")
    70  	}
    71  	keySpec := &pkcs11KeySpec{
    72  		KeyType: crypto.KeyType2NameMap[keyType],
    73  		KeyId:   keyId,
    74  		KeyPwd:  keyPwd,
    75  	}
    76  	keySpecJson, err := json.Marshal(keySpec)
    77  	if err != nil {
    78  		return nil, nil, errors.WithMessage(err, "failed to get key spec json")
    79  	}
    80  	return keySpecJson, privKey, nil
    81  }
    82  
    83  func ParseP11PrivKey(handle interface{}, keySpecJson []byte) (crypto.PrivateKey, error) {
    84  	var keySpec pkcs11KeySpec
    85  	if err := json.Unmarshal(keySpecJson, &keySpec); err != nil {
    86  		return nil, errors.WithMessage(err, "failed to parse pkcs11 keySpec")
    87  	}
    88  	switch h := handle.(type) {
    89  	case *pkcs11.P11Handle:
    90  		return pkcs11.NewPrivateKey(h, keySpec.KeyId, crypto.Name2KeyTypeMap[keySpec.KeyType])
    91  	case *sdf.SDFHandle:
    92  		return sdf.NewPrivateKey(h, keySpec.KeyId, []byte(keySpec.KeyPwd), crypto.Name2KeyTypeMap[keySpec.KeyType])
    93  	}
    94  	return nil, errors.New("handle type is not supported, must be SDFHandle or P11Handle")
    95  }