github.com/haraldrudell/parl@v0.4.176/parlca/certificate.go (about) 1 /* 2 © 2021–present Harald Rudell <harald.rudell@gmail.com> (https://haraldrudell.github.io/haraldrudell/) 3 ISC License 4 */ 5 6 package parlca 7 8 import ( 9 "crypto/x509" 10 "encoding/pem" 11 12 "github.com/haraldrudell/parl" 13 "github.com/haraldrudell/parl/perrors" 14 ) 15 16 // Certificate wraps a der format x509 certificate. 17 // A der-format certificate is produced by x509.CreateCertificate. 18 // An x509.Certificate can be obtained by using x509.ParseCertificate. 19 type Certificate struct { 20 /* 21 // x509.Certificate 22 23 CheckCRLSignature(crl *pkix.CertificateList) (err error) 24 CheckSignature(algo x509.SignatureAlgorithm, signed, signature []byte) (err error) 25 CheckSignatureFrom(parent *x509.Certificate) (err error) 26 CreateCRL(rand io.Reader, priv any, revokedCerts []pkix.RevokedCertificate, 27 now, expiry time.Time) (crlBytes []byte, err error) 28 Equal(other *x509.Certificate) (isEqual bool) 29 Verify(opts x509.VerifyOptions) (chains [][]*x509.Certificate, err error) 30 VerifyHostname(host string) (err error) 31 */ 32 33 der parl.CertificateDer 34 } 35 36 func NewCertificate(certificateDer parl.CertificateDer) (certificate parl.Certificate) { 37 return &Certificate{der: certificateDer} 38 } 39 40 // 221121 don’t know what this is. Make it compile 41 func LoadCertificate(filename string) {} 42 43 /* 44 func (c *Certificate) IsValid() (isValid bool) { 45 if !c.HasPublic() { 46 return 47 } 48 cert := c.Certificate 49 if cert.SerialNumber == nil || 50 cert.Issuer.CommonName == "" || 51 len(cert.Issuer.Country) == 0 || 52 cert.NotBefore.IsZero() || 53 cert.NotAfter.IsZero() || 54 cert.KeyUsage == 0 { 55 return 56 } 57 isValid = true 58 return 59 } 60 61 func (c *Certificate) HasPublic() (hasPublic bool) { 62 if len(c.PublicKeyBytes()) == 0 || 63 c.Certificate.PublicKeyAlgorithm == x509.UnknownPublicKeyAlgorithm { 64 return 65 } 66 hasPublic = true 67 return 68 } 69 70 func (c *Certificate) PublicKeyBytes() (bytes []byte) { 71 if c == nil { 72 return 73 } 74 cert := c.Certificate 75 if cert == nil { 76 return 77 } 78 //ed25519PublicKey, ok := cert.PublicKey.(*rsa.PublicKey) 79 ok := false 80 81 //ed25519PublicKey, ok := cert.PublicKey.(ed25519.PublicKey) 82 if !ok { 83 panic(perrors.Errorf("Bad PublicKey type: %T", cert.PublicKey)) 84 } 85 //bytes = ed25519PublicKey 86 return 87 } 88 */ 89 func (ca *Certificate) DER() (certificateDer parl.CertificateDer) { 90 return ca.der 91 } 92 93 func (ca *Certificate) PEM() (pemBytes parl.PemBytes) { 94 return append([]byte(PemText(ca.der, ca.der)), pem.EncodeToMemory(&pem.Block{ 95 Type: pemCertificateType, 96 Bytes: ca.DER(), 97 })...) 98 } 99 100 func (ca *Certificate) ParseCertificate() (certificate *x509.Certificate, err error) { 101 certificateDer := ca.der 102 if len(certificateDer) == 0 { 103 err = perrors.New("certificate der uninitialized") 104 return 105 } 106 certificate, err = x509.ParseCertificate(certificateDer) 107 perrors.IsPF(&err, "x509.ParseCertificate: '%w'", err) 108 return 109 }