Golang1.7.3简单的rsa加密封装
发布时间:2020-12-16 18:21:56 所属栏目:大数据 来源:网络整理
导读:package rsas import ( "bytes" "crypto/rand" "crypto/rsa" "crypto/x509" "crypto/x509/pkix" "encoding/pem" "errors" "io" "io/ioutil" "math/big" rd "math/rand" "net" "os" "path/filepath" "time" ) //var Certificate = struct { // RootCA *x509.C
package rsas
import (
"bytes"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"errors"
"io"
"io/ioutil"
"math/big"
rd "math/rand"
"net"
"os"
"path/filepath"
"time"
)
//var Certificate = struct {
// RootCA *x509.Certificate
// RootKey
//}{}
//func InitRootCA(crt,key string) (err error) {
// Certificate.RootCA,Certificate.RootKey,err = Parse(crt,key)
// return
//}
/* x := rsas.CertInformation{ Country: []string{"CH"},Organization: []string{"www.work-stacks.com"},OrganizationalUnit: []string{"Paas"},EmailAddress: []string{"czxichen@163.com"},Province: []string{"JS"},Locality: []string{"SZ"},CommonName: "master.work-stacks.com",DNSNames: []string{"master.work-stacks.com"},EncryptLen: 512,IsCA: true,DateLen: 5,} */
func init() {
rd.Seed(time.Now().UnixNano())
}
type CertInformation struct {
Country []string
Organization []string
OrganizationalUnit []string //使用者
EmailAddress []string
Province []string //省
Locality []string //市
CommonName string //域名
DNSNames []string
IPAddresses []net.IP
IsCA bool //是否是根证书
Names []pkix.AttributeTypeAndValue
CrtName,KeyName string
EncryptLen int //密钥长度
DateLen int //有效期,单位年
}
func SignerCRT(rootcrt *x509.Certificate,rootkey *rsa.PrivateKey,crt *x509.Certificate) ([]byte,error) {
if rootcrt == nil || rootkey == nil {
return nil,errors.New("Root crt is null")
}
buf,err := x509.CreateCertificate(rand.Reader,crt,rootcrt,crt.PublicKey,rootkey)
b := bytes.NewBuffer(nil)
err = Write(b,buf,"CERTIFICATE")
return b.Bytes(),err
}
func CheckSignature(rootcrt *x509.Certificate,crt []byte) error {
ca,err := ParseCrt(crt)
if err != nil {
return err
}
return ca.CheckSignatureFrom(rootcrt)
}
func CreatePemCRT(info CertInformation) (pemcrt []byte,pemkey []byte,err error) {
pemcrt,pemkey,err = CreateCRT(nil,nil,info)
if err != nil {
return
}
cFile := bytes.NewBuffer([]byte{})
err = Write(cFile,pemcrt,"CERTIFICATE")
if err != nil {
return
}
pemcrt = cFile.Bytes()
kFile := bytes.NewBuffer([]byte{})
err = Write(kFile,"PRIVATE KEY")
pemkey = kFile.Bytes()
return
}
func CreateCRT(RootCa *x509.Certificate,RootKey *rsa.PrivateKey,info CertInformation) (crt []byte,key []byte,err error) {
Crt := newCertificate(info)
if info.EncryptLen < 512 {
info.EncryptLen = 512
}
Key,err := rsa.GenerateKey(rand.Reader,info.EncryptLen)
if err != nil {
return
}
key = x509.MarshalPKCS1PrivateKey(Key)
if RootCa == nil || RootKey == nil {
crt,err = x509.CreateCertificate(rand.Reader,Crt,&Key.PublicKey,Key)
} else {
crt,RootCa,RootKey)
}
return
}
func WirteFile(path string,buf []byte,typ string) error {
os.MkdirAll(filepath.Dir(path), 0666)
File,err := os.Create(path)
defer File.Close()
if err != nil {
return err
}
return Write(File,typ)
}
func Write(w io.Writer,typ string) error {
b := &pem.Block{Bytes: buf,Type: typ}
return pem.Encode(w,b)
}
func Parse(crtPath,keyPath string) (rootcertificate *x509.Certificate,rootPrivateKey *rsa.PrivateKey,err error) {
buf,err := ioutil.ReadFile(crtPath)
if err != nil {
return
}
rootcertificate,err = ParseCrt(buf)
if err != nil {
return
}
buf,err = ioutil.ReadFile(keyPath)
if err != nil {
return
}
rootPrivateKey,err = ParseKey(buf)
return
}
func ParseCrt(buf []byte) (*x509.Certificate,error) {
p := &pem.Block{}
p,_ = pem.Decode(buf)
return x509.ParseCertificate(p.Bytes)
}
func ParseKey(buf []byte) (*rsa.PrivateKey,error) {
p,buf := pem.Decode(buf)
return x509.ParsePKCS1PrivateKey(p.Bytes)
}
func newCertificate(info CertInformation) *x509.Certificate {
if info.DateLen == 0 {
info.DateLen = 10
}
return &x509.Certificate{
SerialNumber: big.NewInt(rd.Int63()),Subject: pkix.Name{
Country: info.Country,Organization: info.Organization,OrganizationalUnit: info.OrganizationalUnit,Province: info.Province,CommonName: info.CommonName,Locality: info.Locality,ExtraNames: info.Names,},NotBefore: time.Now(),NotAfter: time.Now().AddDate(info.DateLen, 0, 0),BasicConstraintsValid: true,DNSNames: info.DNSNames,IPAddresses: info.IPAddresses,IsCA: info.IsCA,ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth,x509.ExtKeyUsageServerAuth},KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,EmailAddresses: info.EmailAddress,}
}
(编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |