加入收藏 | 设为首页 | 会员中心 | 我要投稿 李大同 (https://www.lidatong.com.cn/)- 科技、建站、经验、云计算、5G、大数据,站长网!
当前位置: 首页 > 大数据 > 正文

Golang1.7.3简单的rsa加密封装

发布时间:2020-12-16 18:21:56 所属栏目:大数据 来源:网络整理
导读:package rsas import ( "bytes" "crypto/rand" "crypto/rsa" "crypto/x509" "crypto/x509/pkix" "encoding/pem" "errors" "io" "io/ioutil" "math/big" rd "math/rand" "net" "os" "path/filepath" "time" ) //var Certificate = struct { // RootCA *x509.C
package rsas

import (
    "bytes"
    "crypto/rand"
    "crypto/rsa"
    "crypto/x509"
    "crypto/x509/pkix"
    "encoding/pem"
    "errors"
    "io"
    "io/ioutil"
    "math/big"
    rd "math/rand"
    "net"
    "os"
    "path/filepath"
    "time"
)

//var Certificate = struct {
// RootCA *x509.Certificate
// RootKey
//}{}
//func InitRootCA(crt,key string) (err error) {
// Certificate.RootCA,Certificate.RootKey,err = Parse(crt,key)
// return
//}
/* x := rsas.CertInformation{ Country: []string{"CH"},Organization: []string{"www.work-stacks.com"},OrganizationalUnit: []string{"Paas"},EmailAddress: []string{"czxichen@163.com"},Province: []string{"JS"},Locality: []string{"SZ"},CommonName: "master.work-stacks.com",DNSNames: []string{"master.work-stacks.com"},EncryptLen: 512,IsCA: true,DateLen: 5,} */

func init() {
    rd.Seed(time.Now().UnixNano())
}

type CertInformation struct {
    Country            []string
    Organization       []string
    OrganizationalUnit []string //使用者
    EmailAddress       []string
    Province           []string //省
    Locality           []string //市
    CommonName         string   //域名
    DNSNames           []string
    IPAddresses        []net.IP
    IsCA               bool //是否是根证书
    Names              []pkix.AttributeTypeAndValue
    CrtName,KeyName   string
    EncryptLen         int //密钥长度
    DateLen            int //有效期,单位年
}

func SignerCRT(rootcrt *x509.Certificate,rootkey *rsa.PrivateKey,crt *x509.Certificate) ([]byte,error) {
    if rootcrt == nil || rootkey == nil {
        return nil,errors.New("Root crt is null")
    }

    buf,err := x509.CreateCertificate(rand.Reader,crt,rootcrt,crt.PublicKey,rootkey)
    b := bytes.NewBuffer(nil)
    err = Write(b,buf,"CERTIFICATE")
    return b.Bytes(),err
}

func CheckSignature(rootcrt *x509.Certificate,crt []byte) error {
    ca,err := ParseCrt(crt)
    if err != nil {
        return err
    }
    return ca.CheckSignatureFrom(rootcrt)
}

func CreatePemCRT(info CertInformation) (pemcrt []byte,pemkey []byte,err error) {
    pemcrt,pemkey,err = CreateCRT(nil,nil,info)
    if err != nil {
        return
    }

    cFile := bytes.NewBuffer([]byte{})
    err = Write(cFile,pemcrt,"CERTIFICATE")
    if err != nil {
        return
    }
    pemcrt = cFile.Bytes()

    kFile := bytes.NewBuffer([]byte{})
    err = Write(kFile,"PRIVATE KEY")
    pemkey = kFile.Bytes()
    return
}

func CreateCRT(RootCa *x509.Certificate,RootKey *rsa.PrivateKey,info CertInformation) (crt []byte,key []byte,err error) {
    Crt := newCertificate(info)
    if info.EncryptLen < 512 {
        info.EncryptLen = 512
    }

    Key,err := rsa.GenerateKey(rand.Reader,info.EncryptLen)
    if err != nil {
        return
    }

    key = x509.MarshalPKCS1PrivateKey(Key)
    if RootCa == nil || RootKey == nil {
        crt,err = x509.CreateCertificate(rand.Reader,Crt,&Key.PublicKey,Key)
    } else {
        crt,RootCa,RootKey)
    }
    return
}

func WirteFile(path string,buf []byte,typ string) error {
    os.MkdirAll(filepath.Dir(path), 0666)
    File,err := os.Create(path)
    defer File.Close()

    if err != nil {
        return err
    }
    return Write(File,typ)
}

func Write(w io.Writer,typ string) error {
    b := &pem.Block{Bytes: buf,Type: typ}
    return pem.Encode(w,b)
}

func Parse(crtPath,keyPath string) (rootcertificate *x509.Certificate,rootPrivateKey *rsa.PrivateKey,err error) {
    buf,err := ioutil.ReadFile(crtPath)
    if err != nil {
        return
    }
    rootcertificate,err = ParseCrt(buf)
    if err != nil {
        return
    }

    buf,err = ioutil.ReadFile(keyPath)
    if err != nil {
        return
    }
    rootPrivateKey,err = ParseKey(buf)
    return
}

func ParseCrt(buf []byte) (*x509.Certificate,error) {
    p := &pem.Block{}
    p,_ = pem.Decode(buf)
    return x509.ParseCertificate(p.Bytes)
}

func ParseKey(buf []byte) (*rsa.PrivateKey,error) {
    p,buf := pem.Decode(buf)
    return x509.ParsePKCS1PrivateKey(p.Bytes)
}

func newCertificate(info CertInformation) *x509.Certificate {
    if info.DateLen == 0 {
        info.DateLen = 10
    }
    return &x509.Certificate{
        SerialNumber: big.NewInt(rd.Int63()),Subject: pkix.Name{
            Country:            info.Country,Organization:       info.Organization,OrganizationalUnit: info.OrganizationalUnit,Province:           info.Province,CommonName:         info.CommonName,Locality:           info.Locality,ExtraNames:         info.Names,},NotBefore:             time.Now(),NotAfter:              time.Now().AddDate(info.DateLen, 0, 0),BasicConstraintsValid: true,DNSNames:              info.DNSNames,IPAddresses:           info.IPAddresses,IsCA:                  info.IsCA,ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth,x509.ExtKeyUsageServerAuth},KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,EmailAddresses:        info.EmailAddress,}
}

(编辑:李大同)

【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
    相关内容
      推荐文章
        站长推荐
        热点阅读

          【免责声明】本站内容转载自互联网,其发布内容言论不代表本站观点,如果其链接、内容的侵犯您的权益,烦请提交相关链接至邮箱bqsm@foxmail.com我们将及时予以处理。

          建议您使用1920×1080分辨率、谷歌浏览器Google Chrome、Microsoft Edge以获得本站的最佳浏览效果

          Copygight © 2008-2022 https://www.lidatong.com.cn/ All Rights Reserved. 李大同