代码拉取完成,页面将自动刷新
package x509
import (
"bytes"
"crypto"
"crypto/rand"
"crypto/rsa"
"encoding/asn1"
"encoding/pem"
"errors"
// "github.com/Hyperledger-TWGC/tjfoc-gm/sm2"
"io/ioutil"
"os"
"gitee.com/china_uni/tjfoc-gm/sm2"
)
func ReadPrivateKeyFromPem(privateKeyPem []byte, pwd []byte) (*sm2.PrivateKey, error) {
var block *pem.Block
block, _ = pem.Decode(privateKeyPem)
if block == nil {
return nil, errors.New("failed to decode private key")
}
priv, err := ParsePKCS8PrivateKey(block.Bytes, pwd)
return priv, err
}
func WritePrivateKeytoPem(key *sm2.PrivateKey, pwd []byte) ([]byte, error) {
var block *pem.Block
der, err := MarshalSm2PrivateKey(key, pwd)
if err != nil {
return nil, err
}
if pwd != nil {
block = &pem.Block{
Type: "ENCRYPTED PRIVATE KEY",
Bytes: der,
}
} else {
block = &pem.Block{
Type: "PRIVATE KEY",
Bytes: der,
}
}
certPem := pem.EncodeToMemory(block)
return certPem, nil
}
func ReadPublicKeyFromPem(FileName string) (*sm2.PublicKey, error) {
data, err := ioutil.ReadFile(FileName)
if err != nil {
return nil, err
}
block, _ := pem.Decode(data)
if block == nil || block.Type != "PUBLIC KEY" {
return nil, errors.New("failed to decode public key")
}
return ParseSm2PublicKey(block.Bytes)
}
func WritePublicKeytoPem(FileName string, key *sm2.PublicKey) error {
der, err := MarshalSm2PublicKey(key)
if err != nil {
return err
}
block := &pem.Block{
Type: "PUBLIC KEY",
Bytes: der,
}
certPem := pem.EncodeToMemory(block)
file, err := os.Create(FileName)
defer func() {
err = file.Close()
}()
if err != nil {
return err
}
_, err = file.Write(certPem)
if err != nil {
return err
}
return nil
}
func ReadCertificateRequestFromPem(FileName string) (*CertificateRequest, error) {
data, err := ioutil.ReadFile(FileName)
if err != nil {
return nil, err
}
block, _ := pem.Decode(data)
if block == nil {
return nil, errors.New("failed to decode certificate request")
}
return ParseCertificateRequest(block.Bytes)
}
func CreateCertificateRequestToMem2(template *CertificateRequest, privKey *sm2.PrivateKey) ([]byte, error) {
der, err := CreateCertificateRequest(rand.Reader, template, privKey)
if err != nil {
return nil, err
}
block := &pem.Block{
Type: "CERTIFICATE REQUEST",
Bytes: der,
}
return pem.EncodeToMemory(block), nil
}
func CreateCertificateRequestToPem(FileName string, template *CertificateRequest, privKey *sm2.PrivateKey) error {
der, err := CreateCertificateRequest(rand.Reader, template, privKey)
if err != nil {
return err
}
block := &pem.Block{
Type: "CERTIFICATE REQUEST",
Bytes: der,
}
file, err := os.Create(FileName)
if err != nil {
return err
}
defer func() {
err = file.Close()
}()
err = pem.Encode(file, block)
if err != nil {
return err
}
return nil
}
func ReadCertificateFromMem(data []byte) (*Certificate, error) {
block, _ := pem.Decode(data)
if block == nil {
return nil, errors.New("failed to decode certificate request")
}
return ParseCertificate(block.Bytes)
}
func ReadCertificateFromPem(FileName string) (*Certificate, error) {
data, err := ioutil.ReadFile(FileName)
if err != nil {
return nil, err
}
block, _ := pem.Decode(data)
if block == nil {
return nil, errors.New("failed to decode certificate request")
}
return ParseCertificate(block.Bytes)
}
func CreateCertificateToPem(FileName string, template, parent *Certificate, pubKey *sm2.PublicKey, privKey *sm2.PrivateKey) error {
if template.SerialNumber == nil {
return errors.New("x509: no SerialNumber given")
}
hashFunc, signatureAlgorithm, err := signingParamsForPublicKey(privKey.Public(), template.SignatureAlgorithm)
if err != nil {
return err
}
publicKeyBytes, publicKeyAlgorithm, err := marshalPublicKey(pubKey)
if err != nil {
return err
}
asn1Issuer, err := subjectBytes(parent)
if err != nil {
return err
}
asn1Subject, err := subjectBytes(template)
if err != nil {
return err
}
if !bytes.Equal(asn1Issuer, asn1Subject) && len(parent.SubjectKeyId) > 0 {
template.AuthorityKeyId = parent.SubjectKeyId
}
extensions, err := buildExtensions(template)
if err != nil {
return err
}
encodedPublicKey := asn1.BitString{BitLength: len(publicKeyBytes) * 8, Bytes: publicKeyBytes}
c := tbsCertificate{
Version: 2,
SerialNumber: template.SerialNumber,
SignatureAlgorithm: signatureAlgorithm,
Issuer: asn1.RawValue{FullBytes: asn1Issuer},
Validity: validity{template.NotBefore.UTC(), template.NotAfter.UTC()},
Subject: asn1.RawValue{FullBytes: asn1Subject},
PublicKey: publicKeyInfo{nil, publicKeyAlgorithm, encodedPublicKey},
Extensions: extensions,
}
tbsCertContents, err := asn1.Marshal(c)
if err != nil {
return err
}
c.Raw = tbsCertContents
digest := tbsCertContents
switch template.SignatureAlgorithm {
case SM2WithSM3, SM2WithSHA1, SM2WithSHA256:
break
default:
h := hashFunc.New()
h.Write(tbsCertContents)
digest = h.Sum(nil)
}
var signerOpts crypto.SignerOpts
signerOpts = hashFunc
if template.SignatureAlgorithm != 0 && template.SignatureAlgorithm.isRSAPSS() {
signerOpts = &rsa.PSSOptions{
SaltLength: rsa.PSSSaltLengthEqualsHash,
Hash: crypto.Hash(hashFunc),
}
}
var signature []byte
signature, err = privKey.Sign(rand.Reader, digest, signerOpts)
if err != nil {
return err
}
der, err := asn1.Marshal(certificate{
nil,
c,
signatureAlgorithm,
asn1.BitString{Bytes: signature, BitLength: len(signature) * 8},
})
if err != nil {
return err
}
block := &pem.Block{
Type: "CERTIFICATE",
Bytes: der,
}
certPem := pem.EncodeToMemory(block)
file, err := os.Create(FileName)
if err != nil {
return err
}
defer func() {
err = file.Close()
}()
_, err = file.Write(certPem)
if err != nil {
return err
}
return nil
}
func CreateCertificateToMem(template, parent *Certificate, pubKey *sm2.PublicKey, privKey *sm2.PrivateKey) ([]byte, error) {
der, err := CreateCertificate(rand.Reader, template, parent, pubKey, privKey)
if err != nil {
return nil, err
}
block := &pem.Block{
Type: "CERTIFICATE",
Bytes: der,
}
return pem.EncodeToMemory(block), nil
}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手