Ajout export P12
This commit is contained in:
stef
@@ -36,12 +36,14 @@ func (s *CryptoService) GenerateRootCA(req models.CreateCARequest) (*models.CA,
|
||||
}
|
||||
// Préparer le sujet avec email optionnel
|
||||
subject := pkix.Name{
|
||||
CommonName: req.CommonName,
|
||||
Organization: []string{req.Organization},
|
||||
OrganizationalUnit []string{req.OrganizationalUnit},
|
||||
Country: []string{req.Country},
|
||||
Province: []string{req.Province},
|
||||
Locality: []string{req.Locality},
|
||||
CommonName: req.CommonName,
|
||||
Organization: []string{req.Organization},
|
||||
OrganizationalUnit: []string{req.OrganizationalUnit},
|
||||
Country: []string{req.Country},
|
||||
Province: []string{req.Province},
|
||||
Locality: []string{req.Locality},
|
||||
StreetAddress: []string{req.StreetAddress},
|
||||
PostalCode: []string{req.PostalCode},
|
||||
}
|
||||
|
||||
// Ajouter l'email seulement s'il est fourni
|
||||
@@ -85,21 +87,23 @@ func (s *CryptoService) GenerateRootCA(req models.CreateCARequest) (*models.CA,
|
||||
})
|
||||
|
||||
ca := &models.CA{
|
||||
ID: fmt.Sprintf("ca_%d", time.Now().UnixNano()),
|
||||
Name: req.Name,
|
||||
CommonName: req.CommonName,
|
||||
Organization: req.Organization,
|
||||
ID: fmt.Sprintf("ca_%d", time.Now().UnixNano()),
|
||||
Name: req.Name,
|
||||
CommonName: req.CommonName,
|
||||
Organization: req.Organization,
|
||||
OrganizationalUnit: req.OrganizationalUnit,
|
||||
Country: req.Country,
|
||||
Province: req.Province,
|
||||
Locality: req.Locality,
|
||||
Email: req.Email,
|
||||
PrivateKey: string(privPEM),
|
||||
Certificate: string(certPEM),
|
||||
SerialNumber: serialNumber.String(),
|
||||
ValidFrom: template.NotBefore,
|
||||
ValidTo: template.NotAfter,
|
||||
IsRoot: req.IsRoot,
|
||||
Country: req.Country,
|
||||
Province: req.Province,
|
||||
Locality: req.Locality,
|
||||
StreetAddress: req.StreetAddress,
|
||||
PostalCode: req.PostalCode,
|
||||
Email: req.Email,
|
||||
PrivateKey: string(privPEM),
|
||||
Certificate: string(certPEM),
|
||||
SerialNumber: serialNumber.String(),
|
||||
ValidFrom: template.NotBefore,
|
||||
ValidTo: template.NotAfter,
|
||||
IsRoot: req.IsRoot,
|
||||
}
|
||||
|
||||
return ca, nil
|
||||
@@ -137,12 +141,12 @@ func (s *CryptoService) GenerateSubCA(req models.CreateSubCARequest, parentCA *m
|
||||
return nil, fmt.Errorf("failed to generate serial number: %v", err)
|
||||
}
|
||||
subject := pkix.Name{
|
||||
CommonName: req.CommonName,
|
||||
Organization: []string{req.Organization},
|
||||
OrganizationalUnit []string{req.OrganizationalUnit},
|
||||
Country: []string{req.Country},
|
||||
Province: []string{req.Province},
|
||||
Locality: []string{req.Locality},
|
||||
CommonName: req.CommonName,
|
||||
Organization: []string{req.Organization},
|
||||
OrganizationalUnit: []string{req.OrganizationalUnit},
|
||||
Country: []string{req.Country},
|
||||
Province: []string{req.Province},
|
||||
Locality: []string{req.Locality},
|
||||
}
|
||||
template := x509.Certificate{
|
||||
SerialNumber: serialNumber,
|
||||
@@ -176,21 +180,21 @@ func (s *CryptoService) GenerateSubCA(req models.CreateSubCARequest, parentCA *m
|
||||
})
|
||||
|
||||
subca := &models.SubCA{
|
||||
ID: fmt.Sprintf("subca_%d", time.Now().UnixNano()),
|
||||
Name: req.Name,
|
||||
CommonName: req.CommonName,
|
||||
Organization: req.Organization,
|
||||
ID: fmt.Sprintf("subca_%d", time.Now().UnixNano()),
|
||||
Name: req.Name,
|
||||
CommonName: req.CommonName,
|
||||
Organization: req.Organization,
|
||||
OrganizationalUnit: req.OrganizationalUnit,
|
||||
Country: req.Country,
|
||||
Province: req.Province,
|
||||
Locality: req.Locality,
|
||||
Email: req.Email,
|
||||
PrivateKey: string(privPEM),
|
||||
Certificate: string(certPEM),
|
||||
SerialNumber: serialNumber.String(),
|
||||
ValidFrom: template.NotBefore,
|
||||
ValidTo: template.NotAfter,
|
||||
ParentCAID: req.ParentCAID,
|
||||
Country: req.Country,
|
||||
Province: req.Province,
|
||||
Locality: req.Locality,
|
||||
Email: req.Email,
|
||||
PrivateKey: string(privPEM),
|
||||
Certificate: string(certPEM),
|
||||
SerialNumber: serialNumber.String(),
|
||||
ValidFrom: template.NotBefore,
|
||||
ValidTo: template.NotAfter,
|
||||
ParentCAID: req.ParentCAID,
|
||||
}
|
||||
|
||||
return subca, nil
|
||||
@@ -245,7 +249,6 @@ func (s *CryptoService) GenerateCertificate(req models.CreateCertificateRequest,
|
||||
default:
|
||||
return nil, fmt.Errorf("unsupported issuer type")
|
||||
}
|
||||
|
||||
// Generate certificate private key
|
||||
priv, err := rsa.GenerateKey(rand.Reader, req.KeySize)
|
||||
if err != nil {
|
||||
@@ -258,17 +261,25 @@ func (s *CryptoService) GenerateCertificate(req models.CreateCertificateRequest,
|
||||
return nil, fmt.Errorf("failed to generate serial number: %v", err)
|
||||
}
|
||||
|
||||
subject := pkix.Name{
|
||||
CommonName: req.CommonName,
|
||||
Organization: []string{issuerCert.Subject.Organization[0]},
|
||||
OrganizationalUnit: []string{issuerCert.Subject.OrganizationalUnit[0]},
|
||||
Country: []string{issuerCert.Subject.Country[0]},
|
||||
Province: []string{issuerCert.Subject.Province[0]},
|
||||
Locality: []string{issuerCert.Subject.Locality[0]},
|
||||
StreetAddress: []string{issuerCert.Subject.StreetAddress[0]},
|
||||
PostalCode: []string{issuerCert.Subject.PostalCode[0]},
|
||||
}
|
||||
template := x509.Certificate{
|
||||
SerialNumber: serialNumber,
|
||||
Subject: pkix.Name{
|
||||
CommonName: req.CommonName,
|
||||
},
|
||||
NotBefore: time.Now(),
|
||||
NotAfter: time.Now().AddDate(0, 0, req.ValidDays),
|
||||
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
|
||||
ExtKeyUsage: s.getExtKeyUsage(req.Type),
|
||||
DNSNames: req.DNSNames,
|
||||
IPAddresses: s.parseIPs(req.IPAddresses),
|
||||
Subject: subject,
|
||||
NotBefore: time.Now(),
|
||||
NotAfter: time.Now().AddDate(0, 0, req.ValidDays),
|
||||
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
|
||||
ExtKeyUsage: s.getExtKeyUsage(req.Type),
|
||||
DNSNames: req.DNSNames,
|
||||
IPAddresses: s.parseIPs(req.IPAddresses),
|
||||
}
|
||||
|
||||
// Sign the certificate
|
||||
@@ -293,7 +304,6 @@ func (s *CryptoService) GenerateCertificate(req models.CreateCertificateRequest,
|
||||
cert := &models.Certificate{
|
||||
ID: fmt.Sprintf("cert_%d", time.Now().UnixNano()),
|
||||
CommonName: req.CommonName,
|
||||
Subject: template.Subject.String(),
|
||||
DNSNames: req.DNSNames,
|
||||
IPAddresses: req.IPAddresses,
|
||||
Type: req.Type,
|
||||
@@ -329,3 +339,30 @@ func (s *CryptoService) parseIPs(ips []string) []net.IP {
|
||||
}
|
||||
return parsedIPs
|
||||
}
|
||||
|
||||
func (s *CryptoService) ParseCertificate(data []byte) (*x509.Certificate, error) {
|
||||
block, _ := pem.Decode(data)
|
||||
if block == nil {
|
||||
return nil, fmt.Errorf("format PEM invalide")
|
||||
}
|
||||
return x509.ParseCertificate(block.Bytes)
|
||||
}
|
||||
|
||||
func (s *CryptoService) ParsePrivateKey(data []byte) (interface{}, error) {
|
||||
block, _ := pem.Decode(data)
|
||||
if block == nil {
|
||||
return nil, fmt.Errorf("format PEM invalide")
|
||||
}
|
||||
|
||||
if key, err := x509.ParsePKCS1PrivateKey(block.Bytes); err == nil {
|
||||
return key, nil
|
||||
}
|
||||
if key, err := x509.ParsePKCS8PrivateKey(block.Bytes); err == nil {
|
||||
return key, nil
|
||||
}
|
||||
if key, err := x509.ParseECPrivateKey(block.Bytes); err == nil {
|
||||
return key, nil
|
||||
}
|
||||
|
||||
return nil, fmt.Errorf("format de clé non supporté")
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user