p12gen

package module
v0.0.0-...-a88a647 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 5, 2018 License: Apache-2.0 Imports: 13 Imported by: 0

README

p12gen

Examples
Generate private p12 cert and sign by ca cert
package main

import (
	"crypto/x509"
	"fmt"
	"io/ioutil"
	"time"

	"github.com/gogap/p12gen"
	"github.com/gogap/p12gen/template"
)

func OnGenerateCallback(err error, caName string, certTemplate *x509.Certificate, p12Data []byte, p12Password string) {
	if err != nil {
		fmt.Println(err)
		return
	}
	fmt.Println(p12Password)
	ioutil.WriteFile("zeal.p12", p12Data, 0644)
}

func main() {
	var err error

	defer func() {
		if err != nil {
			fmt.Println("ERR:", err)
			return
		}
	}()

	gen := p12gen.NewP12Gen()

	caFile, err := ioutil.ReadFile("ca-cert.pem")
	if err != nil {
		return
	}

	keyFile, err := ioutil.ReadFile("ca-cert.key")
	if err != nil {
		return
	}

	err = gen.LoadCA("gogap-ca-1", caFile, keyFile)

	if err != nil {
		return
	}

	tmpl, err := template.NewClientSideAuthCertTmpl()

	if err != nil {
		return
	}

	certTmpl, err := tmpl.Generate(
		p12gen.CommonName("zeal"),
		p12gen.Country("CN"),
		p12gen.Organization("GoGap"),
		p12gen.OrganizationalUnit("GoGap R&D Center"),
		p12gen.Province("Beijing"),
		p12gen.Locality("Beijing"),
	)

	if err != nil {
		return
	}

	gen.CreateCertificateAsync("gogap-ca-1", "123456", certTmpl, OnGenerateCallback)

	time.Sleep(time.Second)
}
Combine pem cert and key into p12
package main

import (
	"fmt"
	"io/ioutil"

	"github.com/gogap/p12gen"
)

func main() {
	var err error

	defer func() {
		if err != nil {
			fmt.Println("ERR:", err)
			return
		}
	}()

	certData, err := ioutil.ReadFile("zeal.crt")
	if err != nil {
		return
	}

	keyData, err := ioutil.ReadFile("zeal.key")
	if err != nil {
		return
	}

	p12Data, err := p12gen.PEMToP12(certData, keyData, "111111", "123456")
	if err != nil {
		return
	}

	ioutil.WriteFile("zeal.p12", p12Data, 0644)
}
Tips

if your key file have password, it should be looks like:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-CBC,4A831344AE3B61AF

NIa85byEwKQ4QZSJOWMNe8SMbqXLPCVAGbWIOgMQZ/OjWF3A/ZzD0C4JlmUpuDM+
b7+UGuh//obxPJEEn9W93g0zDJnmXCv1co5xbBgZ/zK0vpiQTCsNWOz9vl6u5Wzs
......
-----END RSA PRIVATE KEY-----

It must be have headers

Add password for rsa key

$ openssl rsa -des -in ca-cert-nopassword.key -out ca-cert.key

Remove password for encryped private key

$ openssl rsa -in ca-cert.key -out ca-cert-nopassword.key
packages forked

pkcs12 is forked from https://github.com/SSLMate/go-pkcs12

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func PEMToP12 

func PEMToP12(certData, keyData []byte, keyPassword, p12Password string) (p12Data []byte, err error)

Types

type CA 

type CA struct {
	// contains filtered or unexported fields
}

func (*CA) Count 

func (p *CA) Count() int

type CallbackFunc 

type CallbackFunc func(err error, caName string, certTemplate *x509.Certificate, p12Data []byte, p12Password string)

type CertOption 

type CertOption func(cert *x509.Certificate) (err error)

func CRLDistributionPoints 

func CRLDistributionPoints(v ...string) CertOption

func CommonName 

func CommonName(cn string) CertOption

func Country 

func Country(v ...string) CertOption

func DNSNames 

func DNSNames(dnsNames ...string) CertOption

func EmailAddresses 

func EmailAddresses(emails ...string) CertOption

func IPAddresses 

func IPAddresses(ipAddresses ...string) CertOption

func IssuingCertificateURL 

func IssuingCertificateURL(v ...string) CertOption

func Locality 

func Locality(v ...string) CertOption

func NotAfter 

func NotAfter(t time.Time) CertOption

func NotBefore 

func NotBefore(t time.Time) CertOption

func Organization 

func Organization(v ...string) CertOption

func OrganizationalUnit 

func OrganizationalUnit(v ...string) CertOption

func Province 

func Province(v ...string) CertOption

func SerialNumber 

func SerialNumber(sn int64) CertOption

func SignatureAlgorithm 

func SignatureAlgorithm(alog x509.SignatureAlgorithm) CertOption

type CertTemplater 

type CertTemplater interface {
	Generate(opts ...CertOption) (certTemplate *x509.Certificate, err error)
}

type P12Gen 

type P12Gen struct {
	// contains filtered or unexported fields
}

func NewP12Gen 

func NewP12Gen() *P12Gen

func (*P12Gen) CreateCertificate 

func (p *P12Gen) CreateCertificate(caName, caPassword string, certTemplate *x509.Certificate) (p12Data []byte, p12Pwd string, err error)

func (*P12Gen) CreateCertificateAsync 

func (p *P12Gen) CreateCertificateAsync(caName, caPassword string, certTemplate *x509.Certificate, callbacks ...CallbackFunc)

func (*P12Gen) LoadCA 

func (p *P12Gen) LoadCA(name string, certData, keyData []byte) (err error)

func (*P12Gen) WithPwdGenerator 

func (p *P12Gen) WithPwdGenerator(fn PasswordGenerateFunc)

type PasswordGenerateFunc 

type PasswordGenerateFunc func() string

Source Files

View all Source files

Directories

Path Synopsis
Package pkcs12 implements some of PKCS#12.
 Package pkcs12 implements some of PKCS#12.
internal/rc2
Package rc2 implements the RC2 cipher https://www.ietf.org/rfc/rfc2268.txt http://people.csail.mit.edu/rivest/pubs/KRRR98.pdf This code is licensed under the MIT license.
 Package rc2 implements the RC2 cipher https://www.ietf.org/rfc/rfc2268.txt http://people.csail.mit.edu/rivest/pubs/KRRR98.pdf This code is licensed under the MIT license.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.