File: config.go

package info (click to toggle)
acmetool 0.2.2-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 792 kB
  • sloc: sh: 349; makefile: 105
file content (94 lines) | stat: -rw-r--r-- 2,066 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
package storage

import (
	"crypto/elliptic"
	"github.com/hlandau/acmetool/fdb"
	"strings"
)

// Legacy Configuration

func (s *fdbStore) loadWebrootPaths() {
	if len(s.defaultTarget.Request.Challenge.WebrootPaths) != 0 {
		// Path list in default target file takes precedence.
		return
	}

	webrootPath, _ := fdb.String(s.db.Collection("conf").Open("webroot-path")) // ignore errors
	webrootPath = strings.TrimSpace(webrootPath)
	webrootPaths := strings.Split(webrootPath, "\n")
	for i := range webrootPaths {
		webrootPaths[i] = strings.TrimSpace(webrootPaths[i])
	}

	if len(webrootPaths) == 1 && webrootPaths[0] == "" {
		webrootPaths = nil
	}

	s.defaultTarget.Request.Challenge.WebrootPaths = webrootPaths
}

func (s *fdbStore) loadRSAKeySize() {
	if s.defaultTarget.Request.Key.RSASize != 0 {
		// setting in default target file takes precedence
		return
	}

	n, err := fdb.Uint(s.db.Collection("conf"), "rsa-key-size", 31)
	if err != nil {
		return
	}

	s.defaultTarget.Request.Key.RSASize = int(n)

	if nn := clampRSAKeySize(int(n)); nn != int(n) {
		log.Warnf("An RSA key size of %d is not supported; must have %d <= size <= %d; clamping at %d", n, minRSASize, maxRSASize, nn)
	}
}

// Key Parameters

const (
	minRSASize     = 2048
	defaultRSASize = 2048
	maxRSASize     = 4096
)

func clampRSAKeySize(sz int) int {
	if sz == 0 {
		return defaultRSASize
	}
	if sz < minRSASize {
		return minRSASize
	}
	if sz > maxRSASize {
		return maxRSASize
	}
	return sz
}

const defaultCurve = "nistp256"

// Make sure the curve name is valid and use a default curve name. "clamp" is
// not the sanest name here but is consistent with clampRSAKeySize.
func clampECDSACurve(curveName string) string {
	switch curveName {
	case "nistp256", "nistp384", "nistp521":
		return curveName
	default:
		return defaultCurve
	}
}

func getECDSACurve(curveName string) elliptic.Curve {
	switch clampECDSACurve(curveName) {
	case "nistp256":
		return elliptic.P256()
	case "nistp384":
		return elliptic.P384()
	case "nistp521":
		return elliptic.P521()
	default:
		return nil
	}
}