1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
|
package x509util
import (
"bytes"
"crypto"
"crypto/rand"
"crypto/sha1" //nolint:gosec // SubjectKeyIdentifier by RFC 5280
"crypto/sha256"
"crypto/x509"
"crypto/x509/pkix"
"encoding/asn1"
"math/big"
"net"
"net/url"
"strings"
"unicode"
"unicode/utf8"
"github.com/pkg/errors"
"golang.org/x/net/idna"
"go.step.sm/crypto/fipsutil"
)
var emptyASN1Subject = []byte{0x30, 0}
// SanitizeName converts the given domain to its ASCII form.
func SanitizeName(domain string) (string, error) {
if domain == "" {
return "", errors.New("empty server name")
}
// Note that this conversion is necessary because some server names in the handshakes
// started by some clients (such as cURL) are not converted to Punycode, which will
// prevent us from obtaining certificates for them. In addition, we should also treat
// example.com and EXAMPLE.COM as equivalent and return the same certificate for them.
// Fortunately, this conversion also helped us deal with this kind of mixedcase problems.
//
// Due to the "σςΣ" problem (see https://unicode.org/faq/idn.html#22), we can't use
// idna.Punycode.ToASCII (or just idna.ToASCII) here.
name, err := idna.Lookup.ToASCII(domain)
if err != nil {
return "", errors.New("server name contains invalid character")
}
return name, nil
}
// SplitSANs splits a slice of Subject Alternative Names into slices of
// IP Addresses and DNS Names. If an element is not an IP address, then it
// is bucketed as a DNS Name.
func SplitSANs(sans []string) (dnsNames []string, ips []net.IP, emails []string, uris []*url.URL) {
dnsNames = []string{}
ips = []net.IP{}
emails = []string{}
uris = []*url.URL{}
for _, san := range sans {
ip := net.ParseIP(san)
u, err := url.Parse(san)
switch {
case ip != nil:
ips = append(ips, ip)
case err == nil && u.Scheme != "":
uris = append(uris, u)
case strings.Contains(san, "@"):
emails = append(emails, san)
default:
dnsNames = append(dnsNames, san)
}
}
return
}
// CreateSANs splits the given sans and returns a list of SubjectAlternativeName
// structs.
func CreateSANs(sans []string) []SubjectAlternativeName {
dnsNames, ips, emails, uris := SplitSANs(sans)
sanTypes := make([]SubjectAlternativeName, 0, len(sans))
for _, v := range dnsNames {
sanTypes = append(sanTypes, SubjectAlternativeName{Type: "dns", Value: v})
}
for _, v := range ips {
sanTypes = append(sanTypes, SubjectAlternativeName{Type: "ip", Value: v.String()})
}
for _, v := range emails {
sanTypes = append(sanTypes, SubjectAlternativeName{Type: "email", Value: v})
}
for _, v := range uris {
sanTypes = append(sanTypes, SubjectAlternativeName{Type: "uri", Value: v.String()})
}
return sanTypes
}
// generateSerialNumber returns a random serial number.
func generateSerialNumber() (*big.Int, error) {
limit := new(big.Int).Lsh(big.NewInt(1), 128)
sn, err := rand.Int(rand.Reader, limit)
if err != nil {
return nil, errors.Wrap(err, "error generating serial number")
}
return sn, nil
}
// subjectPublicKeyInfo is a PKIX public key structure defined in RFC 5280.
type subjectPublicKeyInfo struct {
Algorithm pkix.AlgorithmIdentifier
SubjectPublicKey asn1.BitString
}
// generateSubjectKeyID generates the key identifier according the the RFC 5280
// section 4.2.1.2.
//
// The keyIdentifier is composed of the 160-bit SHA-1 hash of the value of the
// BIT STRING subjectPublicKey (excluding the tag, length, and number of unused
// bits).
//
// If FIPS 140-3 mode is enabled, instead of SHA-1, it will use the leftmost
// 160-bits of the SHA-256 hash according to RFC 7093 section 2.
func generateSubjectKeyID(pub crypto.PublicKey) ([]byte, error) {
b, err := x509.MarshalPKIXPublicKey(pub)
if err != nil {
return nil, errors.Wrap(err, "error marshaling public key")
}
var info subjectPublicKeyInfo
if _, err = asn1.Unmarshal(b, &info); err != nil {
return nil, errors.Wrap(err, "error unmarshaling public key")
}
return marshalSubjectKeyID(info.SubjectPublicKey.Bytes), nil
}
// marshalSubjectKeyID marshals the key identifier data using SHA-1 according to
// the RFC 5280 section 4.2.1.2. If FIPS 140-3 mode is enabled it will use the
// leftmost 160-bits of the SHA-256 hash according to RFC 7093 section 2
// instead.
func marshalSubjectKeyID(data []byte) []byte {
if fipsutil.Enabled() {
hash := sha256.Sum256(data)
return hash[:20]
}
//nolint:gosec // SubjectKeyIdentifier by RFC 5280
hash := sha1.Sum(data)
return hash[:]
}
// subjectIsEmpty returns whether the given pkix.Name (aka Subject) is an empty sequence
func subjectIsEmpty(s pkix.Name) bool {
if asn1Subject, err := asn1.Marshal(s.ToRDNSequence()); err == nil {
return bytes.Equal(asn1Subject, emptyASN1Subject)
}
return false
}
// isUTF8String reports whether the given s is a valid utf8 string
func isUTF8String(s string) bool {
return utf8.ValidString(s)
}
// isIA5String reports whether the given s is a valid ia5 string.
func isIA5String(s string) bool {
for _, r := range s {
// Per RFC5280 "IA5String is limited to the set of ASCII characters"
if r > unicode.MaxASCII {
return false
}
}
return true
}
// isNumeric reports whether the given s is a valid ASN1 NumericString.
func isNumericString(s string) bool {
for _, b := range s {
valid := '0' <= b && b <= '9' || b == ' '
if !valid {
return false
}
}
return true
}
|
