utils/certificate_wi.go

//go:build windows

package utils

import (
	"crypto/ecdsa"
	"crypto/elliptic"
	"crypto/rand"
	"crypto/tls"
	"crypto/x509"
	"crypto/x509/pkix"
	"encoding/pem"
	"github.com/hectane/go-acl"
	"io/ioutil"
	"math/big"
	"os"
	"time"
)

func GenerateCertificate(certPath, keyPath string, isServer bool) {
	priv, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
	if err != nil {
		panic(err)
	}

	notBefore := time.Now()
	notAfter := notBefore.Add(365 * 24 * time.Hour)

	var keyUsage x509.KeyUsage
	var extKeyUsage []x509.ExtKeyUsage

	if isServer {
		keyUsage = x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature
		extKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}
	} else {
		keyUsage = x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature
		extKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}
	}

	template := x509.Certificate{
		SerialNumber:          big.NewInt(1),
		Subject:               pkix.Name{Organization: []string{"Secure data transfer"}},
		NotBefore:             notBefore,
		NotAfter:              notAfter,
		KeyUsage:              keyUsage,
		ExtKeyUsage:           extKeyUsage,
		BasicConstraintsValid: true,
	}

	certDER, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
	if err != nil {
		panic(err)
	}

	certFile, err := os.Create(certPath)
	if err != nil {
		panic(err)
	}
	defer certFile.Close()
	acl.Chmod(certFile.Name(), 600)
	pem.Encode(certFile, &pem.Block{Type: "CERTIFICATE", Bytes: certDER})

	keyFile, err := os.Create(keyPath)
	if err != nil {
		panic(err)
	}
	defer keyFile.Close()
	privBytes, err := x509.MarshalECPrivateKey(priv)
	if err != nil {
		panic(err)
	}
	acl.Chmod(keyFile.Name(), 600)
	pem.Encode(keyFile, &pem.Block{Type: "EC PRIVATE KEY", Bytes: privBytes})
}

func LoadCertificate(certPath, keyPath string) tls.Certificate {
	cert, err := tls.LoadX509KeyPair(certPath, keyPath)
	if err != nil {
		panic(err)
	}
	return cert
}

func LoadClientCA(certPath string) *x509.CertPool {
	pool := x509.NewCertPool()
	certPEM, err := ioutil.ReadFile(certPath)
	if err != nil {
		panic(err)
	}
	pool.AppendCertsFromPEM(certPEM)
	return pool
}
. 2024-01-28 17:38:37 +03:30			`//go:build windows`

			`package utils`

			`import (`
			`"crypto/ecdsa"`
			`"crypto/elliptic"`
			`"crypto/rand"`
			`"crypto/tls"`
			`"crypto/x509"`
			`"crypto/x509/pkix"`
			`"encoding/pem"`
			`"github.com/hectane/go-acl"`
			`"io/ioutil"`
			`"math/big"`
			`"os"`
			`"time"`
			`)`

			`func GenerateCertificate(certPath, keyPath string, isServer bool) {`
			`priv, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)`
			`if err != nil {`
			`panic(err)`
			`}`

			`notBefore := time.Now()`
			`notAfter := notBefore.Add(365 * 24 * time.Hour)`

			`var keyUsage x509.KeyUsage`
			`var extKeyUsage []x509.ExtKeyUsage`

			`if isServer {`
			`keyUsage = x509.KeyUsageKeyEncipherment \| x509.KeyUsageDigitalSignature`
			`extKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}`
			`} else {`
			`keyUsage = x509.KeyUsageKeyEncipherment \| x509.KeyUsageDigitalSignature`
			`extKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}`
			`}`

			`template := x509.Certificate{`
			`SerialNumber: big.NewInt(1),`
			`Subject: pkix.Name{Organization: []string{"Secure data transfer"}},`
			`NotBefore: notBefore,`
			`NotAfter: notAfter,`
			`KeyUsage: keyUsage,`
			`ExtKeyUsage: extKeyUsage,`
			`BasicConstraintsValid: true,`
			`}`

			`certDER, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)`
			`if err != nil {`
			`panic(err)`
			`}`

			`certFile, err := os.Create(certPath)`
			`if err != nil {`
			`panic(err)`
			`}`
			`defer certFile.Close()`
			`acl.Chmod(certFile.Name(), 600)`
			`pem.Encode(certFile, &pem.Block{Type: "CERTIFICATE", Bytes: certDER})`

			`keyFile, err := os.Create(keyPath)`
			`if err != nil {`
			`panic(err)`
			`}`
			`defer keyFile.Close()`
			`privBytes, err := x509.MarshalECPrivateKey(priv)`
			`if err != nil {`
			`panic(err)`
			`}`
			`acl.Chmod(keyFile.Name(), 600)`
			`pem.Encode(keyFile, &pem.Block{Type: "EC PRIVATE KEY", Bytes: privBytes})`
			`}`

			`func LoadCertificate(certPath, keyPath string) tls.Certificate {`
			`cert, err := tls.LoadX509KeyPair(certPath, keyPath)`
			`if err != nil {`
			`panic(err)`
			`}`
			`return cert`
			`}`

			`func LoadClientCA(certPath string) *x509.CertPool {`
			`pool := x509.NewCertPool()`
			`certPEM, err := ioutil.ReadFile(certPath)`
			`if err != nil {`
			`panic(err)`
			`}`
			`pool.AppendCertsFromPEM(certPEM)`
			`return pool`
			`}`