You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
star/cert/cert.go

1000 lines
33 KiB
Go

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

package cert
import (
"b612.me/starcrypto"
"b612.me/starlog"
"crypto/dsa"
"crypto/ecdh"
"crypto/ecdsa"
"crypto/ed25519"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"errors"
"fmt"
"golang.org/x/crypto/ssh"
"os"
"software.sslmate.com/src/go-pkcs12"
"strings"
)
func ParseCert(data []byte, pwd string) {
oriData := data
{
pems, err := pkcs12.ToPEM(data, pwd)
if err == nil {
for _, v := range pems {
switch v.Type {
case "CERTIFICATE":
cert, err := x509.ParseCertificate(v.Bytes)
if err != nil {
continue
}
starlog.Green("这是一个PKCS12文件\n")
starlog.Green("-----证书信息-----\n\n")
starlog.Green("证书版本:%d\n", cert.Version)
starlog.Green("证书序列号:%d\n", cert.SerialNumber)
starlog.Green("证书签发者:%s\n", cert.Issuer)
starlog.Green("证书开始时间:%s\n", cert.NotBefore)
starlog.Green("证书结束时间:%s\n", cert.NotAfter)
starlog.Green("证书扩展:%+v\n", cert.Extensions)
starlog.Green("证书签名算法:%s\n", cert.SignatureAlgorithm)
starlog.Green("证书签名:%x\n", cert.Signature)
starlog.Green("证书公钥:%+v\n", cert.PublicKey)
starlog.Green("证书公钥算法:%s\n", cert.PublicKeyAlgorithm)
starlog.Green("证书密钥用法:%v\n", keyUsageToStrings(cert.KeyUsage))
starlog.Green("证书扩展密钥用法:%v\n", extKeyUsageToStrings(cert.ExtKeyUsage))
starlog.Green("证书是否CA%t\n", cert.IsCA)
starlog.Green("证书最大路径长度:%d\n", cert.MaxPathLen)
starlog.Green("证书最大路径长度是否为0%t\n", cert.MaxPathLenZero)
starlog.Green("证书是否根证书:%t\n", cert.BasicConstraintsValid)
starlog.Green("证书国家:%+v\n", cert.Subject.Country)
starlog.Green("证书省份:%+v\n", cert.Subject.Province)
starlog.Green("证书城市:%+v\n", cert.Subject.Locality)
starlog.Green("证书组织:%+v\n", cert.Subject.Organization)
starlog.Green("证书组织单位:%+v\n", cert.Subject.OrganizationalUnit)
starlog.Green("证书通用名称:%s\n", cert.Subject.CommonName)
starlog.Green("证书DNS%+v\n", cert.DNSNames)
starlog.Green("证书主题:%s\n", cert.Subject.String())
starlog.Green("-----公钥信息-----\n\n")
pub := cert.PublicKey
switch n := pub.(type) {
case *rsa.PublicKey:
starlog.Green("公钥算法为RSA\n")
starlog.Green("公钥位数:%d\n", n.Size())
starlog.Green("公钥长度:%d\n", n.N.BitLen())
starlog.Green("公钥指数:%d\n", n.E)
case *ecdsa.PublicKey:
starlog.Green("公钥算法为ECDSA\n")
starlog.Green("公钥位数:%d\n", n.Curve.Params().BitSize)
starlog.Green("公钥曲线:%s\n", n.Curve.Params().Name)
starlog.Green("公钥长度:%d\n", n.Params().BitSize)
starlog.Green("公钥公钥X%d\n", n.X)
starlog.Green("公钥公钥Y%d\n", n.Y)
case *dsa.PublicKey:
starlog.Green("公钥算法为DSA\n")
starlog.Green("公钥公钥Y%d\n", n.Y)
case *ecdh.PublicKey:
starlog.Green("公钥算法为ECDH\n")
case *ed25519.PublicKey:
starlog.Green("公钥算法为ED25519\n")
default:
starlog.Green("未知公钥类型\n")
}
case "PRIVATE KEY":
priv, err := x509.ParsePKCS8PrivateKey(v.Bytes)
if err != nil {
priv, err = x509.ParsePKCS1PrivateKey(v.Bytes)
if err != nil {
priv, err = x509.ParseECPrivateKey(v.Bytes)
if err != nil {
starlog.Errorf("解析私钥错误:%s\n", err)
continue
} else {
starlog.Green("这是一个ECDSA私钥\n")
}
} else {
starlog.Green("这是一个PKCS1私钥\n")
}
} else {
starlog.Green("这是一个PKCS8私钥\n")
}
starlog.Green("-----私钥信息-----\n\n")
switch n := priv.(type) {
case *rsa.PrivateKey:
starlog.Green("这是一个RSA私钥\n")
starlog.Green("私钥位数:%d\n", n.Size())
starlog.Green("私钥长度:%d\n", n.N.BitLen())
starlog.Green("私钥指数:%d\n", n.E)
starlog.Green("私钥系数:%d\n", n.D)
starlog.Green("私钥质数p%d\n", n.Primes[0])
starlog.Green("私钥质数q%d\n", n.Primes[1])
starlog.Green("私钥系数dP%d\n", n.Precomputed.Dp)
starlog.Green("私钥系数dQ%d\n", n.Precomputed.Dq)
starlog.Green("私钥系数qInv%d\n", n.Precomputed.Qinv)
case *ecdsa.PrivateKey:
starlog.Green("这是一个ECDSA私钥\n")
starlog.Green("私钥位数:%d\n", n.Curve.Params().BitSize)
starlog.Green("私钥曲线:%s\n", n.Curve.Params().Name)
starlog.Green("私钥长度:%d\n", n.Params().BitSize)
starlog.Green("私钥系数:%d\n", n.D)
starlog.Green("私钥公钥X%d\n", n.PublicKey.X)
starlog.Green("私钥公钥Y%d\n", n.PublicKey.Y)
case *dsa.PrivateKey:
starlog.Green("这是一个DSA私钥\n")
starlog.Green("私钥系数:%d\n", n.X)
starlog.Green("私钥公钥Y%d\n", n.Y)
case *ed25519.PrivateKey:
starlog.Green("这是一个ED25519私钥\n")
case *ecdh.PrivateKey:
starlog.Green("这是一个ECDH私钥\n")
default:
starlog.Green("未知私钥类型\n")
}
}
}
return
}
}
idx := 0
for {
idx++
block, rest := pem.Decode(data)
if block == nil {
if idx == 1 {
starlog.Errorf("未知文件类型\n")
}
return
}
fmt.Println("\n--------------------------------\n")
data = rest
rt := 0
switch block.Type {
case "CERTIFICATE":
rt = 1
starlog.Green("这是一个证书文件\n")
fallthrough
case "CERTIFICATE REQUEST":
if rt == 0 {
starlog.Green("这是一个证书请求文件\n")
}
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
starlog.Errorf("解析证书错误:%s\n", err)
continue
}
starlog.Green("证书版本:%d\n", cert.Version)
starlog.Green("证书序列号:%d\n", cert.SerialNumber)
starlog.Green("证书签发者:%s\n", cert.Issuer)
starlog.Green("证书开始时间:%s\n", cert.NotBefore)
starlog.Green("证书结束时间:%s\n", cert.NotAfter)
starlog.Green("证书扩展:%+v\n", cert.Extensions)
starlog.Green("证书签名算法:%s\n", cert.SignatureAlgorithm)
starlog.Green("证书签名:%x\n", cert.Signature)
starlog.Green("证书公钥:%+v\n", cert.PublicKey)
starlog.Green("证书公钥算法:%s\n", cert.PublicKeyAlgorithm)
starlog.Green("证书密钥用法:%v\n", keyUsageToStrings(cert.KeyUsage))
starlog.Green("证书扩展密钥用法:%v\n", extKeyUsageToStrings(cert.ExtKeyUsage))
starlog.Green("证书是否CA%t\n", cert.IsCA)
starlog.Green("证书最大路径长度:%d\n", cert.MaxPathLen)
starlog.Green("证书最大路径长度是否为0%t\n", cert.MaxPathLenZero)
starlog.Green("证书是否根证书:%t\n", cert.BasicConstraintsValid)
starlog.Green("证书国家:%+v\n", cert.Subject.Country)
starlog.Green("证书省份:%+v\n", cert.Subject.Province)
starlog.Green("证书城市:%+v\n", cert.Subject.Locality)
starlog.Green("证书组织:%+v\n", cert.Subject.Organization)
starlog.Green("证书组织单位:%+v\n", cert.Subject.OrganizationalUnit)
starlog.Green("证书通用名称:%s\n", cert.Subject.CommonName)
starlog.Green("证书DNS%+v\n", cert.DNSNames)
starlog.Green("证书主题:%s\n", cert.Subject.String())
pub := cert.PublicKey
switch n := pub.(type) {
case *rsa.PublicKey:
starlog.Green("公钥算法为RSA\n")
starlog.Green("公钥位数:%d\n", n.Size())
starlog.Green("公钥长度:%d\n", n.N.BitLen())
starlog.Green("公钥指数:%d\n", n.E)
case *ecdsa.PublicKey:
starlog.Green("公钥算法为ECDSA\n")
starlog.Green("公钥位数:%d\n", n.Curve.Params().BitSize)
starlog.Green("公钥曲线:%s\n", n.Curve.Params().Name)
starlog.Green("公钥长度:%d\n", n.Params().BitSize)
starlog.Green("公钥公钥X%d\n", n.X)
starlog.Green("公钥公钥Y%d\n", n.Y)
case *dsa.PublicKey:
starlog.Green("公钥算法为DSA\n")
starlog.Green("公钥公钥Y%d\n", n.Y)
case *ecdh.PublicKey:
starlog.Green("公钥算法为ECDH\n")
case *ed25519.PublicKey:
starlog.Green("公钥算法为ED25519\n")
default:
starlog.Green("未知公钥类型\n")
}
continue
case "PRIVATE KEY":
starlog.Infof("这是一个私钥文件\n")
priv, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
priv, err = x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
priv, err = x509.ParseECPrivateKey(block.Bytes)
if err != nil {
starlog.Errorf("解析私钥错误:%s\n", err)
continue
} else {
starlog.Green("这是一个ECDSA私钥\n")
}
} else {
starlog.Green("这是一个PKCS1私钥\n")
}
} else {
starlog.Green("这是一个PKCS8私钥\n")
}
switch n := priv.(type) {
case *rsa.PrivateKey:
starlog.Green("这是一个RSA私钥\n")
starlog.Green("私钥位数:%d\n", n.Size())
starlog.Green("私钥长度:%d\n", n.N.BitLen())
starlog.Green("私钥指数:%d\n", n.E)
starlog.Green("私钥系数:%d\n", n.D)
starlog.Green("私钥质数p%d\n", n.Primes[0])
starlog.Green("私钥质数q%d\n", n.Primes[1])
starlog.Green("私钥系数dP%d\n", n.Precomputed.Dp)
starlog.Green("私钥系数dQ%d\n", n.Precomputed.Dq)
starlog.Green("私钥系数qInv%d\n", n.Precomputed.Qinv)
case *ecdsa.PrivateKey:
starlog.Green("这是一个ECDSA私钥\n")
starlog.Green("私钥位数:%d\n", n.Curve.Params().BitSize)
starlog.Green("私钥曲线:%s\n", n.Curve.Params().Name)
starlog.Green("私钥长度:%d\n", n.Params().BitSize)
starlog.Green("私钥系数:%d\n", n.D)
starlog.Green("私钥公钥X%d\n", n.PublicKey.X)
starlog.Green("私钥公钥Y%d\n", n.PublicKey.Y)
case *dsa.PrivateKey:
starlog.Green("这是一个DSA私钥\n")
starlog.Green("私钥系数:%d\n", n.X)
starlog.Green("私钥公钥Y%d\n", n.Y)
case *ed25519.PrivateKey:
starlog.Green("这是一个ED25519私钥\n")
case *ecdh.PrivateKey:
starlog.Green("这是一个ECDH私钥\n")
default:
starlog.Green("未知私钥类型\n")
}
continue
case "PUBLIC KEY":
starlog.Infof("这是一个公钥文件\n")
pub, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
pub, err = x509.ParsePKCS1PublicKey(block.Bytes)
starlog.Green("这是一个PKCS1公钥\n")
} else {
starlog.Green("这是一个PKIX公钥\n")
}
switch n := pub.(type) {
case *rsa.PublicKey:
starlog.Green("这是一个RSA公钥\n")
starlog.Green("公钥位数:%d\n", n.Size())
starlog.Green("公钥长度:%d\n", n.N.BitLen())
starlog.Green("公钥指数:%d\n", n.E)
case *ecdsa.PublicKey:
starlog.Green("这是一个ECDSA公钥\n")
starlog.Green("公钥位数:%d\n", n.Curve.Params().BitSize)
starlog.Green("公钥曲线:%s\n", n.Curve.Params().Name)
starlog.Green("公钥长度:%d\n", n.Params().BitSize)
starlog.Green("公钥公钥X%d\n", n.X)
starlog.Green("公钥公钥Y%d\n", n.Y)
case *ecdh.PublicKey:
starlog.Green("这是一个ECDH公钥\n")
case *ed25519.PublicKey:
starlog.Green("这是一个ED25519公钥\n")
case *dsa.PublicKey:
starlog.Green("这是一个DSA公钥\n")
starlog.Green("公钥公钥Y%d\n", n.Y)
default:
starlog.Green("未知公钥类型\n")
}
continue
case "RSA PRIVATE KEY":
n, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
starlog.Errorf("解析私钥错误:%s\n", err)
continue
}
starlog.Infof("这是一个RSA私钥文件\n")
starlog.Green("私钥位数:%d\n", n.Size())
starlog.Green("私钥长度:%d\n", n.N.BitLen())
starlog.Green("私钥指数:%d\n", n.E)
starlog.Green("私钥系数:%d\n", n.D)
starlog.Green("私钥质数p%d\n", n.Primes[0])
starlog.Green("私钥质数q%d\n", n.Primes[1])
starlog.Green("私钥系数dP%d\n", n.Precomputed.Dp)
starlog.Green("私钥系数dQ%d\n", n.Precomputed.Dq)
starlog.Green("私钥系数qInv%d\n", n.Precomputed.Qinv)
case "RSA PUBLIC KEY":
n, err := x509.ParsePKCS1PublicKey(block.Bytes)
if err != nil {
starlog.Errorf("解析公钥错误:%s\n", err)
continue
}
starlog.Green("这是一个RSA公钥\n")
starlog.Green("公钥位数:%d\n", n.Size())
starlog.Green("公钥长度:%d\n", n.N.BitLen())
starlog.Green("公钥指数:%d\n", n.E)
case "EC PRIVATE KEY":
n, err := x509.ParseECPrivateKey(block.Bytes)
if err != nil {
starlog.Errorf("解析私钥错误:%s\n", err)
continue
}
starlog.Green("这是一个ECDSA私钥\n")
starlog.Green("私钥位数:%d\n", n.Curve.Params().BitSize)
starlog.Green("私钥曲线:%s\n", n.Curve.Params().Name)
starlog.Green("私钥长度:%d\n", n.Params().BitSize)
starlog.Green("私钥系数:%d\n", n.D)
starlog.Green("私钥公钥X%d\n", n.PublicKey.X)
starlog.Green("私钥公钥Y%d\n", n.PublicKey.Y)
case "EC PUBLIC KEY":
p, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
starlog.Errorf("解析公钥错误:%s\n", err)
continue
}
n := p.(*ecdsa.PublicKey)
starlog.Green("这是一个ECDSA公钥\n")
starlog.Green("公钥位数:%d\n", n.Curve.Params().BitSize)
starlog.Green("公钥曲线:%s\n", n.Curve.Params().Name)
starlog.Green("公钥长度:%d\n", n.Params().BitSize)
starlog.Green("公钥公钥X%d\n", n.X)
starlog.Green("公钥公钥Y%d\n", n.Y)
case "OPENSSH PRIVATE KEY":
starlog.Infof("这是一个OpenSSH私钥文件\n")
var priv interface{}
var err error
if pwd == "" {
priv, err = ssh.ParseRawPrivateKey(oriData)
if err != nil {
starlog.Errorf("解析OPENSSH私钥错误%s\n", err)
continue
}
} else {
priv, err = ssh.ParseRawPrivateKeyWithPassphrase(oriData, []byte(pwd))
if err != nil {
starlog.Errorf("解析OPENSSH私钥错误%s\n", err)
continue
}
}
switch n := priv.(type) {
case *rsa.PrivateKey:
starlog.Green("这是一个RSA私钥\n")
starlog.Green("私钥位数:%d\n", n.Size())
starlog.Green("私钥长度:%d\n", n.N.BitLen())
starlog.Green("私钥指数:%d\n", n.E)
starlog.Green("私钥系数:%d\n", n.D)
starlog.Green("私钥质数p%d\n", n.Primes[0])
starlog.Green("私钥质数q%d\n", n.Primes[1])
starlog.Green("私钥系数dP%d\n", n.Precomputed.Dp)
starlog.Green("私钥系数dQ%d\n", n.Precomputed.Dq)
starlog.Green("私钥系数qInv%d\n", n.Precomputed.Qinv)
case *ecdsa.PrivateKey:
starlog.Green("这是一个ECDSA私钥\n")
starlog.Green("私钥位数:%d\n", n.Curve.Params().BitSize)
starlog.Green("私钥曲线:%s\n", n.Curve.Params().Name)
starlog.Green("私钥长度:%d\n", n.Params().BitSize)
starlog.Green("私钥系数:%d\n", n.D)
starlog.Green("私钥公钥X%d\n", n.PublicKey.X)
starlog.Green("私钥公钥Y%d\n", n.PublicKey.Y)
case *dsa.PrivateKey:
starlog.Green("这是一个DSA私钥\n")
starlog.Green("私钥系数:%d\n", n.X)
starlog.Green("私钥公钥Y%d\n", n.Y)
case *ed25519.PrivateKey:
starlog.Green("这是一个ED25519私钥\n")
case *ecdh.PrivateKey:
starlog.Green("这是一个ECDH私钥\n")
default:
starlog.Green("未知私钥类型\n")
}
continue
case "OPENSSH PUBLIC KEY":
starlog.Infof("这是一个OPENSSH公钥文件\n")
pub, err := ssh.ParsePublicKey(block.Bytes)
if err != nil {
starlog.Errorf("解析公钥错误:%s\n", err)
continue
}
starlog.Green("公钥算法:%s\n", pub.Type())
continue
default:
starlog.Infof("未知证书文件类型\n")
}
}
}
func keyUsageToStrings(keyUsage x509.KeyUsage) string {
var usages []string
if keyUsage&x509.KeyUsageDigitalSignature != 0 {
usages = append(usages, "Digital Signature")
}
if keyUsage&x509.KeyUsageContentCommitment != 0 {
usages = append(usages, "Content Commitment")
}
if keyUsage&x509.KeyUsageKeyEncipherment != 0 {
usages = append(usages, "Key Encipherment")
}
if keyUsage&x509.KeyUsageDataEncipherment != 0 {
usages = append(usages, "Data Encipherment")
}
if keyUsage&x509.KeyUsageKeyAgreement != 0 {
usages = append(usages, "Key Agreement")
}
if keyUsage&x509.KeyUsageCertSign != 0 {
usages = append(usages, "Certificate Signing")
}
if keyUsage&x509.KeyUsageCRLSign != 0 {
usages = append(usages, "CRL Signing")
}
if keyUsage&x509.KeyUsageEncipherOnly != 0 {
usages = append(usages, "Encipher Only")
}
if keyUsage&x509.KeyUsageDecipherOnly != 0 {
usages = append(usages, "Decipher Only")
}
return strings.Join(usages, ", ")
}
func extKeyUsageToStrings(extKeyUsages []x509.ExtKeyUsage) string {
var usages []string
for _, extKeyUsage := range extKeyUsages {
switch extKeyUsage {
case x509.ExtKeyUsageAny:
usages = append(usages, "Any")
case x509.ExtKeyUsageServerAuth:
usages = append(usages, "Server Authentication")
case x509.ExtKeyUsageClientAuth:
usages = append(usages, "Client Authentication")
case x509.ExtKeyUsageCodeSigning:
usages = append(usages, "Code Signing")
case x509.ExtKeyUsageEmailProtection:
usages = append(usages, "Email Protection")
case x509.ExtKeyUsageIPSECEndSystem:
usages = append(usages, "IPSEC End System")
case x509.ExtKeyUsageIPSECTunnel:
usages = append(usages, "IPSEC Tunnel")
case x509.ExtKeyUsageIPSECUser:
usages = append(usages, "IPSEC User")
case x509.ExtKeyUsageTimeStamping:
usages = append(usages, "Time Stamping")
case x509.ExtKeyUsageOCSPSigning:
usages = append(usages, "OCSP Signing")
case x509.ExtKeyUsageMicrosoftServerGatedCrypto:
usages = append(usages, "Microsoft Server Gated Crypto")
case x509.ExtKeyUsageNetscapeServerGatedCrypto:
usages = append(usages, "Netscape Server Gated Crypto")
default:
usages = append(usages, fmt.Sprintf("Unknown(%d)", extKeyUsage))
}
}
return strings.Join(usages, ", ")
}
func GetCert(data []byte, pwd string) ([]any, []x509.Certificate, error) {
var oriData = data
var common []any
var certs []x509.Certificate
{
pems, err := pkcs12.ToPEM(data, pwd)
if err == nil {
for _, v := range pems {
switch v.Type {
case "CERTIFICATE":
cert, err := x509.ParseCertificate(v.Bytes)
if err != nil {
continue
}
starlog.Green("这是一个PKCS12文件\n")
pub := cert.PublicKey
switch pub.(type) {
case *rsa.PublicKey:
starlog.Green("公钥算法为RSA\n")
case *ecdsa.PublicKey:
starlog.Green("公钥算法为ECDSA\n")
case *dsa.PublicKey:
starlog.Green("公钥算法为DSA\n")
case *ecdh.PublicKey:
starlog.Green("公钥算法为ECDH\n")
case *ed25519.PublicKey:
starlog.Green("公钥算法为ED25519\n")
default:
starlog.Green("未知公钥类型\n")
}
common = append(common, pub)
certs = append(certs, *cert)
case "PRIVATE KEY":
priv, err := x509.ParsePKCS8PrivateKey(v.Bytes)
if err != nil {
priv, err = x509.ParsePKCS1PrivateKey(v.Bytes)
if err != nil {
priv, err = x509.ParseECPrivateKey(v.Bytes)
if err != nil {
starlog.Errorf("解析私钥错误:%s\n", err)
continue
} else {
starlog.Green("这是一个ECDSA私钥\n")
}
} else {
starlog.Green("这是一个PKCS1私钥\n")
}
} else {
starlog.Green("这是一个PKCS8私钥\n")
}
starlog.Green("-----私钥信息-----\n\n")
switch n := priv.(type) {
case *rsa.PrivateKey:
starlog.Green("这是一个RSA私钥\n")
starlog.Green("私钥位数:%d\n", n.Size())
case *ecdsa.PrivateKey:
starlog.Green("这是一个ECDSA私钥\n")
starlog.Green("私钥位数:%d\n", n.Curve.Params().BitSize)
case *dsa.PrivateKey:
starlog.Green("这是一个DSA私钥\n")
case *ed25519.PrivateKey:
starlog.Green("这是一个ED25519私钥\n")
case *ecdh.PrivateKey:
starlog.Green("这是一个ECDH私钥\n")
default:
starlog.Green("未知私钥类型\n")
}
common = append(common, priv)
}
}
return common, certs, nil
}
}
idx := 0
for {
idx++
block, rest := pem.Decode(data)
if block == nil {
if idx == 1 {
starlog.Errorf("未知文件类型\n")
return common, certs, errors.New("未知文件类型")
}
return common, certs, nil
}
data = rest
rt := 0
switch block.Type {
case "CERTIFICATE":
rt = 1
starlog.Green("这是一个证书文件\n")
fallthrough
case "CERTIFICATE REQUEST":
if rt == 0 {
starlog.Green("这是一个证书请求文件\n")
}
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
starlog.Errorf("解析证书错误:%s\n", err)
continue
}
common = append(common, cert.PublicKey)
certs = append(certs, *cert)
pub := cert.PublicKey
switch pub.(type) {
case *rsa.PublicKey:
starlog.Green("公钥算法为RSA\n")
case *ecdsa.PublicKey:
starlog.Green("公钥算法为ECDSA\n")
case *dsa.PublicKey:
starlog.Green("公钥算法为DSA\n")
case *ecdh.PublicKey:
starlog.Green("公钥算法为ECDH\n")
case *ed25519.PublicKey:
starlog.Green("公钥算法为ED25519\n")
default:
starlog.Green("未知公钥类型\n")
}
continue
case "PRIVATE KEY":
starlog.Infof("这是一个私钥文件\n")
priv, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
priv, err = x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
priv, err = x509.ParseECPrivateKey(block.Bytes)
if err != nil {
starlog.Errorf("解析私钥错误:%s\n", err)
continue
} else {
starlog.Green("这是一个ECDSA私钥\n")
}
} else {
starlog.Green("这是一个PKCS1私钥\n")
}
} else {
starlog.Green("这是一个PKCS8私钥\n")
}
switch n := priv.(type) {
case *rsa.PrivateKey:
starlog.Green("这是一个RSA私钥\n")
starlog.Green("私钥位数:%d\n", n.Size())
case *ecdsa.PrivateKey:
starlog.Green("这是一个ECDSA私钥\n")
starlog.Green("私钥位数:%d\n", n.Curve.Params().BitSize)
case *dsa.PrivateKey:
starlog.Green("这是一个DSA私钥\n")
case *ed25519.PrivateKey:
starlog.Green("这是一个ED25519私钥\n")
case *ecdh.PrivateKey:
starlog.Green("这是一个ECDH私钥\n")
default:
starlog.Green("未知私钥类型\n")
}
common = append(common, priv)
continue
case "PUBLIC KEY":
starlog.Infof("这是一个公钥文件\n")
pub, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
pub, err = x509.ParsePKCS1PublicKey(block.Bytes)
starlog.Green("这是一个PKCS1公钥\n")
} else {
starlog.Green("这是一个PKIX公钥\n")
}
common = append(common, pub)
switch n := pub.(type) {
case *rsa.PublicKey:
starlog.Green("这是一个RSA公钥\n")
starlog.Green("公钥位数:%d\n", n.Size())
case *ecdsa.PublicKey:
starlog.Green("这是一个ECDSA公钥\n")
starlog.Green("公钥位数:%d\n", n.Curve.Params().BitSize)
case *dsa.PublicKey:
starlog.Green("这是一个DSA公钥\n")
case *ecdh.PublicKey:
starlog.Green("这是一个ECDH公钥\n")
case *ed25519.PublicKey:
starlog.Green("这是一个ED25519公钥\n")
default:
starlog.Green("未知公钥类型\n")
}
return common, certs, nil
case "RSA PRIVATE KEY":
n, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
starlog.Errorf("解析私钥错误:%s\n", err)
continue
}
starlog.Infof("这是一个RSA私钥文件\n")
starlog.Green("私钥位数:%d\n", n.Size())
starlog.Green("私钥长度:%d\n", n.N.BitLen())
starlog.Green("私钥指数:%d\n", n.E)
starlog.Green("私钥系数:%d\n", n.D)
starlog.Green("私钥质数p%d\n", n.Primes[0])
starlog.Green("私钥质数q%d\n", n.Primes[1])
starlog.Green("私钥系数dP%d\n", n.Precomputed.Dp)
starlog.Green("私钥系数dQ%d\n", n.Precomputed.Dq)
starlog.Green("私钥系数qInv%d\n", n.Precomputed.Qinv)
common = append(common, n)
case "RSA PUBLIC KEY":
n, err := x509.ParsePKCS1PublicKey(block.Bytes)
if err != nil {
starlog.Errorf("解析公钥错误:%s\n", err)
continue
}
starlog.Green("这是一个RSA公钥\n")
starlog.Green("公钥位数:%d\n", n.Size())
starlog.Green("公钥长度:%d\n", n.N.BitLen())
starlog.Green("公钥指数:%d\n", n.E)
common = append(common, n)
case "EC PRIVATE KEY":
n, err := x509.ParseECPrivateKey(block.Bytes)
if err != nil {
starlog.Errorf("解析私钥错误:%s\n", err)
continue
}
starlog.Green("这是一个ECDSA私钥\n")
starlog.Green("私钥位数:%d\n", n.Curve.Params().BitSize)
starlog.Green("私钥曲线:%s\n", n.Curve.Params().Name)
starlog.Green("私钥长度:%d\n", n.Params().BitSize)
starlog.Green("私钥系数:%d\n", n.D)
starlog.Green("私钥公钥X%d\n", n.PublicKey.X)
starlog.Green("私钥公钥Y%d\n", n.PublicKey.Y)
common = append(common, n)
case "EC PUBLIC KEY":
p, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
starlog.Errorf("解析公钥错误:%s\n", err)
continue
}
n := p.(*ecdsa.PublicKey)
starlog.Green("这是一个ECDSA公钥\n")
starlog.Green("公钥位数:%d\n", n.Curve.Params().BitSize)
starlog.Green("公钥曲线:%s\n", n.Curve.Params().Name)
starlog.Green("公钥长度:%d\n", n.Params().BitSize)
starlog.Green("公钥公钥X%d\n", n.X)
starlog.Green("公钥公钥Y%d\n", n.Y)
common = append(common, n)
case "OPENSSH PRIVATE KEY":
starlog.Infof("这是一个OpenSSH私钥文件\n")
var priv interface{}
var err error
if pwd == "" {
priv, err = ssh.ParseRawPrivateKey(oriData)
if err != nil {
starlog.Errorf("解析私钥错误:%s\n", err)
continue
}
} else {
priv, err = ssh.ParseRawPrivateKeyWithPassphrase(oriData, []byte(pwd))
if err != nil {
starlog.Errorf("解析私钥错误:%s\n", err)
continue
}
}
switch n := priv.(type) {
case *rsa.PrivateKey:
common = append(common, n)
starlog.Green("这是一个RSA私钥\n")
starlog.Green("私钥位数:%d\n", n.Size())
starlog.Green("私钥长度:%d\n", n.N.BitLen())
case *ecdsa.PrivateKey:
common = append(common, n)
starlog.Green("这是一个ECDSA私钥\n")
starlog.Green("私钥位数:%d\n", n.Curve.Params().BitSize)
case *dsa.PrivateKey:
common = append(common, n)
starlog.Green("这是一个DSA私钥\n")
case *ed25519.PrivateKey:
common = append(common, n)
starlog.Green("这是一个ED25519私钥\n")
case *ecdh.PrivateKey:
common = append(common, n)
starlog.Green("这是一个ECDH私钥\n")
default:
starlog.Green("未知私钥类型\n")
}
continue
default:
starlog.Infof("未知证书文件类型\n")
}
}
}
func Pkcs8(data []byte, pwd, newPwd string, originName string, outpath string) error {
keys, _, err := GetCert(data, pwd)
if err != nil {
return err
}
for _, v := range keys {
if v == nil {
continue
}
switch n := v.(type) {
case *ecdsa.PrivateKey, *rsa.PrivateKey, *dsa.PrivateKey, *ed25519.PrivateKey, *ecdh.PrivateKey:
data, err = x509.MarshalPKCS8PrivateKey(n)
if err != nil {
return err
}
var block *pem.Block
if newPwd != "" {
block, err = x509.EncryptPEMBlock(rand.Reader, "PRIVATE KEY", data, []byte(newPwd), x509.PEMCipherAES256)
} else {
block = &pem.Block{Type: "PRIVATE KEY", Bytes: data}
}
err = os.WriteFile(outpath+"/"+originName+".pkcs8", pem.EncodeToMemory(block), 0644)
if err != nil {
return err
} else {
starlog.Green("已将私钥保存到%s\n", outpath+"/"+originName+".pkcs8")
}
case *ecdsa.PublicKey, *rsa.PublicKey, *dsa.PublicKey, *ed25519.PublicKey, *ecdh.PublicKey:
data, err = x509.MarshalPKIXPublicKey(n)
if err != nil {
return err
}
err = os.WriteFile(outpath+"/"+originName+".pub.pkcs8", pem.EncodeToMemory(&pem.Block{Type: "PUBLIC KEY", Bytes: data}), 0644)
if err != nil {
return err
} else {
starlog.Green("已将公钥保存到%s\n", outpath+"/"+originName+".pub.pkcs8")
}
}
}
return nil
}
func Pkcs1(data []byte, pwd, newPwd string, originName string, outpath string) error {
keys, _, err := GetCert(data, pwd)
if err != nil {
return err
}
for idx, v := range keys {
if v == nil {
continue
}
switch n := v.(type) {
case *rsa.PrivateKey:
data = x509.MarshalPKCS1PrivateKey(n)
if err != nil {
return err
}
var block *pem.Block
if newPwd != "" {
block, err = x509.EncryptPEMBlock(rand.Reader, "RSA PRIVATE KEY", data, []byte(newPwd), x509.PEMCipherAES256)
} else {
block = &pem.Block{Type: "RSA PRIVATE KEY", Bytes: data}
}
err = os.WriteFile(fmt.Sprintf("%s/%s_%v.pkcs1", outpath, originName, idx), pem.EncodeToMemory(block), 0644)
if err != nil {
return err
} else {
starlog.Green("已将私钥保存到%s\n", fmt.Sprintf("%s/%s_%v.pkcs1", outpath, originName, idx))
}
case *rsa.PublicKey:
data = x509.MarshalPKCS1PublicKey(n)
if err != nil {
return err
}
err = os.WriteFile(fmt.Sprintf("%s/%s_%v.pub.pkcs1", outpath, originName, idx), pem.EncodeToMemory(&pem.Block{Type: "RSA PUBLIC KEY", Bytes: data}), 0644)
if err != nil {
return err
} else {
starlog.Green("已将公钥保存到%s\n", fmt.Sprintf("%s/%s_%v.pub.pkcs1", outpath, originName, idx))
}
}
}
return nil
}
func Pkcs12(keys []any, certs []x509.Certificate, enPwd string, originName string, outpath string) error {
var priv any
for _, v := range keys {
if v == nil {
continue
}
switch n := v.(type) {
case *ecdsa.PrivateKey, *rsa.PrivateKey, *dsa.PrivateKey, *ed25519.PrivateKey, *ecdh.PrivateKey:
priv = n
break
}
}
if priv == nil {
return errors.New("未找到私钥")
}
if len(certs) == 0 {
return errors.New("未找到证书")
}
mainCert := certs[0]
var certChain []*x509.Certificate
for _, v := range certs[1:] {
certChain = append(certChain, &v)
}
pfxData, err := pkcs12.Encode(rand.Reader, priv, &mainCert, certChain, enPwd)
if err != nil {
return err
}
err = os.WriteFile(outpath+"/"+originName+".pfx", pfxData, 0644)
if err != nil {
starlog.Errorf("保存失败:%s\n", err)
return err
}
starlog.Green("已将PKCS12文件保存到%s\n", outpath+"/"+originName+".pfx")
return nil
}
func Tran(data []byte, pwd string, originName string, outpath string) error {
keys, _, err := GetCert(data, pwd)
if err != nil {
return err
}
for idx, v := range keys {
if v == nil {
continue
}
switch n := v.(type) {
case *ecdsa.PrivateKey, *rsa.PrivateKey:
data, err = starcrypto.EncodePrivateKey(n, "")
if err != nil {
return err
}
err = os.WriteFile(fmt.Sprintf("%s/%s_%v.tran.key", outpath, originName, idx), data, 0644)
if err != nil {
return err
} else {
starlog.Green("已将私钥保存到%s\n", fmt.Sprintf("%s/%s_%v.tran.key", outpath, originName, idx))
}
case *ecdsa.PublicKey, *rsa.PublicKey:
data, err = starcrypto.EncodePublicKey(n)
if err != nil {
return err
}
err = os.WriteFile(fmt.Sprintf("%s/%s_%v.tran.pub", outpath, originName, idx), data, 0644)
if err != nil {
return err
} else {
starlog.Green("已将公钥保存到%s\n", fmt.Sprintf("%s/%s_%v.tran.pub", outpath, originName, idx))
}
case *dsa.PrivateKey, *ed25519.PrivateKey, *ecdh.PrivateKey:
data, err = x509.MarshalPKCS8PrivateKey(n)
if err != nil {
return err
}
err = os.WriteFile(outpath+"/"+originName+".tran.key", pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: data}), 0644)
if err != nil {
return err
} else {
starlog.Green("已将私钥保存到%s\n", outpath+"/"+originName+".tran.key")
}
case *dsa.PublicKey, *ed25519.PublicKey, *ecdh.PublicKey:
data, err = x509.MarshalPKIXPublicKey(n)
if err != nil {
return err
}
err = os.WriteFile(outpath+"/"+originName+".tran.pub", pem.EncodeToMemory(&pem.Block{Type: "PUBLIC KEY", Bytes: data}), 0644)
if err != nil {
return err
} else {
starlog.Green("已将公钥保存到%s\n", outpath+"/"+originName+".tran.pub")
}
}
}
return nil
}
func Openssh(data []byte, pwd, newPwd string, originName string, outpath string) error {
keys, _, err := GetCert(data, pwd)
if err != nil {
return err
}
for _, v := range keys {
if v == nil {
continue
}
var block *pem.Block
switch n := v.(type) {
case *ecdsa.PrivateKey, *rsa.PrivateKey, *dsa.PrivateKey, *ed25519.PrivateKey, *ecdh.PrivateKey:
if newPwd != "" {
block, err = ssh.MarshalPrivateKey(n, "")
} else {
block, err = ssh.MarshalPrivateKeyWithPassphrase(n, "", []byte(newPwd))
}
if err != nil {
return err
}
err = os.WriteFile(outpath+"/"+originName+".openssh", pem.EncodeToMemory(block), 0644)
if err != nil {
return err
} else {
starlog.Green("已将私钥保存到%s\n", outpath+"/"+originName+".openssh")
}
case *ecdsa.PublicKey, *rsa.PublicKey, *dsa.PublicKey, *ed25519.PublicKey, *ecdh.PublicKey:
sk, err := ssh.NewPublicKey(n)
if err != nil {
return err
}
data = ssh.MarshalAuthorizedKey(sk)
err = os.WriteFile(outpath+"/"+originName+".pub.openssh", data, 0644)
if err != nil {
return err
} else {
starlog.Green("已将公钥保存到%s\n", outpath+"/"+originName+".pub.openssh")
}
}
}
return nil
}