zishuo/golib
1
0
Fork 0
mirror of https://github.com/nabbar/golib.git synced 2025-10-13 03:23:47 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
c86e1dc1b51c935dffb459f5f29f5bf065c2b585
golib/certificates/tools.go
Nicolas JUHEL 567687894d - Fix Issue #119 : race detection 
- Fix Issue #118 : wording match
- Fix Issue #117 : config option not detected in some case
- Fix race detection
- Add : logger options validation
- Add : tls cipher for TLS v1.3 into cipher string parser
- Optimization
- bump dependancies
- Fix nats option following bump dependancies
2022-02-09 15:05:26 +01:00

158 lines
4.4 KiB
Go
Raw Blame History

/*
* MIT License
*
* Copyright (c) 2020 Nicolas JUHEL
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
*
*/
package certificates
import (
"crypto/tls"
"crypto/x509"
"runtime"
"strings"
)
// Deprecated: use StringToCipherKey.
func GetCipherKey(cipher string) uint16 {
return StringToCipherKey(cipher)
}
// Deprecated: use StringToCurveID.
func GetCurveID(curveRef string) tls.CurveID {
return StringToCurveID(curveRef)
}
func SystemRootCA() *x509.CertPool {
if runtime.GOOS == "windows" {
return x509.NewCertPool()
} else if c, e := x509.SystemCertPool(); e == nil {
return c
} else {
return x509.NewCertPool()
}
}
func StringToTlsVersion(tlsVersStr string) uint16 {
tlsVersStr = strings.ToLower(tlsVersStr)
tlsVersStr = strings.Replace(tlsVersStr, "TLS", "", -1)
tlsVersStr = strings.TrimSpace(tlsVersStr)
switch tlsVersStr {
case "1", "1.0":
return tls.VersionTLS10
case "1.1":
return tls.VersionTLS11
case "1.2":
return tls.VersionTLS12
case "1.3":
return tls.VersionTLS13
default:
return tls.VersionTLS12
}
}
func StringToClientAuth(auth string) tls.ClientAuthType {
switch strings.ToLower(auth) {
case "request":
return tls.RequestClientCert
case "require":
return tls.RequireAnyClientCert
case "verify":
return tls.VerifyClientCertIfGiven
case "strict":
return tls.RequireAndVerifyClientCert
default:
return tls.NoClientCert
}
}
func StringToCipherKey(cipher string) uint16 {
cipher = strings.ToLower(cipher)
cipher = strings.ReplaceAll(cipher, " ", "")
cipher = strings.ReplaceAll(cipher, "_", "")
cipher = strings.ReplaceAll(cipher, "-", "")
rsa := strings.Contains(cipher, "rsa")
dhe := strings.Contains(cipher, "ecdhe")
dsa := strings.Contains(cipher, "ecdsa")
gcm := strings.Contains(cipher, "gcm")
aes1 := strings.Contains(cipher, "aes128")
aes2 := strings.Contains(cipher, "aes256")
cha := strings.Contains(cipher, "chacha20")
poly := strings.Contains(cipher, "poly1305")
switch {
// TLS v1.0 - v1.2
case !dhe && rsa && aes1 && !gcm:
return tls.TLS_RSA_WITH_AES_128_CBC_SHA256
case !dhe && rsa && aes1 && gcm:
return tls.TLS_RSA_WITH_AES_128_GCM_SHA256
case !dhe && rsa && aes2 && gcm:
return tls.TLS_RSA_WITH_AES_256_GCM_SHA384
case dhe && dsa && aes1 && !gcm:
return tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
case dhe && rsa && aes1 && !gcm:
return tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
case dhe && rsa && aes1 && gcm:
return tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
case dhe && dsa && aes1 && gcm:
return tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
case dhe && rsa && aes2 && gcm:
return tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
case dhe && dsa && aes2 && gcm:
return tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
case rsa && (cha || poly):
return tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
case dsa && (cha || poly):
return tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
// TLS v1.3
case aes1 && gcm:
return tls.TLS_AES_128_GCM_SHA256
case aes2 && gcm:
return tls.TLS_AES_256_GCM_SHA384
case cha || poly:
return tls.TLS_CHACHA20_POLY1305_SHA256
}
return 0
}
func StringToCurveID(curveRef string) tls.CurveID {
curveRef = strings.ToLower(curveRef)
if strings.Contains(curveRef, "p2") {
return tls.CurveP256
} else if strings.Contains(curveRef, "p3") {
return tls.CurveP384
} else if strings.Contains(curveRef, "p5") {
return tls.CurveP521
} else if strings.Contains(curveRef, "x25") {
return tls.X25519
}
return 0
}
Reference in New Issue View Git Blame Copy Permalink