zishuo/golib
1
0
Fork 0
mirror of https://github.com/nabbar/golib.git synced 2025-10-05 07:46:56 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
dbb443eb656bec38f67e8b33750ef9aafd206a3c
golib/certificates/tools.go
Nicolas JUHEL dbb443eb65 - Fix issue #94 
- Fix linter
- Remove useless code/deadcode
2021-04-13 14:21:07 +02:00

137 lines
4.1 KiB
Go
Raw Blame History

/*
* MIT License
*
* Copyright (c) 2020 Nicolas JUHEL
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
*
*/
package certificates
import (
"crypto/tls"
"crypto/x509"
"runtime"
"strings"
)
// Deprecated: use StringToCipherKey.
func GetCipherKey(cipher string) uint16 {
return StringToCipherKey(cipher)
}
// Deprecated: use StringToCurveID.
func GetCurveID(curveRef string) tls.CurveID {
return StringToCurveID(curveRef)
}
func SystemRootCA() *x509.CertPool {
if runtime.GOOS == "windows" {
return x509.NewCertPool()
} else if c, e := x509.SystemCertPool(); e == nil {
return c
} else {
return x509.NewCertPool()
}
}
func StringToTlsVersion(tlsVersStr string) uint16 {
tlsVersStr = strings.ToLower(tlsVersStr)
tlsVersStr = strings.Replace(tlsVersStr, "TLS", "", -1)
tlsVersStr = strings.TrimSpace(tlsVersStr)
switch tlsVersStr {
case "1", "1.0":
return tls.VersionTLS10
case "1.1":
return tls.VersionTLS11
case "1.2":
return tls.VersionTLS12
case "1.3":
return tls.VersionTLS13
default:
return tls.VersionTLS12
}
}
func StringToClientAuth(auth string) tls.ClientAuthType {
switch strings.ToLower(auth) {
case "request":
return tls.RequestClientCert
case "require":
return tls.RequireAnyClientCert
case "verify":
return tls.VerifyClientCertIfGiven
case "strict":
return tls.RequireAndVerifyClientCert
default:
return tls.NoClientCert
}
}
func StringToCipherKey(cipher string) uint16 {
cipher = strings.ToLower(cipher)
RSA := strings.Contains(cipher, "rsa")
DSA := strings.Contains(cipher, "ecdsa")
GSM := strings.Contains(cipher, "gsm")
AES128 := strings.Contains(cipher, "aes128") || strings.Contains(cipher, "aes_128") || strings.Contains(cipher, "aes-128")
AES256 := strings.Contains(cipher, "aes256") || strings.Contains(cipher, "aes_256") || strings.Contains(cipher, "aes-256")
CHACHA := strings.Contains(cipher, "chacha20") || strings.Contains(cipher, "chacha_20") || strings.Contains(cipher, "chacha-20")
POLY := strings.Contains(cipher, "poly1305") || strings.Contains(cipher, "poly_1305") || strings.Contains(cipher, "poly-1305")
if RSA && AES128 && !GSM {
return tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
} else if RSA && AES128 && GSM {
return tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
} else if RSA && AES256 {
return tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
} else if RSA && (CHACHA || POLY) {
return tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
} else if DSA && AES128 && !GSM {
return tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
} else if DSA && AES128 && GSM {
return tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
} else if DSA && AES256 {
return tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
} else if DSA && (CHACHA || POLY) {
return tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
}
return 0
}
func StringToCurveID(curveRef string) tls.CurveID {
curveRef = strings.ToLower(curveRef)
if strings.Contains(curveRef, "p256") {
return tls.CurveP256
} else if strings.Contains(curveRef, "p384") {
return tls.CurveP384
} else if strings.Contains(curveRef, "p521") {
return tls.CurveP521
} else if strings.Contains(curveRef, "x25519") {
return tls.X25519
}
return 0
}
Reference in New Issue View Git Blame Copy Permalink