-
Notifications
You must be signed in to change notification settings - Fork 1
/
identity.go
91 lines (84 loc) · 2.04 KB
/
identity.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
package bifrost
import (
"crypto/x509"
"encoding/pem"
"errors"
"fmt"
"github.com/google/uuid"
)
// Identity represents a unique identity in the system.
type Identity struct {
Namespace uuid.UUID
PublicKey *PublicKey
}
func (i Identity) UUID() uuid.UUID {
return i.PublicKey.UUID(i.Namespace)
}
func (i Identity) String() string {
return i.UUID().String()
}
// ParseIdentity parses a Bifrost identity from a PEM-encoded block.
// The block may contain a private key, public key, certificate, or certificate request.
//
// If the block contains a private or a public key,
// the returned identity will contain the public key.
// If the block contains a certificate or certificate request,
// the returned identity will contain the public key and namespace.
func ParseIdentity(data []byte) (*Identity, error) {
block, _ := pem.Decode(data)
if block == nil {
return nil, errors.New("no PEM data found")
}
// Parse the key or certificate.
switch block.Type {
case "PRIVATE KEY":
var privkey PrivateKey
if err := privkey.UnmarshalBinary(block.Bytes); err != nil {
return nil, err
}
return &Identity{
PublicKey: privkey.PublicKey(),
}, nil
case "EC PRIVATE KEY":
pk, err := x509.ParseECPrivateKey(block.Bytes)
if err != nil {
return nil, err
}
pubkey := PublicKey{
PublicKey: &pk.PublicKey,
}
return &Identity{
PublicKey: &pubkey,
}, nil
case "PUBLIC KEY":
var pubkey PublicKey
if err := pubkey.UnmarshalBinary(block.Bytes); err != nil {
return nil, err
}
return &Identity{
PublicKey: &pubkey,
}, nil
case "CERTIFICATE":
cert, err := ParseCertificate(block.Bytes)
if err != nil {
return nil, err
}
ns := cert.Namespace
return &Identity{
Namespace: ns,
PublicKey: cert.PublicKey,
}, nil
case "CERTIFICATE REQUEST":
csr, err := ParseCertificateRequest(block.Bytes)
if err != nil {
return nil, err
}
ns := csr.Namespace
return &Identity{
Namespace: ns,
PublicKey: csr.PublicKey,
}, nil
default:
return nil, fmt.Errorf("unsupported PEM block type: %s", block.Type)
}
}