Skip to content

Commit

Permalink
Merge pull request #30 from toddgaunt-gs/feature/add-hash-algo-support
Browse files Browse the repository at this point in the history
Add support for adding certificate signature algorithms to requests
  • Loading branch information
toddgaunt-gs authored Jul 25, 2023
2 parents ecd095e + 1007486 commit a791565
Show file tree
Hide file tree
Showing 8 changed files with 45 additions and 0 deletions.
1 change: 1 addition & 0 deletions client_int_test.go
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
//go:build integration
// +build integration

/*
Expand Down
1 change: 1 addition & 0 deletions client_relogin_test.go
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
//go:build integration
// +build integration

/*
Expand Down
6 changes: 6 additions & 0 deletions cmd/hvclient/flags.go
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,12 @@ var (

var fEKUs = flag.String("ekus", "", "extended key usages")

// Signature flags.
var (
fSigAlg = flag.String("sigalg", "", `signature algorithm to use (e.g. "" to use policy default or specify one of, "RSA", "RSA-PSS", or, "ECDSA")`)
fSigHash = flag.String("sighash", "", `signature hash algorithm to use (e.g. "" to use policy default or specify one of, "SHA-256", "SHA-384", or "SHA-512")`)
)

// Time window flags.
var (
fFrom = flag.String("from", "", "start of the time window in layout "+defaultTimeLayout+" (default: 30 days ago)")
Expand Down
6 changes: 6 additions & 0 deletions cmd/hvclient/help.go
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,12 @@ Certificate request options:
-ekus=<string> Comma-separated list of extended key usage
OIDs, e.g. "1.3.6.1.5.5.7.3.2"
-sigalg=<string> An algorithm name to be used for the certificate
signature e.g. "RSA", "RSA-PSS", or "ECDSA"
-sighash=<string> An algorithm name to be used for the certificate
signature hash e.g. "SHA-256", "SHA-384", or "SHA-512"
-template=<file> Read values from the specified JSON-encoded
file. Options specified at the command line
override or append to the values in this
Expand Down
11 changes: 11 additions & 0 deletions cmd/hvclient/request_builders.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@ type requestValues struct {
subject subjectValues
san sanValues
ekus string
sigAlg string
sigHash string
publickey string
privatekey string
csr string
Expand Down Expand Up @@ -138,6 +140,15 @@ func buildRequest(reqinfo *requestValues) (*hvclient.Request, error) {
return nil, err
}

// Only add the signature hash algorithm if specified, otherwise we don't
// want to bother sending out an object.
if reqinfo.sigAlg != "" || reqinfo.sigHash != "" {
request.Signature = &hvclient.Signature{
Algorithm: reqinfo.sigAlg,
HashAlgorithm: reqinfo.sigHash,
}
}

if request.PublicKey, request.PrivateKey, request.CSR, err = getKeys(
reqinfo.publickey,
reqinfo.privatekey,
Expand Down
2 changes: 2 additions & 0 deletions cmd/hvclient/request_cert.go
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,8 @@ func requestCert(clnt *hvclient.Client) error {
uris: *fURIs,
},
ekus: *fEKUs,
sigAlg: *fSigAlg,
sigHash: *fSigHash,
publickey: *fPublicKey,
privatekey: *fPrivateKey,
csr: *fCSR,
Expand Down
10 changes: 10 additions & 0 deletions request.go
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ type Request struct {
QualifiedStatements *QualifiedStatements
MSExtension *MSExtension
CustomExtensions []OIDAndString
Signature *Signature
CSR *x509.CertificateRequest
PrivateKey interface{}
PublicKey interface{}
Expand Down Expand Up @@ -154,6 +155,12 @@ type MSExtension struct {
MinorVersion int
}

// Signature contains the names of the algorithms used to sign the certificate.
type Signature struct {
Algorithm string `json:"algorithm,omitempty"`
HashAlgorithm string `json:"hash_algorithm,omitempty"`
}

// jsonRequest is used internally for JSON marshalling/unmarshalling.
type jsonRequest struct {
Validity *Validity `json:"validity,omitempty"`
Expand All @@ -164,6 +171,7 @@ type jsonRequest struct {
QualifiedStatements *QualifiedStatements `json:"qualified_statements,omitempty"`
MSExtension *MSExtension `json:"ms_extension_template,omitempty"`
CustomExtensions json.RawMessage `json:"custom_extensions,omitempty"`
Signature *Signature `json:"signature,omitempty"`
PublicKey string `json:"public_key,omitempty"`
PublicKeySignature string `json:"public_key_signature,omitempty"`
}
Expand Down Expand Up @@ -384,6 +392,7 @@ func (r Request) MarshalJSON() ([]byte, error) {
QualifiedStatements: r.QualifiedStatements,
MSExtension: r.MSExtension,
CustomExtensions: raw,
Signature: r.Signature,
PublicKey: publicKey,
PublicKeySignature: publicKeySig,
})
Expand Down Expand Up @@ -448,6 +457,7 @@ func (r *Request) UnmarshalJSON(b []byte) error {
QualifiedStatements: jsonreq.QualifiedStatements,
MSExtension: jsonreq.MSExtension,
CustomExtensions: exts,
Signature: jsonreq.Signature,
}

return nil
Expand Down
8 changes: 8 additions & 0 deletions request_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -186,6 +186,10 @@ const testRequestFullJSON = `{
"custom_extensions": {
"2.5.29.99.1": "NIL",
"2.5.29.99.2": "SOME TEXT"
},
"signature": {
"algorithm": "RSA",
"hash_algorithm": "SHA-256"
}
}`

Expand Down Expand Up @@ -289,6 +293,10 @@ var testRequestFullRequest = hvclient.Request{
Value: "SOME TEXT",
},
},
Signature: &hvclient.Signature{
Algorithm: "RSA",
HashAlgorithm: "SHA-256",
},
}

func TestRequestMarshalJSON(t *testing.T) {
Expand Down

0 comments on commit a791565

Please sign in to comment.