package api import ( "crypto/ecdsa" "crypto/elliptic" "crypto/rand" "crypto/rsa" "io" "log" "net/http" "git.coolaj86.com/coolaj86/go-mockid/xkeypairs" "git.rootprojects.org/root/keypairs" ) // RandomReader may be overwritten for testing var RandomReader io.Reader = rand.Reader // GeneratePrivateJWK will create a new private key in JWK format func GeneratePrivateJWK(w http.ResponseWriter, r *http.Request) { log.Printf("%s %s", r.Method, r.URL.Path) if "POST" != r.Method { http.Error(w, "Method Not Allowed", http.StatusMethodNotAllowed) return } opts, err := getOpts(r) if nil != err { http.Error(w, err.Error(), http.StatusBadRequest) return } privkey := genPrivKey(opts) jwk := xkeypairs.MarshalJWKPrivateKey(privkey) w.Write(append(jwk, '\n')) } // GeneratePrivateDER will create a new private key in a valid DER encoding func GeneratePrivateDER(w http.ResponseWriter, r *http.Request) { log.Printf("%s %s\n", r.Method, r.URL.Path) if "POST" != r.Method { http.Error(w, "Method Not Allowed", http.StatusMethodNotAllowed) return } opts, err := getOpts(r) if nil != err { http.Error(w, err.Error(), http.StatusBadRequest) return } privkey := genPrivKey(opts) der, _ := xkeypairs.MarshalDERPrivateKey(privkey) w.Write(der) } // GeneratePrivatePEM will create a new private key in a valid PEM encoding func GeneratePrivatePEM(w http.ResponseWriter, r *http.Request) { log.Printf("%s %s\n", r.Method, r.URL.Path) if "POST" != r.Method { http.Error(w, "Method Not Allowed", http.StatusMethodNotAllowed) return } opts, err := getOpts(r) if nil != err { http.Error(w, err.Error(), http.StatusBadRequest) return } privkey := genPrivKey(opts) privpem, _ := xkeypairs.MarshalPEMPrivateKey(privkey) w.Write(privpem) } func genPrivKey(opts *options) keypairs.PrivateKey { var privkey keypairs.PrivateKey if "RSA" == opts.KeyType { keylen := 2048 privkey, _ = rsa.GenerateKey(opts.rndReader, keylen) } else { privkey, _ = ecdsa.GenerateKey(elliptic.P256(), opts.rndReader) } return privkey }