From 2aac265ed4555b589985c6996d059dc42b0f4b0d Mon Sep 17 00:00:00 2001
From: Yang Luo <hsluoyz@qq.com>
Date: Sun, 10 Mar 2024 18:58:53 +0800
Subject: [PATCH] Improve populateContent()

---
 object/cert.go          | 48 +++++++++++++++++++++++++----------------
 object/token_jwt_key.go | 18 ++++++++--------
 web/src/CertEditPage.js | 12 ++++-------
 3 files changed, 42 insertions(+), 36 deletions(-)

diff --git a/object/cert.go b/object/cert.go
index 8d11eff9..749b7dec 100644
--- a/object/cert.go
+++ b/object/cert.go
@@ -16,7 +16,6 @@ package object
 
 import (
 	"fmt"
-	"strings"
 
 	"github.com/casdoor/casdoor/util"
 	"github.com/xorm-io/core"
@@ -206,26 +205,37 @@ func (p *Cert) GetId() string {
 }
 
 func (p *Cert) populateContent() error {
-	if p.Certificate == "" || p.PrivateKey == "" {
-		var err error
-		var certificate, privateKey string
-		if strings.HasPrefix(p.CryptoAlgorithm, "RS") {
-			certificate, privateKey, err = generateRsaKeys(p.BitSize, util.ParseInt(p.CryptoAlgorithm[2:]), p.ExpireInYears, p.Name, p.Owner)
-		} else if strings.HasPrefix(p.CryptoAlgorithm, "ES") {
-			certificate, privateKey, err = generateEsKeys(p.BitSize, util.ParseInt(p.CryptoAlgorithm[2:]), p.ExpireInYears, p.Name, p.Owner)
-		} else if strings.HasPrefix(p.CryptoAlgorithm, "PS") {
-			certificate, privateKey, err = generateRsaPssKeys(p.BitSize, util.ParseInt(p.CryptoAlgorithm[2:]), p.ExpireInYears, p.Name, p.Owner)
-		} else {
-			err = fmt.Errorf("Crypto algorithm %s is not found", p.CryptoAlgorithm)
-		}
-		if err != nil {
-			return err
-		}
-
-		p.Certificate = certificate
-		p.PrivateKey = privateKey
+	if p.Certificate != "" && p.PrivateKey != "" {
+		return nil
 	}
 
+	if len(p.CryptoAlgorithm) < 3 {
+		err := fmt.Errorf("populateContent() error, unsupported crypto algorithm: %s", p.CryptoAlgorithm)
+		return err
+	}
+
+	sigAlgorithm := p.CryptoAlgorithm[:2]
+	shaSize, err := util.ParseIntWithError(p.CryptoAlgorithm[2:])
+	if err != nil {
+		return err
+	}
+
+	var certificate, privateKey string
+	if sigAlgorithm == "RS" {
+		certificate, privateKey, err = generateRsaKeys(p.BitSize, shaSize, p.ExpireInYears, p.Name, p.Owner)
+	} else if sigAlgorithm == "ES" {
+		certificate, privateKey, err = generateEsKeys(p.BitSize, shaSize, p.ExpireInYears, p.Name, p.Owner)
+	} else if sigAlgorithm == "PS" {
+		certificate, privateKey, err = generateRsaPssKeys(p.BitSize, shaSize, p.ExpireInYears, p.Name, p.Owner)
+	} else {
+		err = fmt.Errorf("populateContent() error, unsupported signature algorithm: %s", sigAlgorithm)
+	}
+	if err != nil {
+		return err
+	}
+
+	p.Certificate = certificate
+	p.PrivateKey = privateKey
 	return nil
 }
 
diff --git a/object/token_jwt_key.go b/object/token_jwt_key.go
index 39195d39..e4616999 100644
--- a/object/token_jwt_key.go
+++ b/object/token_jwt_key.go
@@ -27,7 +27,7 @@ import (
 	"time"
 )
 
-func generateRsaKeys(bitSize int, algorithmType int, expireInYears int, commonName string, organization string) (string, string, error) {
+func generateRsaKeys(bitSize int, shaSize int, expireInYears int, commonName string, organization string) (string, string, error) {
 	// https://stackoverflow.com/questions/64104586/use-golang-to-get-rsa-key-the-same-way-openssl-genrsa
 	// https://stackoverflow.com/questions/43822945/golang-can-i-create-x509keypair-using-rsa-key
 
@@ -58,7 +58,7 @@ func generateRsaKeys(bitSize int, algorithmType int, expireInYears int, commonNa
 		BasicConstraintsValid: true,
 	}
 
-	switch algorithmType {
+	switch shaSize {
 	case 256:
 		tml.SignatureAlgorithm = x509.SHA256WithRSA
 	case 384:
@@ -66,7 +66,7 @@ func generateRsaKeys(bitSize int, algorithmType int, expireInYears int, commonNa
 	case 512:
 		tml.SignatureAlgorithm = x509.SHA512WithRSA
 	default:
-		return "", "", fmt.Errorf("unsupported algorithm type")
+		return "", "", fmt.Errorf("generateRsaKeys() error, unsupported SHA size: %d", shaSize)
 	}
 
 	cert, err := x509.CreateCertificate(rand.Reader, &tml, &tml, &key.PublicKey, key)
@@ -83,9 +83,9 @@ func generateRsaKeys(bitSize int, algorithmType int, expireInYears int, commonNa
 	return string(certPem), string(privateKeyPem), nil
 }
 
-func generateEsKeys(bitSize int, algorithmType int, expireInYears int, commonName string, organization string) (string, string, error) {
+func generateEsKeys(bitSize int, shaSize int, expireInYears int, commonName string, organization string) (string, string, error) {
 	var curve elliptic.Curve
-	switch algorithmType {
+	switch shaSize {
 	case 256:
 		curve = elliptic.P256()
 	case 384:
@@ -93,7 +93,7 @@ func generateEsKeys(bitSize int, algorithmType int, expireInYears int, commonNam
 	case 512:
 		curve = elliptic.P521() // ES512(P521,SHA512)
 	default:
-		return "", "", fmt.Errorf("unsupported algorithm type")
+		return "", "", fmt.Errorf("generateEsKeys() error, unsupported SHA size: %d", shaSize)
 	}
 
 	// Generate ECDSA key pair.
@@ -139,7 +139,7 @@ func generateEsKeys(bitSize int, algorithmType int, expireInYears int, commonNam
 	return string(certPem), string(privateKeyPem), nil
 }
 
-func generateRsaPssKeys(bitSize int, algorithmType int, expireInYears int, commonName string, organization string) (string, string, error) {
+func generateRsaPssKeys(bitSize int, shaSize int, expireInYears int, commonName string, organization string) (string, string, error) {
 	// Generate RSA key.
 	key, err := rsa.GenerateKey(rand.Reader, bitSize)
 	if err != nil {
@@ -173,7 +173,7 @@ func generateRsaPssKeys(bitSize int, algorithmType int, expireInYears int, commo
 	}
 
 	// Set the signature algorithm based on the hash function
-	switch algorithmType {
+	switch shaSize {
 	case 256:
 		tml.SignatureAlgorithm = x509.SHA256WithRSAPSS
 	case 384:
@@ -181,7 +181,7 @@ func generateRsaPssKeys(bitSize int, algorithmType int, expireInYears int, commo
 	case 512:
 		tml.SignatureAlgorithm = x509.SHA512WithRSAPSS
 	default:
-		return "", "", fmt.Errorf("unsupported algorithm type")
+		return "", "", fmt.Errorf("generateRsaPssKeys() error, unsupported SHA size: %d", shaSize)
 	}
 
 	cert, err := x509.CreateCertificate(rand.Reader, &tml, &tml, &key.PublicKey, key)
diff --git a/web/src/CertEditPage.js b/web/src/CertEditPage.js
index cb871176..8d570c79 100644
--- a/web/src/CertEditPage.js
+++ b/web/src/CertEditPage.js
@@ -171,21 +171,17 @@ class CertEditPage extends React.Component {
           <Col span={22} >
             <Select virtual={false} style={{width: "100%"}} value={this.state.cert.cryptoAlgorithm} onChange={(value => {
               this.updateCertField("cryptoAlgorithm", value);
-              if (value === "RS256" || value === "PS256") {
-                this.updateCertField("bitSize", 2048);
-              } else if (value === "RS384" || value === "PS384") {
-                this.updateCertField("bitSize", 2048);
-              } else if (value === "RS512" || value === "PS512") {
-                this.updateCertField("bitSize", 2048);
-              } else if (value === "ES256") {
+
+              if (value === "ES256") {
                 this.updateCertField("bitSize", 256);
               } else if (value === "ES384") {
                 this.updateCertField("bitSize", 384);
               } else if (value === "ES521") {
                 this.updateCertField("bitSize", 521);
               } else {
-                this.updateCertField("bitSize", 0);
+                this.updateCertField("bitSize", 2048);
               }
+
               this.updateCertField("certificate", "");
               this.updateCertField("privateKey", "");
             })}>