llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-05-23 10:45:47 +08:00
Code Issues Packages Projects Releases Wiki Activity

Improve populateContent()

Browse Source
This commit is contained in:
Yang Luo 2024-03-10 18:58:53 +08:00
parent 2dc755f529
commit 2aac265ed4
3 changed files with 42 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
object/cert.go
View File

@ -16,7 +16,6 @@ package object
import ( import (
"fmt" "fmt"
"strings"
"github.com/casdoor/casdoor/util" "github.com/casdoor/casdoor/util"
"github.com/xorm-io/core" "github.com/xorm-io/core"
@ -206,17 +205,30 @@ func (p *Cert) GetId() string {
} }
func (p *Cert) populateContent() error { func (p *Cert) populateContent() error {
if p.Certificate == "" || p.PrivateKey == "" { if p.Certificate != "" && p.PrivateKey != "" {
var err error return nil
}
if len(p.CryptoAlgorithm) < 3 {
err := fmt.Errorf("populateContent() error, unsupported crypto algorithm: %s", p.CryptoAlgorithm)
return err
}
sigAlgorithm := p.CryptoAlgorithm[:2]
shaSize, err := util.ParseIntWithError(p.CryptoAlgorithm[2:])
if err != nil {
return err
}
var certificate, privateKey string var certificate, privateKey string
if strings.HasPrefix(p.CryptoAlgorithm, "RS") { if sigAlgorithm == "RS" {
certificate, privateKey, err = generateRsaKeys(p.BitSize, util.ParseInt(p.CryptoAlgorithm[2:]), p.ExpireInYears, p.Name, p.Owner) certificate, privateKey, err = generateRsaKeys(p.BitSize, shaSize, p.ExpireInYears, p.Name, p.Owner)
} else if strings.HasPrefix(p.CryptoAlgorithm, "ES") { } else if sigAlgorithm == "ES" {
certificate, privateKey, err = generateEsKeys(p.BitSize, util.ParseInt(p.CryptoAlgorithm[2:]), p.ExpireInYears, p.Name, p.Owner) certificate, privateKey, err = generateEsKeys(p.BitSize, shaSize, p.ExpireInYears, p.Name, p.Owner)
} else if strings.HasPrefix(p.CryptoAlgorithm, "PS") { } else if sigAlgorithm == "PS" {
certificate, privateKey, err = generateRsaPssKeys(p.BitSize, util.ParseInt(p.CryptoAlgorithm[2:]), p.ExpireInYears, p.Name, p.Owner) certificate, privateKey, err = generateRsaPssKeys(p.BitSize, shaSize, p.ExpireInYears, p.Name, p.Owner)
} else { } else {
err = fmt.Errorf("Crypto algorithm %s is not found", p.CryptoAlgorithm) err = fmt.Errorf("populateContent() error, unsupported signature algorithm: %s", sigAlgorithm)
} }
if err != nil { if err != nil {
return err return err
@ -224,8 +236,6 @@ func (p *Cert) populateContent() error {
p.Certificate = certificate p.Certificate = certificate
p.PrivateKey = privateKey p.PrivateKey = privateKey
}
return nil return nil
} }

18
object/token_jwt_key.go
View File

@ -27,7 +27,7 @@ import (
"time" "time"
) )
func generateRsaKeys(bitSize int, algorithmType int, expireInYears int, commonName string, organization string) (string, string, error) { func generateRsaKeys(bitSize int, shaSize int, expireInYears int, commonName string, organization string) (string, string, error) {
// https://stackoverflow.com/questions/64104586/use-golang-to-get-rsa-key-the-same-way-openssl-genrsa // https://stackoverflow.com/questions/64104586/use-golang-to-get-rsa-key-the-same-way-openssl-genrsa
// https://stackoverflow.com/questions/43822945/golang-can-i-create-x509keypair-using-rsa-key // https://stackoverflow.com/questions/43822945/golang-can-i-create-x509keypair-using-rsa-key
@ -58,7 +58,7 @@ func generateRsaKeys(bitSize int, algorithmType int, expireInYears int, commonNa
BasicConstraintsValid: true, BasicConstraintsValid: true,
} }
switch algorithmType { switch shaSize {
case 256: case 256:
tml.SignatureAlgorithm = x509.SHA256WithRSA tml.SignatureAlgorithm = x509.SHA256WithRSA
case 384: case 384:
@ -66,7 +66,7 @@ func generateRsaKeys(bitSize int, algorithmType int, expireInYears int, commonNa
case 512: case 512:
tml.SignatureAlgorithm = x509.SHA512WithRSA tml.SignatureAlgorithm = x509.SHA512WithRSA
default: default:
return "", "", fmt.Errorf("unsupported algorithm type") return "", "", fmt.Errorf("generateRsaKeys() error, unsupported SHA size: %d", shaSize)
} }
cert, err := x509.CreateCertificate(rand.Reader, &tml, &tml, &key.PublicKey, key) cert, err := x509.CreateCertificate(rand.Reader, &tml, &tml, &key.PublicKey, key)
@ -83,9 +83,9 @@ func generateRsaKeys(bitSize int, algorithmType int, expireInYears int, commonNa
return string(certPem), string(privateKeyPem), nil return string(certPem), string(privateKeyPem), nil
} }
func generateEsKeys(bitSize int, algorithmType int, expireInYears int, commonName string, organization string) (string, string, error) { func generateEsKeys(bitSize int, shaSize int, expireInYears int, commonName string, organization string) (string, string, error) {
var curve elliptic.Curve var curve elliptic.Curve
switch algorithmType { switch shaSize {
case 256: case 256:
curve = elliptic.P256() curve = elliptic.P256()
case 384: case 384:
@ -93,7 +93,7 @@ func generateEsKeys(bitSize int, algorithmType int, expireInYears int, commonNam
case 512: case 512:
curve = elliptic.P521() // ES512(P521,SHA512) curve = elliptic.P521() // ES512(P521,SHA512)
default: default:
return "", "", fmt.Errorf("unsupported algorithm type") return "", "", fmt.Errorf("generateEsKeys() error, unsupported SHA size: %d", shaSize)
} }
// Generate ECDSA key pair. // Generate ECDSA key pair.
@ -139,7 +139,7 @@ func generateEsKeys(bitSize int, algorithmType int, expireInYears int, commonNam
return string(certPem), string(privateKeyPem), nil return string(certPem), string(privateKeyPem), nil
} }
func generateRsaPssKeys(bitSize int, algorithmType int, expireInYears int, commonName string, organization string) (string, string, error) { func generateRsaPssKeys(bitSize int, shaSize int, expireInYears int, commonName string, organization string) (string, string, error) {
// Generate RSA key. // Generate RSA key.
key, err := rsa.GenerateKey(rand.Reader, bitSize) key, err := rsa.GenerateKey(rand.Reader, bitSize)
if err != nil { if err != nil {
@ -173,7 +173,7 @@ func generateRsaPssKeys(bitSize int, algorithmType int, expireInYears int, commo
} }
// Set the signature algorithm based on the hash function // Set the signature algorithm based on the hash function
switch algorithmType { switch shaSize {
case 256: case 256:
tml.SignatureAlgorithm = x509.SHA256WithRSAPSS tml.SignatureAlgorithm = x509.SHA256WithRSAPSS
case 384: case 384:
@ -181,7 +181,7 @@ func generateRsaPssKeys(bitSize int, algorithmType int, expireInYears int, commo
case 512: case 512:
tml.SignatureAlgorithm = x509.SHA512WithRSAPSS tml.SignatureAlgorithm = x509.SHA512WithRSAPSS
default: default:
return "", "", fmt.Errorf("unsupported algorithm type") return "", "", fmt.Errorf("generateRsaPssKeys() error, unsupported SHA size: %d", shaSize)
} }
cert, err := x509.CreateCertificate(rand.Reader, &tml, &tml, &key.PublicKey, key) cert, err := x509.CreateCertificate(rand.Reader, &tml, &tml, &key.PublicKey, key)

12
web/src/CertEditPage.js
View File

@ -171,21 +171,17 @@ class CertEditPage extends React.Component {
<Col span={22} > <Col span={22} >
<Select virtual={false} style={{width: "100%"}} value={this.state.cert.cryptoAlgorithm} onChange={(value => { <Select virtual={false} style={{width: "100%"}} value={this.state.cert.cryptoAlgorithm} onChange={(value => {
this.updateCertField("cryptoAlgorithm", value); this.updateCertField("cryptoAlgorithm", value);
if (value === "RS256" || value === "PS256") {
this.updateCertField("bitSize", 2048); if (value === "ES256") {
} else if (value === "RS384" || value === "PS384") {
this.updateCertField("bitSize", 2048);
} else if (value === "RS512" || value === "PS512") {
this.updateCertField("bitSize", 2048);
} else if (value === "ES256") {
this.updateCertField("bitSize", 256); this.updateCertField("bitSize", 256);
} else if (value === "ES384") { } else if (value === "ES384") {
this.updateCertField("bitSize", 384); this.updateCertField("bitSize", 384);
} else if (value === "ES521") { } else if (value === "ES521") {
this.updateCertField("bitSize", 521); this.updateCertField("bitSize", 521);
} else { } else {
this.updateCertField("bitSize", 0); this.updateCertField("bitSize", 2048);
} }
this.updateCertField("certificate", ""); this.updateCertField("certificate", "");
this.updateCertField("privateKey", ""); this.updateCertField("privateKey", "");
})}> })}>