Merge branch 'initial-signing-implementation' into 'master'

Can get root certificate See merge request !6

Merge branch 'initial-signing-implementation' into 'master'
Can get root certificate See merge request !6
94d9229e · Gospodin Bodurov · 64adddad · 09d19c20 · 94d9229e · 94d9229e
Commit 94d9229e authored 6 years ago by Gospodin Bodurov
--- a/handler/generate_certificate.go
+++ b/handler/generate_certificate.go
@@ -73,7 +73,7 @@ func (s *KeyStorageServerImpl) GenerateCertificate(ctx context.Context, in *api.
 }
 func generateCertificate(publicKeyBytes []byte, caCertFilePath string, caPrivateKeyFilePath string,
-	certificateData *api.GenerateCertificateRequest_CertificateData) ([]byte, error) {
+	certificateData *api.CertificateData) ([]byte, error) {
 	publicKeyPemBlock, _ := pem.Decode(publicKeyBytes)
@@ -82,11 +82,21 @@ func generateCertificate(publicKeyBytes []byte, caCertFilePath string, caPrivate
 		return nil, err
 	}
-	notBeforeTime := time.Unix(certificateData.NotBefore.Seconds, int64(certificateData.NotBefore.Nanos)).UTC()
+	notBeforeTime := time.Unix(certificateData.NotBefore/1000, 0).UTC()
-	notAfterTime := time.Unix(certificateData.NotAfter.Seconds, int64(certificateData.NotAfter.Nanos)).UTC()
+	notAfterTime := time.Unix(certificateData.NotAfter/1000, 0).UTC()
+	max := new(big.Int)
+	max.Exp(big.NewInt(2), big.NewInt(130), nil).Sub(max, big.NewInt(1))
+	//Generate cryptographically strong pseudo-random between 0 - max
+	sn, err := rand.Int(rand.Reader, max)
+	if err != nil {
+		return nil, err
+	}
 	template := x509.Certificate{
-		SerialNumber: big.NewInt(1),
+		SerialNumber: sn,
 		Subject: pkix.Name{
 			Country:            []string{certificateData.Country},
 			Organization:       []string{certificateData.Organization},

--- a/handler/handler.go
+++ b/handler/handler.go
@@ -18,6 +18,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
 package handler
 import (
+	"io/ioutil"
 	"strings"
 	"code.vereign.com/code/viam-apis/versions"
@@ -64,9 +65,27 @@ func (s *KeyStorageServerImpl) GetKey(ctx context.Context, in *api.GetKeyRequest
 	getKeyResponse := &api.GetKeyResponse{}
+	if in.KeyType == api.KeyType_CERTIFICATE && in.Uuid == "root" {
+		key := &api.Key{}
+		data, err := ioutil.ReadFile(s.VereignCertFilePath)
+		if err != nil {
+			getKeyResponse.StatusList = utils.AddStatus(getKeyResponse.StatusList,
+				"400", api.StatusType_ERROR, "Can not get root certificate")
+			return getKeyResponse, nil
+		}
+		key.Content = data
+		key.Revoked = false
+		getKeyResponse.Key = key
+		return getKeyResponse, nil
+	}
 	if in.KeyType == api.KeyType_KT_EMPTY {
 		getKeyResponse.StatusList = utils.AddStatus(getKeyResponse.StatusList,
 			"400", api.StatusType_ERROR, "KeyType cannot be empty")
+		return getKeyResponse, nil
 	}
 	data, _ := client.DoGetDataCall("keys", in.Uuid+"/"+api.KeyType.String(in.KeyType))
@@ -93,9 +112,16 @@ func (s *KeyStorageServerImpl) SetKey(ctx context.Context, in *api.SetKeyRequest
 	setKeyResponse := &api.SetKeyResponse{}
+	if in.Uuid == "root" {
+		setKeyResponse.StatusList = utils.AddStatus(setKeyResponse.StatusList,
+			"400", api.StatusType_ERROR, "Can not set root CA keys")
+		return setKeyResponse, nil
+	}
 	if in.KeyType == api.KeyType_KT_EMPTY {
 		setKeyResponse.StatusList = utils.AddStatus(setKeyResponse.StatusList,
 			"400", api.StatusType_ERROR, "KeyType cannot be empty")
+		return setKeyResponse, nil
 	}
 	data, _ := client.DoGetDataCall("keys", in.Uuid+"/"+api.KeyType.String(in.KeyType))