GuanM/certimate
1
0
Fork 0
mirror of https://github.com/usual2970/certimate.git synced 2025-06-08 05:29:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: wrong detection results of certificate key algorithm

Browse Source
This commit is contained in:
Fu Diwei 2025-03-10 16:18:30 +08:00
parent 19ccac5c05
commit c907f22275
1 changed files with 55 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
internal/domain/certificate.go
View File

@ -1,7 +1,10 @@
package domain package domain
import ( import (
"crypto/ecdsa"
"crypto/rsa"
"crypto/x509" "crypto/x509"
"fmt"
"strings" "strings"
"time" "time"
@ -39,19 +42,58 @@ func (c *Certificate) PopulateFromX509(certX509 *x509.Certificate) *Certificate
c.EffectAt = certX509.NotBefore c.EffectAt = certX509.NotBefore
c.ExpireAt = certX509.NotAfter c.ExpireAt = certX509.NotAfter
switch certX509.SignatureAlgorithm { switch certX509.PublicKeyAlgorithm {
case x509.SHA256WithRSA, x509.SHA256WithRSAPSS: case x509.RSA:
c.KeyAlgorithm = CertificateKeyAlgorithmTypeRSA2048 {
case x509.SHA384WithRSA, x509.SHA384WithRSAPSS: len := 0
c.KeyAlgorithm = CertificateKeyAlgorithmTypeRSA3072 if pubkey, ok := certX509.PublicKey.(*rsa.PublicKey); ok {
case x509.SHA512WithRSA, x509.SHA512WithRSAPSS: len = pubkey.N.BitLen()
c.KeyAlgorithm = CertificateKeyAlgorithmTypeRSA4096 }
case x509.ECDSAWithSHA256:
c.KeyAlgorithm = CertificateKeyAlgorithmTypeEC256 switch len {
case x509.ECDSAWithSHA384: case 0:
c.KeyAlgorithm = CertificateKeyAlgorithmTypeEC384 c.KeyAlgorithm = CertificateKeyAlgorithmType("RSA")
case x509.ECDSAWithSHA512: case 2048:
c.KeyAlgorithm = CertificateKeyAlgorithmTypeEC512 c.KeyAlgorithm = CertificateKeyAlgorithmTypeRSA2048
case 3072:
c.KeyAlgorithm = CertificateKeyAlgorithmTypeRSA3072
case 4096:
c.KeyAlgorithm = CertificateKeyAlgorithmTypeRSA4096
case 8192:
c.KeyAlgorithm = CertificateKeyAlgorithmTypeRSA8192
default:
c.KeyAlgorithm = CertificateKeyAlgorithmType(fmt.Sprintf("RSA%d", len))
}
}
case x509.ECDSA:
{
len := 0
if pubkey, ok := certX509.PublicKey.(*ecdsa.PublicKey); ok {
if pubkey.Curve != nil && pubkey.Curve.Params() != nil {
len = pubkey.Curve.Params().BitSize
}
}
switch len {
case 0:
c.KeyAlgorithm = CertificateKeyAlgorithmType("EC")
case 256:
c.KeyAlgorithm = CertificateKeyAlgorithmTypeEC256
case 384:
c.KeyAlgorithm = CertificateKeyAlgorithmTypeEC384
case 521:
c.KeyAlgorithm = CertificateKeyAlgorithmTypeEC512
default:
c.KeyAlgorithm = CertificateKeyAlgorithmType(fmt.Sprintf("EC%d", len))
}
}
case x509.Ed25519:
{
c.KeyAlgorithm = CertificateKeyAlgorithmType("ED25519")
}
default: default:
c.KeyAlgorithm = CertificateKeyAlgorithmType("") c.KeyAlgorithm = CertificateKeyAlgorithmType("")
} }