go_S-MIME/openssl/openssl.go

// Package openssl shells out openssl for testing
package openssl

import (
	"bytes"
	"crypto"
	"crypto/x509"
	"encoding/pem"
	"fmt"
	"io/ioutil"
	"os"
	"os/exec"
	"strings"
)

// SMIME is the commpand used for openssl smime, can be replaces with cms
var SMIME = "smime"

// Encrypt a message with openssl
func Encrypt(in []byte, cert *x509.Certificate, opts ...string) (der []byte, err error) {

	tmpKey, err := ioutil.TempFile("", "example")
	defer os.Remove(tmpKey.Name())

	pem.Encode(tmpKey, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw})

	param := []string{SMIME, "-encrypt", "-aes128"}
	if SMIME == "smime" {
		// For smime arguments can not be passed after the keyfile
		param = append(param, opts...)
		param = append(param, tmpKey.Name())
	} else {
		// Keyots have to be passed after the key
		param = append(param, "-recip", tmpKey.Name())
		param = append(param, opts...)
	}
	der, err = openssl(in, param...)

	return
}

// Decrypt a message with openssl
func Decrypt(in []byte, key crypto.PrivateKey, opts ...string) (plain []byte, err error) {

	tmpKey, err := ioutil.TempFile("", "example")
	defer os.Remove(tmpKey.Name())

	keyDER, err := x509.MarshalPKCS8PrivateKey(key)
	if err != nil {
		return
	}
	pem.Encode(tmpKey, &pem.Block{Type: "PRIVATE KEY", Bytes: keyDER})

	param := []string{SMIME, "-decrypt"}
	param = append(param, opts...)
	param = append(param, []string{"-inkey", tmpKey.Name()}...)
	plain, err = openssl(in, param...)

	return
}

// SignDetached creates a detached signature with openssl
func SignDetached(in []byte, cert *x509.Certificate, key crypto.PrivateKey, interm []*x509.Certificate, opts ...string) (plain []byte, err error) {

	tmpCert, err := ioutil.TempFile("", "example")
	defer os.Remove(tmpCert.Name())

	pem.Encode(tmpCert, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw})

	tmpKey, err := ioutil.TempFile("", "example")
	defer os.Remove(tmpKey.Name())

	keyDER, err := x509.MarshalPKCS8PrivateKey(key)
	if err != nil {
		return
	}
	pem.Encode(tmpKey, &pem.Block{Type: "PRIVATE KEY", Bytes: keyDER})

	tmpInterm, err := ioutil.TempFile("", "example")
	defer os.Remove(tmpInterm.Name())

	for _, i := range interm {
		pem.Encode(tmpInterm, &pem.Block{Type: "CERTIFICATE", Bytes: i.Raw})
	}

	param := []string{SMIME, "-sign", "-nodetach", "-signer", tmpCert.Name(), "-inkey", tmpKey.Name(), "-certfile", tmpInterm.Name()}
	param = append(param, opts...)
	plain, err = openssl(in, param...)

	return
}

// Sign creates a signature with openssl
func Sign(in []byte, cert *x509.Certificate, key crypto.PrivateKey, interm []*x509.Certificate, opts ...string) (plain []byte, err error) {

	tmpCert, err := ioutil.TempFile("", "example")
	defer os.Remove(tmpCert.Name())

	pem.Encode(tmpCert, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw})

	tmpKey, err := ioutil.TempFile("", "example")
	defer os.Remove(tmpKey.Name())

	keyDER, err := x509.MarshalPKCS8PrivateKey(key)
	if err != nil {
		return
	}
	pem.Encode(tmpKey, &pem.Block{Type: "PRIVATE KEY", Bytes: keyDER})

	tmpInterm, err := ioutil.TempFile("", "example")
	defer os.Remove(tmpInterm.Name())

	for _, i := range interm {
		pem.Encode(tmpInterm, &pem.Block{Type: "CERTIFICATE", Bytes: i.Raw})
	}

	param := []string{SMIME, "-sign"}
	param = append(param, opts...)
	param = append(param, []string{"-signer", tmpCert.Name(), "-inkey", tmpKey.Name(), "-certfile", tmpInterm.Name()}...)
	plain, err = openssl(in, param...)

	return
}

// Verify a signature with openssl
func Verify(in []byte, ca *x509.Certificate, opts ...string) (plain []byte, err error) {

	tmpCA, err := ioutil.TempFile("", "example")
	defer os.Remove(tmpCA.Name())

	pem.Encode(tmpCA, &pem.Block{Type: "CERTIFICATE", Bytes: ca.Raw})

	param := []string{SMIME, "-verify"}
	param = append(param, opts...)
	param = append(param, []string{"-CAfile", tmpCA.Name()}...)
	plain, err = openssl(in, param...)

	return
}

// Openssl runs the openssl command with given args
func Openssl(stdin []byte, args ...string) ([]byte, error) {
	return openssl(stdin, args...)
}

func openssl(stdin []byte, args ...string) ([]byte, error) {
	cmd := exec.Command("openssl", args...)

	in := bytes.NewReader(stdin)
	out := &bytes.Buffer{}
	errs := &bytes.Buffer{}

	cmd.Stdin, cmd.Stdout, cmd.Stderr = in, out, errs

	if err := cmd.Run(); err != nil {
		if len(errs.Bytes()) > 0 {
			return nil, fmt.Errorf("error running %s (%s):\n %v", cmd.Args, err, errs.String())
		}
		return nil, err
	}

	if strings.Contains(errs.String(), "Error") {
		return nil, fmt.Errorf("error running %s (%s):\n ", cmd.Args, errs.String())
	}

	return out.Bytes(), nil
}
fixing 2022-10-22 11:17:29 +00:00			`// Package openssl shells out openssl for testing`
Added shelled-out openssl for testing. 2018-11-14 14:13:28 +00:00			`package openssl`

			`import (`
			`"bytes"`
			`"crypto"`
			`"crypto/x509"`
			`"encoding/pem"`
			`"fmt"`
			`"io/ioutil"`
			`"os"`
			`"os/exec"`
Added support for ECDH in enveloped data with ECDSA certificates. - fixed parsing of choice(was compatible with Apple mail.app which tagged kari explicitly) - minor fixes 2018-12-10 16:18:29 +00:00			`"strings"`
Added shelled-out openssl for testing. 2018-11-14 14:13:28 +00:00			`)`

Added support for ECDH in enveloped data with ECDSA certificates. - fixed parsing of choice(was compatible with Apple mail.app which tagged kari explicitly) - minor fixes 2018-12-10 16:18:29 +00:00			`// SMIME is the commpand used for openssl smime, can be replaces with cms`
			`var SMIME = "smime"`

fixing 2022-10-22 11:17:29 +00:00			`// Encrypt a message with openssl`
Add support for signing E-Mails and fixed tests. 2018-11-19 13:33:55 +00:00			`func Encrypt(in []byte, cert *x509.Certificate, opts ...string) (der []byte, err error) {`
Added shelled-out openssl for testing. 2018-11-14 14:13:28 +00:00
Added support for ECDH in enveloped data with ECDSA certificates. - fixed parsing of choice(was compatible with Apple mail.app which tagged kari explicitly) - minor fixes 2018-12-10 16:18:29 +00:00			`tmpKey, err := ioutil.TempFile("", "example")`
			`defer os.Remove(tmpKey.Name())`
Added shelled-out openssl for testing. 2018-11-14 14:13:28 +00:00
Added support for ECDH in enveloped data with ECDSA certificates. - fixed parsing of choice(was compatible with Apple mail.app which tagged kari explicitly) - minor fixes 2018-12-10 16:18:29 +00:00			`pem.Encode(tmpKey, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw})`
Added shelled-out openssl for testing. 2018-11-14 14:13:28 +00:00
Added support for ECDH in enveloped data with ECDSA certificates. - fixed parsing of choice(was compatible with Apple mail.app which tagged kari explicitly) - minor fixes 2018-12-10 16:18:29 +00:00			`param := []string{SMIME, "-encrypt", "-aes128"}`
Added support for RSASSA-PSS and RSAES-OAEP. 2018-12-21 13:43:59 +00:00			`if SMIME == "smime" {`
			`// For smime arguments can not be passed after the keyfile`
			`param = append(param, opts...)`
			`param = append(param, tmpKey.Name())`
			`} else {`
			`// Keyots have to be passed after the key`
			`param = append(param, "-recip", tmpKey.Name())`
			`param = append(param, opts...)`
			`}`
Add support for signing E-Mails and fixed tests. 2018-11-19 13:33:55 +00:00			`der, err = openssl(in, param...)`
Added shelled-out openssl for testing. 2018-11-14 14:13:28 +00:00
			`return`
			`}`

fixing 2022-10-22 11:17:29 +00:00			`// Decrypt a message with openssl`
Add support for signing E-Mails and fixed tests. 2018-11-19 13:33:55 +00:00			`func Decrypt(in []byte, key crypto.PrivateKey, opts ...string) (plain []byte, err error) {`
Added shelled-out openssl for testing. 2018-11-14 14:13:28 +00:00
Added support for ECDH in enveloped data with ECDSA certificates. - fixed parsing of choice(was compatible with Apple mail.app which tagged kari explicitly) - minor fixes 2018-12-10 16:18:29 +00:00			`tmpKey, err := ioutil.TempFile("", "example")`
			`defer os.Remove(tmpKey.Name())`
Added shelled-out openssl for testing. 2018-11-14 14:13:28 +00:00
Added support for ECDH in enveloped data with ECDSA certificates. - fixed parsing of choice(was compatible with Apple mail.app which tagged kari explicitly) - minor fixes 2018-12-10 16:18:29 +00:00			`keyDER, err := x509.MarshalPKCS8PrivateKey(key)`
			`if err != nil {`
			`return`
			`}`
			`pem.Encode(tmpKey, &pem.Block{Type: "PRIVATE KEY", Bytes: keyDER})`
Added shelled-out openssl for testing. 2018-11-14 14:13:28 +00:00
Added support for ECDH in enveloped data with ECDSA certificates. - fixed parsing of choice(was compatible with Apple mail.app which tagged kari explicitly) - minor fixes 2018-12-10 16:18:29 +00:00			`param := []string{SMIME, "-decrypt"}`
Add support for signing E-Mails and fixed tests. 2018-11-19 13:33:55 +00:00			`param = append(param, opts...)`
Added support for ECDH in enveloped data with ECDSA certificates. - fixed parsing of choice(was compatible with Apple mail.app which tagged kari explicitly) - minor fixes 2018-12-10 16:18:29 +00:00			`param = append(param, []string{"-inkey", tmpKey.Name()}...)`
Add support for signing E-Mails and fixed tests. 2018-11-19 13:33:55 +00:00			`plain, err = openssl(in, param...)`
Added shelled-out openssl for testing. 2018-11-14 14:13:28 +00:00
			`return`
			`}`

Added support for ECDH in enveloped data with ECDSA certificates. - fixed parsing of choice(was compatible with Apple mail.app which tagged kari explicitly) - minor fixes 2018-12-10 16:18:29 +00:00			`// SignDetached creates a detached signature with openssl`
Add support for signing E-Mails and fixed tests. 2018-11-19 13:33:55 +00:00			`func SignDetached(in []byte, cert x509.Certificate, key crypto.PrivateKey, interm []x509.Certificate, opts ...string) (plain []byte, err error) {`
Added shelled-out openssl for testing. 2018-11-14 14:13:28 +00:00
			`tmpCert, err := ioutil.TempFile("", "example")`
			`defer os.Remove(tmpCert.Name())`

			`pem.Encode(tmpCert, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw})`

			`tmpKey, err := ioutil.TempFile("", "example")`
			`defer os.Remove(tmpKey.Name())`

Added support for ECDH in enveloped data with ECDSA certificates. - fixed parsing of choice(was compatible with Apple mail.app which tagged kari explicitly) - minor fixes 2018-12-10 16:18:29 +00:00			`keyDER, err := x509.MarshalPKCS8PrivateKey(key)`
			`if err != nil {`
			`return`
			`}`
			`pem.Encode(tmpKey, &pem.Block{Type: "PRIVATE KEY", Bytes: keyDER})`
Added shelled-out openssl for testing. 2018-11-14 14:13:28 +00:00
			`tmpInterm, err := ioutil.TempFile("", "example")`
			`defer os.Remove(tmpInterm.Name())`

			`for _, i := range interm {`
			`pem.Encode(tmpInterm, &pem.Block{Type: "CERTIFICATE", Bytes: i.Raw})`
			`}`

Added support for RSASSA-PSS and RSAES-OAEP. 2018-12-21 13:43:59 +00:00			`param := []string{SMIME, "-sign", "-nodetach", "-signer", tmpCert.Name(), "-inkey", tmpKey.Name(), "-certfile", tmpInterm.Name()}`
Add support for signing E-Mails and fixed tests. 2018-11-19 13:33:55 +00:00			`param = append(param, opts...)`
			`plain, err = openssl(in, param...)`
Added shelled-out openssl for testing. 2018-11-14 14:13:28 +00:00
			`return`
			`}`

Added support for ECDH in enveloped data with ECDSA certificates. - fixed parsing of choice(was compatible with Apple mail.app which tagged kari explicitly) - minor fixes 2018-12-10 16:18:29 +00:00			`// Sign creates a signature with openssl`
Add support for signing E-Mails and fixed tests. 2018-11-19 13:33:55 +00:00			`func Sign(in []byte, cert x509.Certificate, key crypto.PrivateKey, interm []x509.Certificate, opts ...string) (plain []byte, err error) {`
Added shelled-out openssl for testing. 2018-11-14 14:13:28 +00:00
			`tmpCert, err := ioutil.TempFile("", "example")`
			`defer os.Remove(tmpCert.Name())`

			`pem.Encode(tmpCert, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw})`

			`tmpKey, err := ioutil.TempFile("", "example")`
			`defer os.Remove(tmpKey.Name())`

Added support for ECDH in enveloped data with ECDSA certificates. - fixed parsing of choice(was compatible with Apple mail.app which tagged kari explicitly) - minor fixes 2018-12-10 16:18:29 +00:00			`keyDER, err := x509.MarshalPKCS8PrivateKey(key)`
			`if err != nil {`
			`return`
			`}`
			`pem.Encode(tmpKey, &pem.Block{Type: "PRIVATE KEY", Bytes: keyDER})`
Added shelled-out openssl for testing. 2018-11-14 14:13:28 +00:00
			`tmpInterm, err := ioutil.TempFile("", "example")`
			`defer os.Remove(tmpInterm.Name())`

			`for _, i := range interm {`
			`pem.Encode(tmpInterm, &pem.Block{Type: "CERTIFICATE", Bytes: i.Raw})`
			`}`

Added support for ECDH in enveloped data with ECDSA certificates. - fixed parsing of choice(was compatible with Apple mail.app which tagged kari explicitly) - minor fixes 2018-12-10 16:18:29 +00:00			`param := []string{SMIME, "-sign"}`
Add support for signing E-Mails and fixed tests. 2018-11-19 13:33:55 +00:00			`param = append(param, opts...)`
			`param = append(param, []string{"-signer", tmpCert.Name(), "-inkey", tmpKey.Name(), "-certfile", tmpInterm.Name()}...)`
			`plain, err = openssl(in, param...)`
Added shelled-out openssl for testing. 2018-11-14 14:13:28 +00:00
			`return`
			`}`

fixing 2022-10-22 11:17:29 +00:00			`// Verify a signature with openssl`
Add support for signing E-Mails and fixed tests. 2018-11-19 13:33:55 +00:00			`func Verify(in []byte, ca *x509.Certificate, opts ...string) (plain []byte, err error) {`
Added shelled-out openssl for testing. 2018-11-14 14:13:28 +00:00
			`tmpCA, err := ioutil.TempFile("", "example")`
			`defer os.Remove(tmpCA.Name())`

			`pem.Encode(tmpCA, &pem.Block{Type: "CERTIFICATE", Bytes: ca.Raw})`

Added support for ECDH in enveloped data with ECDSA certificates. - fixed parsing of choice(was compatible with Apple mail.app which tagged kari explicitly) - minor fixes 2018-12-10 16:18:29 +00:00			`param := []string{SMIME, "-verify"}`
Add support for signing E-Mails and fixed tests. 2018-11-19 13:33:55 +00:00			`param = append(param, opts...)`
			`param = append(param, []string{"-CAfile", tmpCA.Name()}...)`
			`plain, err = openssl(in, param...)`
Added shelled-out openssl for testing. 2018-11-14 14:13:28 +00:00
			`return`
			`}`

Added support for ECDH in enveloped data with ECDSA certificates. - fixed parsing of choice(was compatible with Apple mail.app which tagged kari explicitly) - minor fixes 2018-12-10 16:18:29 +00:00			`// Openssl runs the openssl command with given args`
			`func Openssl(stdin []byte, args ...string) ([]byte, error) {`
			`return openssl(stdin, args...)`
			`}`

Added shelled-out openssl for testing. 2018-11-14 14:13:28 +00:00			`func openssl(stdin []byte, args ...string) ([]byte, error) {`
			`cmd := exec.Command("openssl", args...)`

			`in := bytes.NewReader(stdin)`
			`out := &bytes.Buffer{}`
			`errs := &bytes.Buffer{}`

			`cmd.Stdin, cmd.Stdout, cmd.Stderr = in, out, errs`

			`if err := cmd.Run(); err != nil {`
			`if len(errs.Bytes()) > 0 {`
			`return nil, fmt.Errorf("error running %s (%s):\n %v", cmd.Args, err, errs.String())`
			`}`
			`return nil, err`
			`}`

Added support for ECDH in enveloped data with ECDSA certificates. - fixed parsing of choice(was compatible with Apple mail.app which tagged kari explicitly) - minor fixes 2018-12-10 16:18:29 +00:00			`if strings.Contains(errs.String(), "Error") {`
			`return nil, fmt.Errorf("error running %s (%s):\n ", cmd.Args, errs.String())`
			`}`

Added shelled-out openssl for testing. 2018-11-14 14:13:28 +00:00			`return out.Bytes(), nil`
			`}`