From 7b5216d2c37ced586db7593f6b8932c79dfa69ec Mon Sep 17 00:00:00 2001
From: Massimiliano Adamo <maxadamo@gmail.com>
Date: Wed, 2 Dec 2020 21:51:12 +0100
Subject: [PATCH] rollback attempt to use crypt library

---
 build.sh | 24 ++++++++++++------------
 main.go  | 49 +++++++++++++++++++++++++++++++++++++++++++++++--
 2 files changed, 59 insertions(+), 14 deletions(-)

diff --git a/build.sh b/build.sh
index 74c6d61..663b778 100755
--- a/build.sh
+++ b/build.sh
@@ -30,17 +30,17 @@ if [ $? -gt 0 ]; then
 fi
 echo ""
 
-while true; do
-    read -p "Do you wish to run upx against ${BIN_NAME}? (y/n) " yn
-    case $yn in
-    [Yy]*)
-        echo ""
-        run_upx
-        break
-        ;;
-    [Nn]*) break ;;
-    *) echo "Please answer yes or no." ;;
-    esac
-done
+#while true; do
+#    read -p "Do you wish to run upx against ${BIN_NAME}? (y/n) " yn
+#    case $yn in
+#    [Yy]*)
+#        echo ""
+#        run_upx
+#        break
+#        ;;
+#    [Nn]*) break ;;
+#    *) echo "Please answer yes or no." ;;
+#    esac
+#done
 
 echo -e "\nthe binary was compiled and it is avilable as:\n - ${GOPATH}/bin/${BIN_NAME}\n"
diff --git a/main.go b/main.go
index 7d639a4..0b4a112 100644
--- a/main.go
+++ b/main.go
@@ -40,6 +40,8 @@ var (
 	tmpKeyDestination         string
 	certTmpDir                string
 	opensslBinary             string
+	key                       *x509.Certificate
+	cert                      *x509.Certificate
 )
 
 // app clean and exit
@@ -111,6 +113,7 @@ func checkCertificates(dnsname string, certificate string, fullchain string, ca
 			return false
 		}
 	}
+
 	cert, err := x509.ParseCertificate(block.Bytes)
 	if err != nil {
 		if fail == true {
@@ -163,7 +166,6 @@ func checkCertificates(dnsname string, certificate string, fullchain string, ca
 		}
 	}
 	return true
-
 }
 
 // check if priv key matches the publick key
@@ -202,6 +204,47 @@ func checkPrivkey(privkey string, pubcert string, opensslbinary string, fail boo
 	return true
 }
 
+// check if priv key matches the publick key
+/*
+func checkPrivkey(privkey string, pubkey string, fail bool) bool {
+	// extract data from public key
+	pubkeyByte, errpubkey := ioutil.ReadFile(pubkey)
+	if errpubkey != nil {
+		fmt.Printf("[ERR] reading private key %v: %v\n", pubkey, errpubkey)
+		appExit(255)
+	}
+	block, _ := pem.Decode(pubkeyByte)
+	cert, _ = x509.ParseCertificate(block.Bytes)
+	rsaPublicKey := cert.PublicKey.(*rsa.PublicKey)
+	rsaPublicKeyString := fmt.Sprintf(rsaPublicKey.N.String())
+
+	// extract data from private key
+	privkeyByte, errprivkey := ioutil.ReadFile(privkey)
+	if errprivkey != nil {
+		fmt.Printf("[ERR] reading private key %v: %v\n", privkey, errprivkey)
+		appExit(255)
+	}
+	fmt.Printf("primo passaggio\n")
+
+	keyBlock, _ := pem.Decode(privkeyByte)
+	key, _ = x509.ParseCertificate(keyBlock.Bytes)
+	rsaPrivateKey := key.PublicKey.(*rsa.PrivateKey)
+	rsaPrivateKeyString := fmt.Sprintf(rsaPrivateKey.N.String())
+
+	fmt.Printf("primo passaggio")
+
+	if rsaPublicKeyString != rsaPrivateKeyString {
+		if fail == true {
+			fmt.Printf("[ERR] the private key %v does not match the the public key %v\n", privkey, pubkey)
+			appExit(255)
+		} else {
+			return false
+		}
+	}
+	return true
+}
+*/
+
 // get redis key
 func GetRedisKey(redisurl string, redistoken string) string {
 	client := &http.Client{}
@@ -427,6 +470,7 @@ Options:
 
 	// check if there is a certificate installed and it is valid
 	existingCert := checkCertificates(CertName, certificateDestination, fullchainDestination, caDestination, keyDestination, Days, false)
+	// existingKey := checkPrivkey(keyDestination, certificateDestination, false)
 	existingKey := checkPrivkey(keyDestination, certificateDestination, opensslBinary, false, silent)
 	if existingCert == true && existingKey == true {
 		fmt.Printf("[INFO] the certificate is still valid\n")
@@ -444,7 +488,8 @@ Options:
 	WriteToFile(privKey, tmpKeyDestination, 0640)
 
 	checkCertificates(CertName, tmpCertificateDestination, tmpFullchainDestination, tmpCaDestination, tmpKeyDestination, Days, true)
-	checkPrivkey(keyDestination, tmpCertificateDestination, opensslBinary, false, silent)
+	//checkPrivkey(tmpKeyDestination, tmpCertificateDestination, true)
+	checkPrivkey(tmpKeyDestination, tmpCertificateDestination, opensslBinary, true, silent)
 
 	// move certificates in place
 	moveFile(tmpCertificateDestination, certificateDestination, GroupID, 0644, 0755)
-- 
GitLab