rollback attempt to use crypt library

7b5216d2 · Max Adamo · 8bab8ad5 · 7b5216d2 · 7b5216d2
Unverified Commit 7b5216d2 authored 4 years ago by Max Adamo
--- a/build.sh
+++ b/build.sh
@@ -30,17 +30,17 @@ if [ $? -gt 0 ]; then
 fi
 echo ""
-while true; do
+#while true; do
-    read -p "Do you wish to run upx against ${BIN_NAME}? (y/n) " yn
+#    read -p "Do you wish to run upx against ${BIN_NAME}? (y/n) " yn
-    case $yn in
+#    case $yn in
-    [Yy]*)
+#    [Yy]*)
-        echo ""
+#        echo ""
-        run_upx
+#        run_upx
-        break
+#        break
-        ;;
+#        ;;
-    [Nn]*) break ;;
+#    [Nn]*) break ;;
-    *) echo "Please answer yes or no." ;;
+#    *) echo "Please answer yes or no." ;;
-    esac
+#    esac
-done
+#done
 echo -e "\nthe binary was compiled and it is avilable as:\n - ${GOPATH}/bin/${BIN_NAME}\n"
--- a/main.go
+++ b/main.go
@@ -40,6 +40,8 @@ var (
 	tmpKeyDestination         string
 	certTmpDir                string
 	opensslBinary             string
+	key                       *x509.Certificate
+	cert                      *x509.Certificate
 )
 // app clean and exit
@@ -111,6 +113,7 @@ func checkCertificates(dnsname string, certificate string, fullchain string, ca
 			return false
 		}
 	}
 	cert, err := x509.ParseCertificate(block.Bytes)
 	if err != nil {
 		if fail == true {
@@ -163,7 +166,6 @@ func checkCertificates(dnsname string, certificate string, fullchain string, ca
 		}
 	}
 	return true
 }
 // check if priv key matches the publick key
@@ -202,6 +204,47 @@ func checkPrivkey(privkey string, pubcert string, opensslbinary string, fail boo
 	return true
 }
+// check if priv key matches the publick key
+/*
+func checkPrivkey(privkey string, pubkey string, fail bool) bool {
+	// extract data from public key
+	pubkeyByte, errpubkey := ioutil.ReadFile(pubkey)
+	if errpubkey != nil {
+		fmt.Printf("[ERR] reading private key %v: %v\n", pubkey, errpubkey)
+		appExit(255)
+	}
+	block, _ := pem.Decode(pubkeyByte)
+	cert, _ = x509.ParseCertificate(block.Bytes)
+	rsaPublicKey := cert.PublicKey.(*rsa.PublicKey)
+	rsaPublicKeyString := fmt.Sprintf(rsaPublicKey.N.String())
+	// extract data from private key
+	privkeyByte, errprivkey := ioutil.ReadFile(privkey)
+	if errprivkey != nil {
+		fmt.Printf("[ERR] reading private key %v: %v\n", privkey, errprivkey)
+		appExit(255)
+	}
+	fmt.Printf("primo passaggio\n")
+	keyBlock, _ := pem.Decode(privkeyByte)
+	key, _ = x509.ParseCertificate(keyBlock.Bytes)
+	rsaPrivateKey := key.PublicKey.(*rsa.PrivateKey)
+	rsaPrivateKeyString := fmt.Sprintf(rsaPrivateKey.N.String())
+	fmt.Printf("primo passaggio")
+	if rsaPublicKeyString != rsaPrivateKeyString {
+		if fail == true {
+			fmt.Printf("[ERR] the private key %v does not match the the public key %v\n", privkey, pubkey)
+			appExit(255)
+		} else {
+			return false
+		}
+	}
+	return true
+}
+*/
 // get redis key
 func GetRedisKey(redisurl string, redistoken string) string {
 	client := &http.Client{}
@@ -427,6 +470,7 @@ Options:
 	// check if there is a certificate installed and it is valid
 	existingCert := checkCertificates(CertName, certificateDestination, fullchainDestination, caDestination, keyDestination, Days, false)
+	// existingKey := checkPrivkey(keyDestination, certificateDestination, false)
 	existingKey := checkPrivkey(keyDestination, certificateDestination, opensslBinary, false, silent)
 	if existingCert == true && existingKey == true {
 		fmt.Printf("[INFO] the certificate is still valid\n")
@@ -444,7 +488,8 @@ Options:
 	WriteToFile(privKey, tmpKeyDestination, 0640)
 	checkCertificates(CertName, tmpCertificateDestination, tmpFullchainDestination, tmpCaDestination, tmpKeyDestination, Days, true)
-	checkPrivkey(keyDestination, tmpCertificateDestination, opensslBinary, false, silent)
+	//checkPrivkey(tmpKeyDestination, tmpCertificateDestination, true)
+	checkPrivkey(tmpKeyDestination, tmpCertificateDestination, opensslBinary, true, silent)
 	// move certificates in place
 	moveFile(tmpCertificateDestination, certificateDestination, GroupID, 0644, 0755)