Merge #128: Use splicesign and standard x509

d28a01dcd5 Use pointer receiver on DehydratedCertificate methods (Jeremy Rand) 647f05f049 Update Travis IRC notifications (Jeremy Rand) eef31fbdc4 Use splicesign and standard x509 (Jeremy Rand) Pull request description: Thanks to Filippo Valsorda for the tip. Top commit has no ACKs. Tree-SHA512: ab62206c62315610efdbd09af3dbe01599561d692043af6cbec528bf64c1cd3c84e9285d88d87517f3e01a49224003cd7092517b95f20fdea32d4c802e9459f2
3 years ago · c947efb679
parent 6036c58ff9 d28a01dcd5
commit c947efb679
8 changed files with 24 additions and 48 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -9,8 +9,9 @@ go:

 notifications:
  irc:
+    if: repo = namecoin/ncdns
    channels:
-      - "chat.freenode.net#namecoin-dev"
+      - "irc.oftc.net#namecoin-dev"
    on_success: never

 addons:
@ -27,13 +28,6 @@ install:
  - if [[ "${NO_NAMECOIN_TLS}" = 1 ]]; then TAGS="no_namecoin_tls"; fi
  - if [[ "${NO_NAMECOIN_TLS}" = 0 ]]; then TAGS=""; fi
  - go get -tags "$TAGS" -d -v -t ./...
-  - X509_BRANCH=master
-  - if [[ "$(go version)" =~ go1.[5678] ]]; then X509_BRANCH=go1.6; fi
-  - if [[ "$(go version)" =~ go1.9 ]]; then X509_BRANCH=go1.9; fi
-  - if [[ "$(go version)" =~ go1.10 ]]; then X509_BRANCH=go1.10; fi
-  - if [[ "$(go version)" =~ go1.11 ]]; then X509_BRANCH=go1.11; fi
-  - if [[ "$(go version)" =~ go1.12 ]]; then X509_BRANCH=go1.12; fi
-  - pushd $(go env GOPATH)/src/github.com/namecoin/x509-signature-splice; git checkout $X509_BRANCH; popd
  - GOXSYS_BRANCH=master
  # goxsys bug for Go 1.11 and earlier: https://github.com/golang/go/issues/34742
  - if [[ "$(go version)" =~ go1.[56789] ]]; then GOXSYS_BRANCH=release-branch.go1.13; fi
@ -44,7 +38,6 @@ install:
  - if [[ "$(go version)" =~ go1.[56789] ]]; then GOXNET_BRANCH=release-branch.go1.12; fi
  - if [[ "$(go version)" =~ go1.1[01] ]]; then GOXNET_BRANCH=release-branch.go1.12; fi
  - pushd $(go env GOPATH)/src/golang.org/x/net; git checkout $GOXNET_BRANCH; popd
-  - go generate -v github.com/namecoin/x509-signature-splice/...
  - go get -tags "$TAGS" -v -t ./...
  - env GOOS=windows GOARCH=amd64 go get -tags "$TAGS" -d -v -t ./...
 script:
--- a/README.md
+++ b/README.md
@ -90,35 +90,15 @@ Prerequisites:
   installed. (Most distributions will have a package called `libcap-dev` or
   similar.)

-Option A: Using Go build commands (works on any platform with Bash):
+Option A: Using Go build commands (works on any platform):

 1. Ensure you have the GOPATH environment variable set. (For those not
   familar with Go, setting it to the path to an empty directory will suffice.
   The directory will be filled with build files.)

-2. Run `go get -d -t -u github.com/namecoin/ncdns/...`. The ncdns source code will be
-   retrieved automatically.
-
-3. Run `pushd $(go env GOPATH)/src/github.com/namecoin/x509-signature-splice`.
-
-4. Depending on your Go version (run `go version` to check), run one of the following:
-   
-   | **Go version**   | **Run this**          |
-   -------------------|-----------------------|
-   | 1.8.x or earlier | `git checkout go1.6`  |
-   | 1.9.x            | `git checkout go1.9`  |
-   | 1.10.x           | `git checkout go1.10` |
-   | 1.11.x           | `git checkout go1.11` |
-   | 1.12.x           | `git checkout go1.12` |
-   | 1.13.x or later  | `git checkout master` |
-   
-
-5. Run `popd`.
-
-6. Run `go generate github.com/namecoin/x509-signature-splice/...`.  Some source code will be generated.
-
-7. Run `go get -t github.com/namecoin/ncdns/...`.  ncdns will be built. The binaries will be at
-   $GOPATH/bin/ncdns.
+2. Run `go get -t -u github.com/namecoin/ncdns/...`. The ncdns source code will be
+   retrieved automatically, and ncdns will be built. The binaries will be at
+   $GOPATH/bin/ncdns..

 Option B: Using Makefile (non-Windows platforms):

--- a/certdehydrate/certdehydrate.go
+++ b/certdehydrate/certdehydrate.go
@ -2,7 +2,9 @@ package certdehydrate

 import (
 	"bytes"
+	"crypto/rand"
 	"crypto/sha256"
+	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/base64"
 	"encoding/binary"
@ -10,9 +12,9 @@ import (
 	"fmt"
 	"math/big"
 	"time"
-)

-import "github.com/namecoin/x509-signature-splice/x509"
+	"github.com/namecoin/splicesign"
+)

 // A DehydratedCertificate represents the (nearly) minimal set of data required
 // to deterministically construct a valid x509 certificate when combined with a
@ -29,7 +31,7 @@ type DehydratedCertificate struct {

 // SerialNumber calculates the certificate serial number according to the
 // Dehydrated TLS Certificates specification.
-func (dehydrated DehydratedCertificate) SerialNumber(name string) ([]byte, error) {
+func (dehydrated *DehydratedCertificate) SerialNumber(name string) ([]byte, error) {

 	nameHash := sha256.Sum256([]byte(name))

@ -75,7 +77,7 @@ func (dehydrated DehydratedCertificate) SerialNumber(name string) ([]byte, error
 	return serialHash.Sum(nil)[0:19], nil
 }

-func (dehydrated DehydratedCertificate) String() string {
+func (dehydrated *DehydratedCertificate) String() string {
 	output := []interface{}{1, dehydrated.PubkeyB64, dehydrated.NotBeforeScaled, dehydrated.NotAfterScaled, dehydrated.SignatureAlgorithm, dehydrated.SignatureB64}
 	binOutput, _ := json.Marshal(output)
 	return string(binOutput)
@ -252,7 +254,13 @@ func FillRehydratedCertTemplate(template x509.Certificate, name string) ([]byte,
 	}
 	template.SerialNumber.SetBytes(serialNumberBytes)

-	derBytes, err := x509.CreateCertificateWithSplicedSignature(&template, &template)
+	pub := template.PublicKey
+	priv := &splicesign.SpliceSigner{
+		PublicKey: pub,
+		Signature: template.Signature,
+	}
+
+	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, pub, priv)
 	if err != nil {
 		return nil, fmt.Errorf("Error splicing signature: %s", err)
 	}
--- a/certdehydrate/certdehydrate_test.go
+++ b/certdehydrate/certdehydrate_test.go
@ -1,12 +1,12 @@
 package certdehydrate_test

 import (
+	"crypto/x509"
 	"encoding/json"
 	"reflect"
 	"testing"

 	"github.com/namecoin/ncdns/certdehydrate"
-	"github.com/namecoin/x509-signature-splice/x509"
 )

 func TestDehydratedCertIdentityOperation(t *testing.T) {
--- a/generate_nmc_cert/falsehost.go
+++ b/generate_nmc_cert/falsehost.go
@ -23,7 +23,7 @@ import (
 	"crypto/elliptic"
 	"crypto/rand"
 	//"crypto/rsa"
-	//"crypto/x509"
+	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/pem"
 	//"flag"
@ -34,8 +34,6 @@ import (
 	"os"
 	//"strings"
 	"time"
-
-	"github.com/namecoin/x509-signature-splice/x509"
 )

 //var (
--- a/generate_nmc_cert/main.go
+++ b/generate_nmc_cert/main.go
@ -24,7 +24,7 @@ import (
 	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/rsa"
-	//"crypto/x509"
+	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/base64"
 	"encoding/pem"
@ -38,7 +38,6 @@ import (
 	"time"

 	"github.com/namecoin/ncdns/certdehydrate"
-	"github.com/namecoin/x509-signature-splice/x509"
 )

 var (
--- a/generate_nmc_cert/parent.go
+++ b/generate_nmc_cert/parent.go
@ -23,7 +23,7 @@ import (
 	"crypto/elliptic"
 	"crypto/rand"
 	//"crypto/rsa"
-	//"crypto/x509"
+	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/base64"
 	"encoding/pem"
@ -36,8 +36,6 @@ import (
 	"os"
 	//"strings"
 	"time"
-
-	"github.com/namecoin/x509-signature-splice/x509"
 )

 //var (
--- a/ncdomain/convert_tls.go
+++ b/ncdomain/convert_tls.go
@ -3,6 +3,7 @@
 package ncdomain

 import (
+	"crypto/x509"
 	"encoding/base64"
 	"encoding/hex"
 	"fmt"
@ -12,7 +13,6 @@ import (

 	"github.com/namecoin/ncdns/certdehydrate"
 	"github.com/namecoin/ncdns/util"
-	"github.com/namecoin/x509-signature-splice/x509"
 )

 type Value struct {