Use splicesign and standard x509

Thanks to Filippo Valsorda for the tip.
3 years ago · eef31fbdc4
parent 6036c58ff9
commit eef31fbdc4
8 changed files with 20 additions and 45 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -27,13 +27,6 @@ install:
  - if [[ "${NO_NAMECOIN_TLS}" = 1 ]]; then TAGS="no_namecoin_tls"; fi
  - if [[ "${NO_NAMECOIN_TLS}" = 0 ]]; then TAGS=""; fi
  - go get -tags "$TAGS" -d -v -t ./...
-  - X509_BRANCH=master
-  - if [[ "$(go version)" =~ go1.[5678] ]]; then X509_BRANCH=go1.6; fi
-  - if [[ "$(go version)" =~ go1.9 ]]; then X509_BRANCH=go1.9; fi
-  - if [[ "$(go version)" =~ go1.10 ]]; then X509_BRANCH=go1.10; fi
-  - if [[ "$(go version)" =~ go1.11 ]]; then X509_BRANCH=go1.11; fi
-  - if [[ "$(go version)" =~ go1.12 ]]; then X509_BRANCH=go1.12; fi
-  - pushd $(go env GOPATH)/src/github.com/namecoin/x509-signature-splice; git checkout $X509_BRANCH; popd
  - GOXSYS_BRANCH=master
  # goxsys bug for Go 1.11 and earlier: https://github.com/golang/go/issues/34742
  - if [[ "$(go version)" =~ go1.[56789] ]]; then GOXSYS_BRANCH=release-branch.go1.13; fi
@ -44,7 +37,6 @@ install:
  - if [[ "$(go version)" =~ go1.[56789] ]]; then GOXNET_BRANCH=release-branch.go1.12; fi
  - if [[ "$(go version)" =~ go1.1[01] ]]; then GOXNET_BRANCH=release-branch.go1.12; fi
  - pushd $(go env GOPATH)/src/golang.org/x/net; git checkout $GOXNET_BRANCH; popd
-  - go generate -v github.com/namecoin/x509-signature-splice/...
  - go get -tags "$TAGS" -v -t ./...
  - env GOOS=windows GOARCH=amd64 go get -tags "$TAGS" -d -v -t ./...
 script:
--- a/README.md
+++ b/README.md
@ -90,35 +90,15 @@ Prerequisites:
   installed. (Most distributions will have a package called `libcap-dev` or
   similar.)

-Option A: Using Go build commands (works on any platform with Bash):
+Option A: Using Go build commands (works on any platform):

 1. Ensure you have the GOPATH environment variable set. (For those not
   familar with Go, setting it to the path to an empty directory will suffice.
   The directory will be filled with build files.)

-2. Run `go get -d -t -u github.com/namecoin/ncdns/...`. The ncdns source code will be
-   retrieved automatically.
-
-3. Run `pushd $(go env GOPATH)/src/github.com/namecoin/x509-signature-splice`.
-
-4. Depending on your Go version (run `go version` to check), run one of the following:
-   
-   | **Go version**   | **Run this**          |
-   -------------------|-----------------------|
-   | 1.8.x or earlier | `git checkout go1.6`  |
-   | 1.9.x            | `git checkout go1.9`  |
-   | 1.10.x           | `git checkout go1.10` |
-   | 1.11.x           | `git checkout go1.11` |
-   | 1.12.x           | `git checkout go1.12` |
-   | 1.13.x or later  | `git checkout master` |
-   
-
-5. Run `popd`.
-
-6. Run `go generate github.com/namecoin/x509-signature-splice/...`.  Some source code will be generated.
-
-7. Run `go get -t github.com/namecoin/ncdns/...`.  ncdns will be built. The binaries will be at
-   $GOPATH/bin/ncdns.
+2. Run `go get -t -u github.com/namecoin/ncdns/...`. The ncdns source code will be
+   retrieved automatically, and ncdns will be built. The binaries will be at
+   $GOPATH/bin/ncdns..

 Option B: Using Makefile (non-Windows platforms):

--- a/certdehydrate/certdehydrate.go
+++ b/certdehydrate/certdehydrate.go
@ -2,7 +2,9 @@ package certdehydrate

 import (
 	"bytes"
+	"crypto/rand"
 	"crypto/sha256"
+	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/base64"
 	"encoding/binary"
@ -10,9 +12,9 @@ import (
 	"fmt"
 	"math/big"
 	"time"
-)

-import "github.com/namecoin/x509-signature-splice/x509"
+	"github.com/namecoin/splicesign"
+)

 // A DehydratedCertificate represents the (nearly) minimal set of data required
 // to deterministically construct a valid x509 certificate when combined with a
@ -252,7 +254,13 @@ func FillRehydratedCertTemplate(template x509.Certificate, name string) ([]byte,
 	}
 	template.SerialNumber.SetBytes(serialNumberBytes)

-	derBytes, err := x509.CreateCertificateWithSplicedSignature(&template, &template)
+	pub := template.PublicKey
+	priv := &splicesign.SpliceSigner{
+		PublicKey: pub,
+		Signature: template.Signature,
+	}
+
+	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, pub, priv)
 	if err != nil {
 		return nil, fmt.Errorf("Error splicing signature: %s", err)
 	}
--- a/certdehydrate/certdehydrate_test.go
+++ b/certdehydrate/certdehydrate_test.go
@ -1,12 +1,12 @@
 package certdehydrate_test

 import (
+	"crypto/x509"
 	"encoding/json"
 	"reflect"
 	"testing"

 	"github.com/namecoin/ncdns/certdehydrate"
-	"github.com/namecoin/x509-signature-splice/x509"
 )

 func TestDehydratedCertIdentityOperation(t *testing.T) {
--- a/generate_nmc_cert/falsehost.go
+++ b/generate_nmc_cert/falsehost.go
@ -23,7 +23,7 @@ import (
 	"crypto/elliptic"
 	"crypto/rand"
 	//"crypto/rsa"
-	//"crypto/x509"
+	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/pem"
 	//"flag"
@ -34,8 +34,6 @@ import (
 	"os"
 	//"strings"
 	"time"
-
-	"github.com/namecoin/x509-signature-splice/x509"
 )

 //var (
--- a/generate_nmc_cert/main.go
+++ b/generate_nmc_cert/main.go
@ -24,7 +24,7 @@ import (
 	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/rsa"
-	//"crypto/x509"
+	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/base64"
 	"encoding/pem"
@ -38,7 +38,6 @@ import (
 	"time"

 	"github.com/namecoin/ncdns/certdehydrate"
-	"github.com/namecoin/x509-signature-splice/x509"
 )

 var (
--- a/generate_nmc_cert/parent.go
+++ b/generate_nmc_cert/parent.go
@ -23,7 +23,7 @@ import (
 	"crypto/elliptic"
 	"crypto/rand"
 	//"crypto/rsa"
-	//"crypto/x509"
+	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/base64"
 	"encoding/pem"
@ -36,8 +36,6 @@ import (
 	"os"
 	//"strings"
 	"time"
-
-	"github.com/namecoin/x509-signature-splice/x509"
 )

 //var (
--- a/ncdomain/convert_tls.go
+++ b/ncdomain/convert_tls.go
@ -3,6 +3,7 @@
 package ncdomain

 import (
+	"crypto/x509"
 	"encoding/base64"
 	"encoding/hex"
 	"fmt"
@ -12,7 +13,6 @@ import (

 	"github.com/namecoin/ncdns/certdehydrate"
 	"github.com/namecoin/ncdns/util"
-	"github.com/namecoin/x509-signature-splice/x509"
 )

 type Value struct {