修复证书格式

2023-09-12 21:37:40 +08:00 · 2023-09-12 21:37:40 +08:00 · ffc9370ca4
commit ffc9370ca4
parent 50234d7070
4 changed files with 32 additions and 22 deletions
--- a/server/provide.go
+++ b/server/provide.go
@ -89,7 +89,7 @@ func ProvidePriKey(c config.Config) (*rsa.PrivateKey, error) {
 }
 func ProvidePubKey(pri *rsa.PrivateKey) (yggdrasil.PubRsaKey, error) {
-	s, err := sign.NewAuthlibSignWithKey(pri).GetPubKey()
+	s, err := sign.NewAuthlibSignWithKey(pri).GetPKIXPubKeyWithOutRsa()
 	if err != nil {
 		return "", fmt.Errorf("ProvidePubKey: %w", err)
 	}
--- a/service/yggdrasil/user.go
+++ b/service/yggdrasil/user.go
@ -279,7 +279,7 @@ func (y *Yggdrasil) PlayerCertificates(ctx context.Context, token string) (yggdr
 	s := sign.NewAuthlibSignWithKey(rsa2048)
 	priKey := lo.Must(s.GetPriKey())
-	pubKey := lo.Must(s.GetPubKey())
+	pubKey := lo.Must(s.GetPKIXPubKey())
 	expiresAt := time.Now().Add(24 * time.Hour)
 	expiresAtUnix := expiresAt.UnixMilli()
--- a/utils/sign/rsa.go
+++ b/utils/sign/rsa.go
@ -1,7 +1,6 @@
 package sign
 import (
 	"bytes"
 	"crypto"
 	"crypto/rsa"
 	"crypto/sha1"
@ -23,10 +22,14 @@ func NewAuthlibSign(prikey []byte) (*AuthlibSign, error) {
 	if b == nil {
 		return nil, fmt.Errorf("NewAuthlibSign: %w", ErrPem)
 	}
-	priv, err := x509.ParsePKCS1PrivateKey(b.Bytes)
+	p, err := x509.ParsePKCS8PrivateKey(b.Bytes)
 	if err != nil {
 		return nil, fmt.Errorf("NewAuthlibSign: %w", err)
 	}
 	priv, ok := p.(*rsa.PrivateKey)
 	if !ok {
 		return nil, fmt.Errorf("NewAuthlibSign: %w", ErrPem)
 	}
 	return &AuthlibSign{
 		key: priv,
 	}, nil
@ -42,32 +45,39 @@ func (a *AuthlibSign) GetKey() *rsa.PrivateKey {
 	return a.key
 }
-func (a *AuthlibSign) GetPubKey() (string, error) {
+func (a *AuthlibSign) getPKIXPubKey(typeStr string) (string, error) {
-	derBytes := x509.MarshalPKCS1PublicKey(&a.key.PublicKey)
+	derBytes, err := x509.MarshalPKIXPublicKey(&a.key.PublicKey)
 	if err != nil {
 		return "", fmt.Errorf("getPKIXPubKey: %w", err)
 	}
 	pemKey := &pem.Block{
-		Type:  "PUBLIC KEY",
+		Type:  typeStr,
 		Bytes: derBytes,
 	}
-	bw := &bytes.Buffer{}
+	return string(pem.EncodeToMemory(pemKey)), nil
 	err := pem.Encode(bw, pemKey)
 	if err != nil {
 		return "", fmt.Errorf("GetPubKey: %w", err)
 	}
 	return bw.String(), nil
 }
 // PKIX PUBLIC KEY
 func (a *AuthlibSign) GetPKIXPubKeyWithOutRsa() (string, error) {
 	return a.getPKIXPubKey("PUBLIC KEY")
 }
 // PKIX RSA PUBLIC KEY
 func (a *AuthlibSign) GetPKIXPubKey() (string, error) {
 	return a.getPKIXPubKey("RSA PUBLIC KEY")
 }
 // PKCS #8
 func (a *AuthlibSign) GetPriKey() (string, error) {
-	derBytes := x509.MarshalPKCS1PrivateKey(a.key)
+	derBytes, err := x509.MarshalPKCS8PrivateKey(a.key)
 	if err != nil {
 		return "", fmt.Errorf("GetPriKey: %w", err)
 	}
 	pemKey := &pem.Block{
-		Type:  "PRIVATE KEY",
+		Type:  "RSA PRIVATE KEY",
 		Bytes: derBytes,
 	}
-	bw := &bytes.Buffer{}
+	return string(pem.EncodeToMemory(pemKey)), nil
 	err := pem.Encode(bw, pemKey)
 	if err != nil {
 		return "", fmt.Errorf("GetPubKey: %w", err)
 	}
 	return bw.String(), nil
 }
 func (a *AuthlibSign) Sign(data []byte) (string, error) {
--- a/utils/sign/rsa_test.go
+++ b/utils/sign/rsa_test.go
@ -24,7 +24,7 @@ func TestAuthlibSign(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	pub, err := as.GetPubKey()
+	pub, err := as.GetPKIXPubKey()
 	if err != nil {
 		t.Fatal(err)
 	}