Dev007

.golangci.yml

@@ -60,7 +60,7 @@ linters:
     - gocyclo
     - ineffassign
     - unparam
-    - unused
+#    - unused
     - prealloc
     - durationcheck
     - staticcheck

.lic.yaml

@@ -1,4 +1,4 @@
-author: Mikhail Knyazhev <markus621@yandex.ru>
+author: Mikhail Knyazhev <markus621@yandex.com>
 lic_short: "BSD 3-Clause"
 lic_file: LICENSE
 ignore_files:

LICENSE

@@ -1,6 +1,6 @@
 BSD 3-Clause License
 
-Copyright (c) 2024-2025, Mikhail Knyazhev <markus621@yandex.ru>
+Copyright (c) 2024-2026, Mikhail Knyazhev <markus621@yandex.com>
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:

Makefile

@@ -3,7 +3,7 @@ SHELL=/bin/bash
 
 .PHONY: install
 install:
-	go install go.osspkg.com/goppy/v2/cmd/goppy@latest
+	go install go.osspkg.com/goppy/v3/cmd/goppy@latest
 	goppy setup-lib
 
 .PHONY: lint

aesgcm/aesgcm.go

@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2024-2025 Mikhail Knyazhev <markus621@yandex.ru>. All rights reserved.
+ *  Copyright (c) 2024-2026 Mikhail Knyazhev <markus621@yandex.com>. All rights reserved.
  *  Use of this source code is governed by a BSD 3-Clause license that can be found in the LICENSE file.
  */
 

go.mod

@@ -5,10 +5,10 @@ go 1.25.0
 require (
 	go.osspkg.com/casecheck v0.3.0
 	go.osspkg.com/errors v0.4.0
-	go.osspkg.com/ioutils v0.7.3
+	go.osspkg.com/ioutils v0.7.4
 	go.osspkg.com/random v0.5.0
 	go.osspkg.com/syncing v0.4.3
-	golang.org/x/crypto v0.46.0
+	golang.org/x/crypto v0.51.0
 )
 
-require golang.org/x/sys v0.39.0 // indirect
+require golang.org/x/sys v0.44.0 // indirect

go.sum

@@ -2,13 +2,13 @@ go.osspkg.com/casecheck v0.3.0 h1:x15blEszElbrHrEH5H02JIIhGIg/lGZzIt1kQlD3pwM=
 go.osspkg.com/casecheck v0.3.0/go.mod h1:TRFXDMFJEOtnlp3ET2Hix3osbxwPWhvaiT/HfD3+gBA=
 go.osspkg.com/errors v0.4.0 h1:E17+WyUzTXEHCTxGm8lOMPOOojzHG1lsOuQtTVGoATQ=
 go.osspkg.com/errors v0.4.0/go.mod h1:s75ZovPemYtrCtRPVsbQNq9MgMbmLMK1NEypr+uwjXI=
-go.osspkg.com/ioutils v0.7.3 h1:QF+Ra0bHoU3MGMGH5PGdV2lRLq1rWPdv/OB+v5UTjkI=
-go.osspkg.com/ioutils v0.7.3/go.mod h1:RO/43IM//Wq8RnLvEzivDAuM37mnLW3eWxTCVmkUaY4=
+go.osspkg.com/ioutils v0.7.4 h1:Z8Y4jYYmLGWcvHZMLjbai+s48GmHxjMuepsxZcjF5X4=
+go.osspkg.com/ioutils v0.7.4/go.mod h1:pPIsTL1w1+ESrGTeHDCd6cKsujeWvschxGGP5FqrAqc=
 go.osspkg.com/random v0.5.0 h1:6x2CQ5Vb6PVyuGi6Ao3K6Pr2fzVviBPCEEJC5HQNSmg=
 go.osspkg.com/random v0.5.0/go.mod h1:lsg3FI87PQdjhVWIVo2GXyPBclipljUxjMlWqRl2cck=
 go.osspkg.com/syncing v0.4.3 h1:XioXG9zje1LNCsfQhNHkNPCQqPSJZHWTzM8Xig2zvAU=
 go.osspkg.com/syncing v0.4.3/go.mod h1:/LBmgCAHFW6nQgVDILpEuo6eRCFK1yyFeNbDs4eVNls=
-golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
-golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
-golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
-golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/crypto v0.51.0 h1:IBPXwPfKxY7cWQZ38ZCIRPI50YLeevDLlLnyC5wRGTI=
+golang.org/x/crypto v0.51.0/go.mod h1:8AdwkbraGNABw2kOX6YFPs3WM22XqI4EXEd8g+x7Oc8=
+golang.org/x/sys v0.44.0 h1:ildZl3J4uzeKP07r2F++Op7E9B29JRUy+a27EibtBTQ=
+golang.org/x/sys v0.44.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=

hash/hash.go

@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2024-2025 Mikhail Knyazhev <markus621@yandex.ru>. All rights reserved.
+ *  Copyright (c) 2024-2026 Mikhail Knyazhev <markus621@yandex.com>. All rights reserved.
  *  Use of this source code is governed by a BSD 3-Clause license that can be found in the LICENSE file.
  */
 

pgp/pgp.go

@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2024-2025 Mikhail Knyazhev <markus621@yandex.ru>. All rights reserved.
+ *  Copyright (c) 2024-2026 Mikhail Knyazhev <markus621@yandex.com>. All rights reserved.
  *  Use of this source code is governed by a BSD 3-Clause license that can be found in the LICENSE file.
  */
 

pki/alg_ecdsa.go

@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2024-2025 Mikhail Knyazhev <markus621@yandex.ru>. All rights reserved.
+ *  Copyright (c) 2024-2026 Mikhail Knyazhev <markus621@yandex.com>. All rights reserved.
  *  Use of this source code is governed by a BSD 3-Clause license that can be found in the LICENSE file.
  */
 

pki/alg_rsa.go

@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2024-2025 Mikhail Knyazhev <markus621@yandex.ru>. All rights reserved.
+ *  Copyright (c) 2024-2026 Mikhail Knyazhev <markus621@yandex.com>. All rights reserved.
  *  Use of this source code is governed by a BSD 3-Clause license that can be found in the LICENSE file.
  */
 

pki/alg_type.go

@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2024-2025 Mikhail Knyazhev <markus621@yandex.ru>. All rights reserved.
+ *  Copyright (c) 2024-2026 Mikhail Knyazhev <markus621@yandex.com>. All rights reserved.
  *  Use of this source code is governed by a BSD 3-Clause license that can be found in the LICENSE file.
  */
 

pki/common.go

@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2024-2025 Mikhail Knyazhev <markus621@yandex.ru>. All rights reserved.
+ *  Copyright (c) 2024-2026 Mikhail Knyazhev <markus621@yandex.com>. All rights reserved.
  *  Use of this source code is governed by a BSD 3-Clause license that can be found in the LICENSE file.
  */
 
@@ -28,18 +28,18 @@ type policyInformation struct {
 }
 
 func marshalPolicyCPSUrl(urls ...string) []byte {
-	info := policyInformation{
+	cpsInfo := policyInformation{
 		PolicyIdentifier: asn1.ObjectIdentifier{2, 23, 140, 1, 2, 1},
 		PolicyQualifiers: make([]policyQualifierInfo, 0, len(urls)),
 	}
 
 	for _, url := range urls {
-		info.PolicyQualifiers = append(info.PolicyQualifiers, policyQualifierInfo{
+		cpsInfo.PolicyQualifiers = append(cpsInfo.PolicyQualifiers, policyQualifierInfo{
 			PolicyQualifierID: asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 1},
 			Qualifier:         url,
 		})
 	}
 
-	bytes, _ := asn1.Marshal([]policyInformation{info})
+	bytes, _ := asn1.Marshal([]policyInformation{cpsInfo})
 	return bytes
 }

pki/config.go

@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2024-2025 Mikhail Knyazhev <markus621@yandex.ru>. All rights reserved.
+ *  Copyright (c) 2024-2026 Mikhail Knyazhev <markus621@yandex.com>. All rights reserved.
  *  Use of this source code is governed by a BSD 3-Clause license that can be found in the LICENSE file.
  */
 
@@ -63,18 +63,11 @@ func (v Config) Subject() pkix.Name {
 func (v Config) extraExtensions() []pkix.Extension {
 	var result []pkix.Extension
 
-	if len(v.CertificatePoliciesURLs) > 0 {
-		result = append(result, pkix.Extension{
-			Id:       asn1.ObjectIdentifier{2, 5, 29, 32},
-			Critical: false,
-			Value:    marshalPolicyCPSUrl(stringsPrepare(v.CertificatePoliciesURLs)...),
-		})
-	} else {
-		result = append(result, pkix.Extension{
-			Id:       asn1.ObjectIdentifier{2, 5, 29, 32, 0},
-			Critical: false,
-		})
-	}
+	result = append(result, pkix.Extension{
+		Id:       asn1.ObjectIdentifier{2, 5, 29, 32},
+		Critical: false,
+		Value:    marshalPolicyCPSUrl(stringsPrepare(v.CertificatePoliciesURLs)...),
+	})
 
 	return result
 }

pki/encoders.go

@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2024-2025 Mikhail Knyazhev <markus621@yandex.ru>. All rights reserved.
+ *  Copyright (c) 2024-2026 Mikhail Knyazhev <markus621@yandex.com>. All rights reserved.
  *  Use of this source code is governed by a BSD 3-Clause license that can be found in the LICENSE file.
  */
 

pki/generate_ca.go

@@ -1,13 +1,12 @@
 /*
- *  Copyright (c) 2024-2025 Mikhail Knyazhev <markus621@yandex.ru>. All rights reserved.
+ *  Copyright (c) 2024-2026 Mikhail Knyazhev <markus621@yandex.com>. All rights reserved.
  *  Use of this source code is governed by a BSD 3-Clause license that can be found in the LICENSE file.
  */
 
 package pki
 
 import (
 	"crypto/rand"
-	"crypto/sha256"
 	"crypto/x509"
 	"fmt"
 	"math/big"
@@ -31,13 +30,13 @@ func NewCA(
 		Subject:               conf.Subject(),
 		NotBefore:             currTime,
 		NotAfter:              currTime.Add(deadline),
-		KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign | x509.KeyUsageCRLSign,
+		KeyUsage:              x509.KeyUsageCertSign | x509.KeyUsageCRLSign,
 		OCSPServer:            stringsPrepare(conf.OCSPServerURLs),
 		IssuingCertificateURL: stringsPrepare(conf.IssuingCertificateURLs),
 		CRLDistributionPoints: stringsPrepare(conf.CRLDistributionPointURLs),
-		ExtraExtensions:       conf.extraExtensions(),
-		MaxPathLen:            intermediateCount,
-		MaxPathLenZero:        intermediateCount <= 0,
+		//ExtraExtensions:       conf.extraExtensions(),
+		MaxPathLen:     intermediateCount,
+		MaxPathLenZero: intermediateCount <= 0,
 	}
 
 	algName, ok := signatures.Get(template.SignatureAlgorithm)
@@ -55,14 +54,6 @@ func NewCA(
 		return nil, fmt.Errorf("failed generating private key: %w", err)
 	}
 
-	publicKeyBytes, err := x509.MarshalPKIXPublicKey(key.Public())
-	if err != nil {
-		return nil, fmt.Errorf("failed marshaling public key: %w", err)
-	}
-	publicKeyHash := sha256.Sum256(publicKeyBytes)
-	template.SubjectKeyId = publicKeyHash[:20]
-	template.AuthorityKeyId = publicKeyHash[:20]
-
 	b, err := x509.CreateCertificate(rand.Reader, template, template, key.Public(), key)
 	if err != nil {
 		return nil, fmt.Errorf("failed generating certificate: %w", err)

pki/generate_ca_inter.go

@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2024-2025 Mikhail Knyazhev <markus621@yandex.ru>. All rights reserved.
+ *  Copyright (c) 2024-2026 Mikhail Knyazhev <markus621@yandex.com>. All rights reserved.
  *  Use of this source code is governed by a BSD 3-Clause license that can be found in the LICENSE file.
  */
 
@@ -32,6 +32,7 @@ func NewIntermediateCA(
 		BasicConstraintsValid: true,
 		SignatureAlgorithm:    confSigAlg,
 		SerialNumber:          big.NewInt(serialNumber),
+		AuthorityKeyId:        rootCA.Crt.SubjectKeyId,
 		Subject:               conf.Subject(),
 		NotBefore:             currTime,
 		NotAfter:              currTime.Add(deadline),
@@ -40,9 +41,9 @@ func NewIntermediateCA(
 		OCSPServer:            stringsPrepare(conf.OCSPServerURLs),
 		IssuingCertificateURL: stringsPrepare(conf.IssuingCertificateURLs),
 		CRLDistributionPoints: stringsPrepare(conf.CRLDistributionPointURLs),
-		ExtraExtensions:       conf.extraExtensions(),
-		MaxPathLenZero:        level <= 0,
-		MaxPathLen:            level,
+		//ExtraExtensions:       conf.extraExtensions(),
+		MaxPathLen:     level,
+		MaxPathLenZero: level <= 0,
 	}
 
 	if !rootCA.IsValidPair() {

pki/generate_crl.go

@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2024-2025 Mikhail Knyazhev <markus621@yandex.ru>. All rights reserved.
+ *  Copyright (c) 2024-2026 Mikhail Knyazhev <markus621@yandex.com>. All rights reserved.
  *  Use of this source code is governed by a BSD 3-Clause license that can be found in the LICENSE file.
  */
 

pki/generate_crt.go

@@ -1,13 +1,12 @@
 /*
- *  Copyright (c) 2024-2025 Mikhail Knyazhev <markus621@yandex.ru>. All rights reserved.
+ *  Copyright (c) 2024-2026 Mikhail Knyazhev <markus621@yandex.com>. All rights reserved.
  *  Use of this source code is governed by a BSD 3-Clause license that can be found in the LICENSE file.
  */
 
 package pki
 
 import (
 	"crypto/rand"
-	"crypto/sha256"
 	"crypto/x509"
 	"fmt"
 	"math/big"
@@ -44,15 +43,16 @@ func NewCRT(
 		BasicConstraintsValid: true,
 		SignatureAlgorithm:    confSigAlg,
 		SerialNumber:          big.NewInt(serialNumber),
+		AuthorityKeyId:        rootCA.Crt.SubjectKeyId,
 		Subject:               conf.Subject(),
 		NotBefore:             currTime,
 		NotAfter:              currTime.Add(deadline),
-		KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
-		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		KeyUsage:              x509.KeyUsageDigitalSignature,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
 		OCSPServer:            stringsPrepare(conf.OCSPServerURLs),
 		IssuingCertificateURL: stringsPrepare(conf.IssuingCertificateURLs),
 		CRLDistributionPoints: stringsPrepare(conf.CRLDistributionPointURLs),
-		ExtraExtensions:       conf.extraExtensions(),
+		//ExtraExtensions:       conf.extraExtensions(),
 	}
 
 	if template.NotAfter.After(rootCA.Crt.NotAfter) {
@@ -86,12 +86,12 @@ func NewCRT(
 		return nil, fmt.Errorf("failed generating private key: %w", err)
 	}
 
-	publicKeyBytes, err := x509.MarshalPKIXPublicKey(key.Public())
-	if err != nil {
-		return nil, fmt.Errorf("failed marshaling public key: %w", err)
-	}
-	publicKeyHash := sha256.Sum256(publicKeyBytes)
-	template.SubjectKeyId = publicKeyHash[:20]
+	//publicKeyBytes, err := x509.MarshalPKIXPublicKey(key.Public())
+	//if err != nil {
+	//	return nil, fmt.Errorf("failed marshaling public key: %w", err)
+	//}
+	//publicKeyHash := sha256.Sum256(publicKeyBytes)
+	//template.SubjectKeyId = publicKeyHash[:20]
 
 	b, err := x509.CreateCertificate(rand.Reader, template, rootCA.Crt, key.Public(), rootCA.Key)
 	if err != nil {

pki/generate_csr.go

@@ -1,13 +1,12 @@
 /*
- *  Copyright (c) 2024-2025 Mikhail Knyazhev <markus621@yandex.ru>. All rights reserved.
+ *  Copyright (c) 2024-2026 Mikhail Knyazhev <markus621@yandex.com>. All rights reserved.
  *  Use of this source code is governed by a BSD 3-Clause license that can be found in the LICENSE file.
  */
 
 package pki
 
 import (
 	"crypto/rand"
-	"crypto/sha256"
 	"crypto/x509"
 	"fmt"
 	"math/big"
@@ -96,25 +95,26 @@ func SignCSR(
 		BasicConstraintsValid: true,
 		SignatureAlgorithm:    confSigAlg,
 		SerialNumber:          big.NewInt(serialNumber),
+		AuthorityKeyId:        rootCA.Crt.SubjectKeyId,
 		Subject:               csr.Subject,
 		NotBefore:             currTime,
 		NotAfter:              currTime.Add(deadline),
-		KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
-		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		KeyUsage:              x509.KeyUsageDigitalSignature,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
 		OCSPServer:            stringsPrepare(conf.OCSPServerURLs),
 		IssuingCertificateURL: stringsPrepare(conf.IssuingCertificateURLs),
 		CRLDistributionPoints: stringsPrepare(conf.CRLDistributionPointURLs),
-		ExtraExtensions:       conf.extraExtensions(),
-		DNSNames:              csr.DNSNames,
-		IPAddresses:           csr.IPAddresses,
+		//ExtraExtensions:       conf.extraExtensions(),
+		DNSNames:    csr.DNSNames,
+		IPAddresses: csr.IPAddresses,
 	}
 
-	publicKeyBytes, err := x509.MarshalPKIXPublicKey(csr.PublicKey)
-	if err != nil {
-		return nil, fmt.Errorf("failed marshaling public key: %w", err)
-	}
-	publicKeyHash := sha256.Sum256(publicKeyBytes)
-	template.SubjectKeyId = publicKeyHash[:20]
+	//publicKeyBytes, err := x509.MarshalPKIXPublicKey(csr.PublicKey)
+	//if err != nil {
+	//	return nil, fmt.Errorf("failed marshaling public key: %w", err)
+	//}
+	//publicKeyHash := sha256.Sum256(publicKeyBytes)
+	//template.SubjectKeyId = publicKeyHash[:20]
 
 	b, err := x509.CreateCertificate(rand.Reader, template, rootCA.Crt, csr.PublicKey, rootCA.Key)
 	if err != nil {

pki/model_certificate.go

@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2024-2025 Mikhail Knyazhev <markus621@yandex.ru>. All rights reserved.
+ *  Copyright (c) 2024-2026 Mikhail Knyazhev <markus621@yandex.com>. All rights reserved.
  *  Use of this source code is governed by a BSD 3-Clause license that can be found in the LICENSE file.
  */
 

pki/model_request.go

@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2024-2025 Mikhail Knyazhev <markus621@yandex.ru>. All rights reserved.
+ *  Copyright (c) 2024-2026 Mikhail Knyazhev <markus621@yandex.com>. All rights reserved.
  *  Use of this source code is governed by a BSD 3-Clause license that can be found in the LICENSE file.
  */
 

pki/ocsp.go

@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2024-2025 Mikhail Knyazhev <markus621@yandex.ru>. All rights reserved.
+ *  Copyright (c) 2024-2026 Mikhail Knyazhev <markus621@yandex.com>. All rights reserved.
  *  Use of this source code is governed by a BSD 3-Clause license that can be found in the LICENSE file.
  */
 

pki/utils.go

@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2024-2025 Mikhail Knyazhev <markus621@yandex.ru>. All rights reserved.
+ *  Copyright (c) 2024-2026 Mikhail Knyazhev <markus621@yandex.com>. All rights reserved.
  *  Use of this source code is governed by a BSD 3-Clause license that can be found in the LICENSE file.
  */