1 files changed, 57 insertions, 0 deletions

diff --git a/core/https/crypto.go b/core/https/crypto.go
new file mode 100644
index 000000000..bc0ff6373
--- /dev/null
+++ b/core/https/crypto.go
@@ -0,0 +1,57 @@
+package https
+
+import (
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/pem"
+	"errors"
+	"io/ioutil"
+	"os"
+)
+
+// loadPrivateKey loads a PEM-encoded ECC/RSA private key from file.
+func loadPrivateKey(file string) (crypto.PrivateKey, error) {
+	keyBytes, err := ioutil.ReadFile(file)
+	if err != nil {
+		return nil, err
+	}
+	keyBlock, _ := pem.Decode(keyBytes)
+	
+	switch keyBlock.Type {
+	case "RSA PRIVATE KEY":
+		return x509.ParsePKCS1PrivateKey(keyBlock.Bytes)
+	case "EC PRIVATE KEY":
+		return x509.ParseECPrivateKey(keyBlock.Bytes)
+	}
+
+	return nil, errors.New("unknown private key type")
+}
+
+// savePrivateKey saves a PEM-encoded ECC/RSA private key to file.
+func savePrivateKey(key crypto.PrivateKey, file string) error {
+	var pemType string
+	var keyBytes []byte
+	switch key := key.(type) {
+	case *ecdsa.PrivateKey:
+		var err error
+		pemType = "EC"
+		keyBytes, err = x509.MarshalECPrivateKey(key)
+		if err != nil {
+			return err
+		}
+	case *rsa.PrivateKey:
+		pemType = "RSA"
+		keyBytes = x509.MarshalPKCS1PrivateKey(key)
+	}
+	
+	pemKey := pem.Block{Type: pemType + " PRIVATE KEY", Bytes: keyBytes}
+	keyOut, err := os.Create(file)
+	if err != nil {
+		return err
+	}
+	keyOut.Chmod(0600)
+	defer keyOut.Close()
+	return pem.Encode(keyOut, &pemKey)
+}