nebula/cert/cert_v1.go

package cert

import (
	"bytes"
	"crypto/ecdh"
	"crypto/ecdsa"
	"crypto/ed25519"
	"crypto/elliptic"
	"crypto/rand"
	"crypto/sha256"
	"encoding/binary"
	"encoding/hex"
	"encoding/json"
	"encoding/pem"
	"fmt"
	"math/big"
	"net"
	"net/netip"
	"time"

	"github.com/slackhq/nebula/pkclient"
	"golang.org/x/crypto/curve25519"
	"google.golang.org/protobuf/proto"
)

const publicKeyLen = 32

type certificateV1 struct {
	details   detailsV1
	signature []byte
}

type detailsV1 struct {
	Name      string
	Ips       []netip.Prefix
	Subnets   []netip.Prefix
	Groups    []string
	NotBefore time.Time
	NotAfter  time.Time
	PublicKey []byte
	IsCA      bool
	Issuer    string

	Curve Curve
}

type m map[string]interface{}

func (nc *certificateV1) Version() Version {
	return Version1
}

func (nc *certificateV1) Curve() Curve {
	return nc.details.Curve
}

func (nc *certificateV1) Groups() []string {
	return nc.details.Groups
}

func (nc *certificateV1) IsCA() bool {
	return nc.details.IsCA
}

func (nc *certificateV1) Issuer() string {
	return nc.details.Issuer
}

func (nc *certificateV1) Name() string {
	return nc.details.Name
}

func (nc *certificateV1) Networks() []netip.Prefix {
	return nc.details.Ips
}

func (nc *certificateV1) NotAfter() time.Time {
	return nc.details.NotAfter
}

func (nc *certificateV1) NotBefore() time.Time {
	return nc.details.NotBefore
}

func (nc *certificateV1) PublicKey() []byte {
	return nc.details.PublicKey
}

func (nc *certificateV1) Signature() []byte {
	return nc.signature
}

func (nc *certificateV1) UnsafeNetworks() []netip.Prefix {
	return nc.details.Subnets
}

func (nc *certificateV1) Fingerprint() (string, error) {
	b, err := nc.Marshal()
	if err != nil {
		return "", err
	}

	sum := sha256.Sum256(b)
	return hex.EncodeToString(sum[:]), nil
}

func (nc *certificateV1) CheckSignature(key []byte) bool {
	b, err := proto.Marshal(nc.getRawDetails())
	if err != nil {
		return false
	}
	switch nc.details.Curve {
	case Curve_CURVE25519:
		return ed25519.Verify(key, b, nc.signature)
	case Curve_P256:
		x, y := elliptic.Unmarshal(elliptic.P256(), key)
		pubKey := &ecdsa.PublicKey{Curve: elliptic.P256(), X: x, Y: y}
		hashed := sha256.Sum256(b)
		return ecdsa.VerifyASN1(pubKey, hashed[:], nc.signature)
	default:
		return false
	}
}

func (nc *certificateV1) Expired(t time.Time) bool {
	return nc.details.NotBefore.After(t) || nc.details.NotAfter.Before(t)
}

func (nc *certificateV1) VerifyPrivateKey(curve Curve, key []byte) error {
	if curve != nc.details.Curve {
		return fmt.Errorf("curve in cert and private key supplied don't match")
	}
	if nc.details.IsCA {
		switch curve {
		case Curve_CURVE25519:
			// the call to PublicKey below will panic slice bounds out of range otherwise
			if len(key) != ed25519.PrivateKeySize {
				return fmt.Errorf("key was not 64 bytes, is invalid ed25519 private key")
			}

			if !ed25519.PublicKey(nc.details.PublicKey).Equal(ed25519.PrivateKey(key).Public()) {
				return fmt.Errorf("public key in cert and private key supplied don't match")
			}
		case Curve_P256:
			privkey, err := ecdh.P256().NewPrivateKey(key)
			if err != nil {
				return fmt.Errorf("cannot parse private key as P256: %w", err)
			}
			pub := privkey.PublicKey().Bytes()
			if !bytes.Equal(pub, nc.details.PublicKey) {
				return fmt.Errorf("public key in cert and private key supplied don't match")
			}
		default:
			return fmt.Errorf("invalid curve: %s", curve)
		}
		return nil
	}

	var pub []byte
	switch curve {
	case Curve_CURVE25519:
		var err error
		pub, err = curve25519.X25519(key, curve25519.Basepoint)
		if err != nil {
			return err
		}
	case Curve_P256:
		privkey, err := ecdh.P256().NewPrivateKey(key)
		if err != nil {
			return err
		}
		pub = privkey.PublicKey().Bytes()
	default:
		return fmt.Errorf("invalid curve: %s", curve)
	}
	if !bytes.Equal(pub, nc.details.PublicKey) {
		return fmt.Errorf("public key in cert and private key supplied don't match")
	}

	return nil
}

// getRawDetails marshals the raw details into protobuf ready struct
func (nc *certificateV1) getRawDetails() *RawNebulaCertificateDetails {
	rd := &RawNebulaCertificateDetails{
		Name:      nc.details.Name,
		Groups:    nc.details.Groups,
		NotBefore: nc.details.NotBefore.Unix(),
		NotAfter:  nc.details.NotAfter.Unix(),
		PublicKey: make([]byte, len(nc.details.PublicKey)),
		IsCA:      nc.details.IsCA,
		Curve:     nc.details.Curve,
	}

	for _, ipNet := range nc.details.Ips {
		mask := net.CIDRMask(ipNet.Bits(), ipNet.Addr().BitLen())
		rd.Ips = append(rd.Ips, addr2int(ipNet.Addr()), ip2int(mask))
	}

	for _, ipNet := range nc.details.Subnets {
		mask := net.CIDRMask(ipNet.Bits(), ipNet.Addr().BitLen())
		rd.Subnets = append(rd.Subnets, addr2int(ipNet.Addr()), ip2int(mask))
	}

	copy(rd.PublicKey, nc.details.PublicKey[:])

	// I know, this is terrible
	rd.Issuer, _ = hex.DecodeString(nc.details.Issuer)

	return rd
}

func (nc *certificateV1) String() string {
	if nc == nil {
		return "Certificate {}\n"
	}

	s := "NebulaCertificate {\n"
	s += "\tDetails {\n"
	s += fmt.Sprintf("\t\tName: %v\n", nc.details.Name)

	if len(nc.details.Ips) > 0 {
		s += "\t\tIps: [\n"
		for _, ip := range nc.details.Ips {
			s += fmt.Sprintf("\t\t\t%v\n", ip.String())
		}
		s += "\t\t]\n"
	} else {
		s += "\t\tIps: []\n"
	}

	if len(nc.details.Subnets) > 0 {
		s += "\t\tSubnets: [\n"
		for _, ip := range nc.details.Subnets {
			s += fmt.Sprintf("\t\t\t%v\n", ip.String())
		}
		s += "\t\t]\n"
	} else {
		s += "\t\tSubnets: []\n"
	}

	if len(nc.details.Groups) > 0 {
		s += "\t\tGroups: [\n"
		for _, g := range nc.details.Groups {
			s += fmt.Sprintf("\t\t\t\"%v\"\n", g)
		}
		s += "\t\t]\n"
	} else {
		s += "\t\tGroups: []\n"
	}

	s += fmt.Sprintf("\t\tNot before: %v\n", nc.details.NotBefore)
	s += fmt.Sprintf("\t\tNot After: %v\n", nc.details.NotAfter)
	s += fmt.Sprintf("\t\tIs CA: %v\n", nc.details.IsCA)
	s += fmt.Sprintf("\t\tIssuer: %s\n", nc.details.Issuer)
	s += fmt.Sprintf("\t\tPublic key: %x\n", nc.details.PublicKey)
	s += fmt.Sprintf("\t\tCurve: %s\n", nc.details.Curve)
	s += "\t}\n"
	fp, err := nc.Fingerprint()
	if err == nil {
		s += fmt.Sprintf("\tFingerprint: %s\n", fp)
	}
	s += fmt.Sprintf("\tSignature: %x\n", nc.Signature())
	s += "}"

	return s
}

func (nc *certificateV1) MarshalForHandshakes() ([]byte, error) {
	pubKey := nc.details.PublicKey
	nc.details.PublicKey = nil
	rawCertNoKey, err := nc.Marshal()
	if err != nil {
		return nil, err
	}
	nc.details.PublicKey = pubKey
	return rawCertNoKey, nil
}

func (nc *certificateV1) Marshal() ([]byte, error) {
	rc := RawNebulaCertificate{
		Details:   nc.getRawDetails(),
		Signature: nc.signature,
	}

	return proto.Marshal(&rc)
}

func (nc *certificateV1) MarshalPEM() ([]byte, error) {
	b, err := nc.Marshal()
	if err != nil {
		return nil, err
	}
	return pem.EncodeToMemory(&pem.Block{Type: CertificateBanner, Bytes: b}), nil
}

func (nc *certificateV1) MarshalJSON() ([]byte, error) {
	fp, _ := nc.Fingerprint()
	jc := m{
		"details": m{
			"name":      nc.details.Name,
			"ips":       nc.details.Ips,
			"subnets":   nc.details.Subnets,
			"groups":    nc.details.Groups,
			"notBefore": nc.details.NotBefore,
			"notAfter":  nc.details.NotAfter,
			"publicKey": fmt.Sprintf("%x", nc.details.PublicKey),
			"isCa":      nc.details.IsCA,
			"issuer":    nc.details.Issuer,
			"curve":     nc.details.Curve.String(),
		},
		"fingerprint": fp,
		"signature":   fmt.Sprintf("%x", nc.Signature()),
	}
	return json.Marshal(jc)
}

func (nc *certificateV1) Copy() Certificate {
	c := &certificateV1{
		details: detailsV1{
			Name:      nc.details.Name,
			Groups:    make([]string, len(nc.details.Groups)),
			Ips:       make([]netip.Prefix, len(nc.details.Ips)),
			Subnets:   make([]netip.Prefix, len(nc.details.Subnets)),
			NotBefore: nc.details.NotBefore,
			NotAfter:  nc.details.NotAfter,
			PublicKey: make([]byte, len(nc.details.PublicKey)),
			IsCA:      nc.details.IsCA,
			Issuer:    nc.details.Issuer,
		},
		signature: make([]byte, len(nc.signature)),
	}

	copy(c.signature, nc.signature)
	copy(c.details.Groups, nc.details.Groups)
	copy(c.details.PublicKey, nc.details.PublicKey)

	for i, p := range nc.details.Ips {
		c.details.Ips[i] = p
	}

	for i, p := range nc.details.Subnets {
		c.details.Subnets[i] = p
	}

	return c
}

// unmarshalCertificateV1 will unmarshal a protobuf byte representation of a nebula cert
func unmarshalCertificateV1(b []byte, assertPublicKey bool) (*certificateV1, error) {
	if len(b) == 0 {
		return nil, fmt.Errorf("nil byte array")
	}
	var rc RawNebulaCertificate
	err := proto.Unmarshal(b, &rc)
	if err != nil {
		return nil, err
	}

	if rc.Details == nil {
		return nil, fmt.Errorf("encoded Details was nil")
	}

	if len(rc.Details.Ips)%2 != 0 {
		return nil, fmt.Errorf("encoded IPs should be in pairs, an odd number was found")
	}

	if len(rc.Details.Subnets)%2 != 0 {
		return nil, fmt.Errorf("encoded Subnets should be in pairs, an odd number was found")
	}

	nc := certificateV1{
		details: detailsV1{
			Name:      rc.Details.Name,
			Groups:    make([]string, len(rc.Details.Groups)),
			Ips:       make([]netip.Prefix, len(rc.Details.Ips)/2),
			Subnets:   make([]netip.Prefix, len(rc.Details.Subnets)/2),
			NotBefore: time.Unix(rc.Details.NotBefore, 0),
			NotAfter:  time.Unix(rc.Details.NotAfter, 0),
			PublicKey: make([]byte, len(rc.Details.PublicKey)),
			IsCA:      rc.Details.IsCA,
			Curve:     rc.Details.Curve,
		},
		signature: make([]byte, len(rc.Signature)),
	}

	copy(nc.signature, rc.Signature)
	copy(nc.details.Groups, rc.Details.Groups)
	nc.details.Issuer = hex.EncodeToString(rc.Details.Issuer)

	if len(rc.Details.PublicKey) < publicKeyLen && assertPublicKey {
		return nil, fmt.Errorf("public key was fewer than 32 bytes; %v", len(rc.Details.PublicKey))
	}
	copy(nc.details.PublicKey, rc.Details.PublicKey)

	var ip netip.Addr
	for i, rawIp := range rc.Details.Ips {
		if i%2 == 0 {
			ip = int2addr(rawIp)
		} else {
			ones, _ := net.IPMask(int2ip(rawIp)).Size()
			nc.details.Ips[i/2] = netip.PrefixFrom(ip, ones)
		}
	}

	for i, rawIp := range rc.Details.Subnets {
		if i%2 == 0 {
			ip = int2addr(rawIp)
		} else {
			ones, _ := net.IPMask(int2ip(rawIp)).Size()
			nc.details.Subnets[i/2] = netip.PrefixFrom(ip, ones)
		}
	}

	return &nc, nil
}

func signV1(t *TBSCertificate, curve Curve, key []byte, client *pkclient.PKClient) (*certificateV1, error) {
	c := &certificateV1{
		details: detailsV1{
			Name:      t.Name,
			Ips:       t.Networks,
			Subnets:   t.UnsafeNetworks,
			Groups:    t.Groups,
			NotBefore: t.NotBefore,
			NotAfter:  t.NotAfter,
			PublicKey: t.PublicKey,
			IsCA:      t.IsCA,
			Curve:     t.Curve,
			Issuer:    t.issuer,
		},
	}
	b, err := proto.Marshal(c.getRawDetails())
	if err != nil {
		return nil, err
	}

	var sig []byte

	switch curve {
	case Curve_CURVE25519:
		signer := ed25519.PrivateKey(key)
		sig = ed25519.Sign(signer, b)
	case Curve_P256:
		if client != nil {
			sig, err = client.SignASN1(b)
		} else {
			signer := &ecdsa.PrivateKey{
				PublicKey: ecdsa.PublicKey{
					Curve: elliptic.P256(),
				},
				// ref: https://github.com/golang/go/blob/go1.19/src/crypto/x509/sec1.go#L95
				D: new(big.Int).SetBytes(key),
			}
			// ref: https://github.com/golang/go/blob/go1.19/src/crypto/x509/sec1.go#L119
			signer.X, signer.Y = signer.Curve.ScalarBaseMult(key)

			// We need to hash first for ECDSA
			// - https://pkg.go.dev/crypto/ecdsa#SignASN1
			hashed := sha256.Sum256(b)
			sig, err = ecdsa.SignASN1(rand.Reader, signer, hashed[:])
			if err != nil {
				return nil, err
			}
		}
	default:
		return nil, fmt.Errorf("invalid curve: %s", c.details.Curve)
	}

	c.signature = sig
	return c, nil
}

func ip2int(ip []byte) uint32 {
	if len(ip) == 16 {
		return binary.BigEndian.Uint32(ip[12:16])
	}
	return binary.BigEndian.Uint32(ip)
}

func int2ip(nn uint32) net.IP {
	ip := make(net.IP, net.IPv4len)
	binary.BigEndian.PutUint32(ip, nn)
	return ip
}

func addr2int(addr netip.Addr) uint32 {
	b := addr.Unmap().As4()
	return binary.BigEndian.Uint32(b[:])
}

func int2addr(nn uint32) netip.Addr {
	ip := [4]byte{}
	binary.BigEndian.PutUint32(ip[:], nn)
	return netip.AddrFrom4(ip).Unmap()
}
Cert interface (#1212) 2024-10-10 17:00:22 -06:00			`package cert`

			`import (`
			`"bytes"`
			`"crypto/ecdh"`
			`"crypto/ecdsa"`
			`"crypto/ed25519"`
			`"crypto/elliptic"`
			`"crypto/rand"`
			`"crypto/sha256"`
			`"encoding/binary"`
			`"encoding/hex"`
			`"encoding/json"`
			`"encoding/pem"`
			`"fmt"`
			`"math/big"`
			`"net"`
			`"net/netip"`
			`"time"`

			`"github.com/slackhq/nebula/pkclient"`
			`"golang.org/x/crypto/curve25519"`
			`"google.golang.org/protobuf/proto"`
			`)`

			`const publicKeyLen = 32`

			`type certificateV1 struct {`
			`details detailsV1`
			`signature []byte`
			`}`

			`type detailsV1 struct {`
			`Name string`
			`Ips []netip.Prefix`
			`Subnets []netip.Prefix`
			`Groups []string`
			`NotBefore time.Time`
			`NotAfter time.Time`
			`PublicKey []byte`
			`IsCA bool`
			`Issuer string`

			`Curve Curve`
			`}`

			`type m map[string]interface{}`

			`func (nc *certificateV1) Version() Version {`
			`return Version1`
			`}`

			`func (nc *certificateV1) Curve() Curve {`
			`return nc.details.Curve`
			`}`

			`func (nc *certificateV1) Groups() []string {`
			`return nc.details.Groups`
			`}`

			`func (nc *certificateV1) IsCA() bool {`
			`return nc.details.IsCA`
			`}`

			`func (nc *certificateV1) Issuer() string {`
			`return nc.details.Issuer`
			`}`

			`func (nc *certificateV1) Name() string {`
			`return nc.details.Name`
			`}`

			`func (nc *certificateV1) Networks() []netip.Prefix {`
			`return nc.details.Ips`
			`}`

			`func (nc *certificateV1) NotAfter() time.Time {`
			`return nc.details.NotAfter`
			`}`

			`func (nc *certificateV1) NotBefore() time.Time {`
			`return nc.details.NotBefore`
			`}`

			`func (nc *certificateV1) PublicKey() []byte {`
			`return nc.details.PublicKey`
			`}`

			`func (nc *certificateV1) Signature() []byte {`
			`return nc.signature`
			`}`

			`func (nc *certificateV1) UnsafeNetworks() []netip.Prefix {`
			`return nc.details.Subnets`
			`}`

			`func (nc *certificateV1) Fingerprint() (string, error) {`
			`b, err := nc.Marshal()`
			`if err != nil {`
			`return "", err`
			`}`

			`sum := sha256.Sum256(b)`
			`return hex.EncodeToString(sum[:]), nil`
			`}`

			`func (nc *certificateV1) CheckSignature(key []byte) bool {`
			`b, err := proto.Marshal(nc.getRawDetails())`
			`if err != nil {`
			`return false`
			`}`
			`switch nc.details.Curve {`
			`case Curve_CURVE25519:`
			`return ed25519.Verify(key, b, nc.signature)`
			`case Curve_P256:`
			`x, y := elliptic.Unmarshal(elliptic.P256(), key)`
			`pubKey := &ecdsa.PublicKey{Curve: elliptic.P256(), X: x, Y: y}`
			`hashed := sha256.Sum256(b)`
			`return ecdsa.VerifyASN1(pubKey, hashed[:], nc.signature)`
			`default:`
			`return false`
			`}`
			`}`

			`func (nc *certificateV1) Expired(t time.Time) bool {`
			`return nc.details.NotBefore.After(t) \|\| nc.details.NotAfter.Before(t)`
			`}`

			`func (nc *certificateV1) VerifyPrivateKey(curve Curve, key []byte) error {`
			`if curve != nc.details.Curve {`
			`return fmt.Errorf("curve in cert and private key supplied don't match")`
			`}`
			`if nc.details.IsCA {`
			`switch curve {`
			`case Curve_CURVE25519:`
			`// the call to PublicKey below will panic slice bounds out of range otherwise`
			`if len(key) != ed25519.PrivateKeySize {`
			`return fmt.Errorf("key was not 64 bytes, is invalid ed25519 private key")`
			`}`

			`if !ed25519.PublicKey(nc.details.PublicKey).Equal(ed25519.PrivateKey(key).Public()) {`
			`return fmt.Errorf("public key in cert and private key supplied don't match")`
			`}`
			`case Curve_P256:`
			`privkey, err := ecdh.P256().NewPrivateKey(key)`
			`if err != nil {`
			`return fmt.Errorf("cannot parse private key as P256: %w", err)`
			`}`
			`pub := privkey.PublicKey().Bytes()`
			`if !bytes.Equal(pub, nc.details.PublicKey) {`
			`return fmt.Errorf("public key in cert and private key supplied don't match")`
			`}`
			`default:`
			`return fmt.Errorf("invalid curve: %s", curve)`
			`}`
			`return nil`
			`}`

			`var pub []byte`
			`switch curve {`
			`case Curve_CURVE25519:`
			`var err error`
			`pub, err = curve25519.X25519(key, curve25519.Basepoint)`
			`if err != nil {`
			`return err`
			`}`
			`case Curve_P256:`
			`privkey, err := ecdh.P256().NewPrivateKey(key)`
			`if err != nil {`
			`return err`
			`}`
			`pub = privkey.PublicKey().Bytes()`
			`default:`
			`return fmt.Errorf("invalid curve: %s", curve)`
			`}`
			`if !bytes.Equal(pub, nc.details.PublicKey) {`
			`return fmt.Errorf("public key in cert and private key supplied don't match")`
			`}`

			`return nil`
			`}`

			`// getRawDetails marshals the raw details into protobuf ready struct`
			`func (nc certificateV1) getRawDetails() RawNebulaCertificateDetails {`
			`rd := &RawNebulaCertificateDetails{`
			`Name: nc.details.Name,`
			`Groups: nc.details.Groups,`
			`NotBefore: nc.details.NotBefore.Unix(),`
			`NotAfter: nc.details.NotAfter.Unix(),`
			`PublicKey: make([]byte, len(nc.details.PublicKey)),`
			`IsCA: nc.details.IsCA,`
			`Curve: nc.details.Curve,`
			`}`

			`for _, ipNet := range nc.details.Ips {`
			`mask := net.CIDRMask(ipNet.Bits(), ipNet.Addr().BitLen())`
			`rd.Ips = append(rd.Ips, addr2int(ipNet.Addr()), ip2int(mask))`
			`}`

			`for _, ipNet := range nc.details.Subnets {`
			`mask := net.CIDRMask(ipNet.Bits(), ipNet.Addr().BitLen())`
			`rd.Subnets = append(rd.Subnets, addr2int(ipNet.Addr()), ip2int(mask))`
			`}`

			`copy(rd.PublicKey, nc.details.PublicKey[:])`

			`// I know, this is terrible`
			`rd.Issuer, _ = hex.DecodeString(nc.details.Issuer)`

			`return rd`
			`}`

			`func (nc *certificateV1) String() string {`
			`if nc == nil {`
			`return "Certificate {}\n"`
			`}`

			`s := "NebulaCertificate {\n"`
			`s += "\tDetails {\n"`
			`s += fmt.Sprintf("\t\tName: %v\n", nc.details.Name)`

			`if len(nc.details.Ips) > 0 {`
			`s += "\t\tIps: [\n"`
			`for _, ip := range nc.details.Ips {`
			`s += fmt.Sprintf("\t\t\t%v\n", ip.String())`
			`}`
			`s += "\t\t]\n"`
			`} else {`
			`s += "\t\tIps: []\n"`
			`}`

			`if len(nc.details.Subnets) > 0 {`
			`s += "\t\tSubnets: [\n"`
			`for _, ip := range nc.details.Subnets {`
			`s += fmt.Sprintf("\t\t\t%v\n", ip.String())`
			`}`
			`s += "\t\t]\n"`
			`} else {`
			`s += "\t\tSubnets: []\n"`
			`}`

			`if len(nc.details.Groups) > 0 {`
			`s += "\t\tGroups: [\n"`
			`for _, g := range nc.details.Groups {`
			`s += fmt.Sprintf("\t\t\t\"%v\"\n", g)`
			`}`
			`s += "\t\t]\n"`
			`} else {`
			`s += "\t\tGroups: []\n"`
			`}`

			`s += fmt.Sprintf("\t\tNot before: %v\n", nc.details.NotBefore)`
			`s += fmt.Sprintf("\t\tNot After: %v\n", nc.details.NotAfter)`
			`s += fmt.Sprintf("\t\tIs CA: %v\n", nc.details.IsCA)`
			`s += fmt.Sprintf("\t\tIssuer: %s\n", nc.details.Issuer)`
			`s += fmt.Sprintf("\t\tPublic key: %x\n", nc.details.PublicKey)`
			`s += fmt.Sprintf("\t\tCurve: %s\n", nc.details.Curve)`
			`s += "\t}\n"`
			`fp, err := nc.Fingerprint()`
			`if err == nil {`
			`s += fmt.Sprintf("\tFingerprint: %s\n", fp)`
			`}`
			`s += fmt.Sprintf("\tSignature: %x\n", nc.Signature())`
			`s += "}"`

			`return s`
			`}`

			`func (nc *certificateV1) MarshalForHandshakes() ([]byte, error) {`
			`pubKey := nc.details.PublicKey`
			`nc.details.PublicKey = nil`
			`rawCertNoKey, err := nc.Marshal()`
			`if err != nil {`
			`return nil, err`
			`}`
			`nc.details.PublicKey = pubKey`
			`return rawCertNoKey, nil`
			`}`

			`func (nc *certificateV1) Marshal() ([]byte, error) {`
			`rc := RawNebulaCertificate{`
			`Details: nc.getRawDetails(),`
			`Signature: nc.signature,`
			`}`

			`return proto.Marshal(&rc)`
			`}`

			`func (nc *certificateV1) MarshalPEM() ([]byte, error) {`
			`b, err := nc.Marshal()`
			`if err != nil {`
			`return nil, err`
			`}`
			`return pem.EncodeToMemory(&pem.Block{Type: CertificateBanner, Bytes: b}), nil`
			`}`

			`func (nc *certificateV1) MarshalJSON() ([]byte, error) {`
			`fp, _ := nc.Fingerprint()`
			`jc := m{`
			`"details": m{`
			`"name": nc.details.Name,`
			`"ips": nc.details.Ips,`
			`"subnets": nc.details.Subnets,`
			`"groups": nc.details.Groups,`
			`"notBefore": nc.details.NotBefore,`
			`"notAfter": nc.details.NotAfter,`
			`"publicKey": fmt.Sprintf("%x", nc.details.PublicKey),`
			`"isCa": nc.details.IsCA,`
			`"issuer": nc.details.Issuer,`
			`"curve": nc.details.Curve.String(),`
			`},`
			`"fingerprint": fp,`
			`"signature": fmt.Sprintf("%x", nc.Signature()),`
			`}`
			`return json.Marshal(jc)`
			`}`

			`func (nc *certificateV1) Copy() Certificate {`
			`c := &certificateV1{`
			`details: detailsV1{`
			`Name: nc.details.Name,`
			`Groups: make([]string, len(nc.details.Groups)),`
			`Ips: make([]netip.Prefix, len(nc.details.Ips)),`
			`Subnets: make([]netip.Prefix, len(nc.details.Subnets)),`
			`NotBefore: nc.details.NotBefore,`
			`NotAfter: nc.details.NotAfter,`
			`PublicKey: make([]byte, len(nc.details.PublicKey)),`
			`IsCA: nc.details.IsCA,`
			`Issuer: nc.details.Issuer,`
			`},`
			`signature: make([]byte, len(nc.signature)),`
			`}`

			`copy(c.signature, nc.signature)`
			`copy(c.details.Groups, nc.details.Groups)`
			`copy(c.details.PublicKey, nc.details.PublicKey)`

			`for i, p := range nc.details.Ips {`
			`c.details.Ips[i] = p`
			`}`

			`for i, p := range nc.details.Subnets {`
			`c.details.Subnets[i] = p`
			`}`

			`return c`
			`}`

			`// unmarshalCertificateV1 will unmarshal a protobuf byte representation of a nebula cert`
			`func unmarshalCertificateV1(b []byte, assertPublicKey bool) (*certificateV1, error) {`
			`if len(b) == 0 {`
			`return nil, fmt.Errorf("nil byte array")`
			`}`
			`var rc RawNebulaCertificate`
			`err := proto.Unmarshal(b, &rc)`
			`if err != nil {`
			`return nil, err`
			`}`

			`if rc.Details == nil {`
			`return nil, fmt.Errorf("encoded Details was nil")`
			`}`

			`if len(rc.Details.Ips)%2 != 0 {`
			`return nil, fmt.Errorf("encoded IPs should be in pairs, an odd number was found")`
			`}`

			`if len(rc.Details.Subnets)%2 != 0 {`
			`return nil, fmt.Errorf("encoded Subnets should be in pairs, an odd number was found")`
			`}`

			`nc := certificateV1{`
			`details: detailsV1{`
			`Name: rc.Details.Name,`
			`Groups: make([]string, len(rc.Details.Groups)),`
			`Ips: make([]netip.Prefix, len(rc.Details.Ips)/2),`
			`Subnets: make([]netip.Prefix, len(rc.Details.Subnets)/2),`
			`NotBefore: time.Unix(rc.Details.NotBefore, 0),`
			`NotAfter: time.Unix(rc.Details.NotAfter, 0),`
			`PublicKey: make([]byte, len(rc.Details.PublicKey)),`
			`IsCA: rc.Details.IsCA,`
			`Curve: rc.Details.Curve,`
			`},`
			`signature: make([]byte, len(rc.Signature)),`
			`}`

			`copy(nc.signature, rc.Signature)`
			`copy(nc.details.Groups, rc.Details.Groups)`
			`nc.details.Issuer = hex.EncodeToString(rc.Details.Issuer)`

			`if len(rc.Details.PublicKey) < publicKeyLen && assertPublicKey {`
			`return nil, fmt.Errorf("public key was fewer than 32 bytes; %v", len(rc.Details.PublicKey))`
			`}`
			`copy(nc.details.PublicKey, rc.Details.PublicKey)`

			`var ip netip.Addr`
			`for i, rawIp := range rc.Details.Ips {`
			`if i%2 == 0 {`
			`ip = int2addr(rawIp)`
			`} else {`
			`ones, _ := net.IPMask(int2ip(rawIp)).Size()`
			`nc.details.Ips[i/2] = netip.PrefixFrom(ip, ones)`
			`}`
			`}`

			`for i, rawIp := range rc.Details.Subnets {`
			`if i%2 == 0 {`
			`ip = int2addr(rawIp)`
			`} else {`
			`ones, _ := net.IPMask(int2ip(rawIp)).Size()`
			`nc.details.Subnets[i/2] = netip.PrefixFrom(ip, ones)`
			`}`
			`}`

			`return &nc, nil`
			`}`

			`func signV1(t TBSCertificate, curve Curve, key []byte, client pkclient.PKClient) (*certificateV1, error) {`
			`c := &certificateV1{`
			`details: detailsV1{`
			`Name: t.Name,`
			`Ips: t.Networks,`
			`Subnets: t.UnsafeNetworks,`
			`Groups: t.Groups,`
			`NotBefore: t.NotBefore,`
			`NotAfter: t.NotAfter,`
			`PublicKey: t.PublicKey,`
			`IsCA: t.IsCA,`
			`Curve: t.Curve,`
			`Issuer: t.issuer,`
			`},`
			`}`
			`b, err := proto.Marshal(c.getRawDetails())`
			`if err != nil {`
			`return nil, err`
			`}`

			`var sig []byte`

			`switch curve {`
			`case Curve_CURVE25519:`
			`signer := ed25519.PrivateKey(key)`
			`sig = ed25519.Sign(signer, b)`
			`case Curve_P256:`
			`if client != nil {`
			`sig, err = client.SignASN1(b)`
			`} else {`
			`signer := &ecdsa.PrivateKey{`
			`PublicKey: ecdsa.PublicKey{`
			`Curve: elliptic.P256(),`
			`},`
			`// ref: https://github.com/golang/go/blob/go1.19/src/crypto/x509/sec1.go#L95`
			`D: new(big.Int).SetBytes(key),`
			`}`
			`// ref: https://github.com/golang/go/blob/go1.19/src/crypto/x509/sec1.go#L119`
			`signer.X, signer.Y = signer.Curve.ScalarBaseMult(key)`

			`// We need to hash first for ECDSA`
			`// - https://pkg.go.dev/crypto/ecdsa#SignASN1`
			`hashed := sha256.Sum256(b)`
			`sig, err = ecdsa.SignASN1(rand.Reader, signer, hashed[:])`
			`if err != nil {`
			`return nil, err`
			`}`
			`}`
			`default:`
			`return nil, fmt.Errorf("invalid curve: %s", c.details.Curve)`
			`}`

			`c.signature = sig`
			`return c, nil`
			`}`

			`func ip2int(ip []byte) uint32 {`
			`if len(ip) == 16 {`
			`return binary.BigEndian.Uint32(ip[12:16])`
			`}`
			`return binary.BigEndian.Uint32(ip)`
			`}`

			`func int2ip(nn uint32) net.IP {`
			`ip := make(net.IP, net.IPv4len)`
			`binary.BigEndian.PutUint32(ip, nn)`
			`return ip`
			`}`

			`func addr2int(addr netip.Addr) uint32 {`
			`b := addr.Unmap().As4()`
			`return binary.BigEndian.Uint32(b[:])`
			`}`

			`func int2addr(nn uint32) netip.Addr {`
			`ip := [4]byte{}`
			`binary.BigEndian.PutUint32(ip[:], nn)`
			`return netip.AddrFrom4(ip).Unmap()`
			`}`