86 lines
1.7 KiB
Go
86 lines
1.7 KiB
Go
|
package certlib
|
||
|
|
||
|
import (
|
||
|
"crypto/x509"
|
||
|
"encoding/pem"
|
||
|
"errors"
|
||
|
"io/ioutil"
|
||
|
|
||
|
"git.wntrmute.dev/kyle/goutils/certlib/certerr"
|
||
|
)
|
||
|
|
||
|
// ReadCertificate reads a DER or PEM-encoded certificate from the
|
||
|
// byte slice.
|
||
|
func ReadCertificate(in []byte) (cert *x509.Certificate, rest []byte, err error) {
|
||
|
if len(in) == 0 {
|
||
|
err = certerr.ErrEmptyCertificate
|
||
|
return
|
||
|
}
|
||
|
|
||
|
if in[0] == '-' {
|
||
|
p, remaining := pem.Decode(in)
|
||
|
if p == nil {
|
||
|
err = errors.New("certlib: invalid PEM file")
|
||
|
return
|
||
|
}
|
||
|
|
||
|
rest = remaining
|
||
|
if p.Type != "CERTIFICATE" {
|
||
|
err = certerr.ErrInvalidPEMType(p.Type, "CERTIFICATE")
|
||
|
return
|
||
|
}
|
||
|
|
||
|
in = p.Bytes
|
||
|
}
|
||
|
|
||
|
cert, err = x509.ParseCertificate(in)
|
||
|
return
|
||
|
}
|
||
|
|
||
|
// ReadCertificates tries to read all the certificates in a
|
||
|
// PEM-encoded collection.
|
||
|
func ReadCertificates(in []byte) (certs []*x509.Certificate, err error) {
|
||
|
var cert *x509.Certificate
|
||
|
for {
|
||
|
cert, in, err = ReadCertificate(in)
|
||
|
if err != nil {
|
||
|
break
|
||
|
}
|
||
|
|
||
|
if cert == nil {
|
||
|
break
|
||
|
}
|
||
|
|
||
|
certs = append(certs, cert)
|
||
|
if len(in) == 0 {
|
||
|
break
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return certs, err
|
||
|
}
|
||
|
|
||
|
// LoadCertificate tries to read a single certificate from disk. If
|
||
|
// the file contains multiple certificates (e.g. a chain), only the
|
||
|
// first certificate is returned.
|
||
|
func LoadCertificate(path string) (*x509.Certificate, error) {
|
||
|
in, err := ioutil.ReadFile(path)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
cert, _, err := ReadCertificate(in)
|
||
|
return cert, err
|
||
|
}
|
||
|
|
||
|
// LoadCertificates tries to read all the certificates in a file,
|
||
|
// returning them in the order that it found them in the file.
|
||
|
func LoadCertificates(path string) ([]*x509.Certificate, error) {
|
||
|
in, err := ioutil.ReadFile(path)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
return ReadCertificates(in)
|
||
|
}
|