package certlib import ( "crypto/x509" "encoding/pem" "errors" "io/ioutil" "git.wntrmute.dev/kyle/goutils/certlib/certerr" ) // ReadCertificate reads a DER or PEM-encoded certificate from the // byte slice. func ReadCertificate(in []byte) (cert *x509.Certificate, rest []byte, err error) { if len(in) == 0 { err = certerr.ErrEmptyCertificate return } if in[0] == '-' { p, remaining := pem.Decode(in) if p == nil { err = errors.New("certlib: invalid PEM file") return } rest = remaining if p.Type != "CERTIFICATE" { err = certerr.ErrInvalidPEMType(p.Type, "CERTIFICATE") return } in = p.Bytes } cert, err = x509.ParseCertificate(in) return } // ReadCertificates tries to read all the certificates in a // PEM-encoded collection. func ReadCertificates(in []byte) (certs []*x509.Certificate, err error) { var cert *x509.Certificate for { cert, in, err = ReadCertificate(in) if err != nil { break } if cert == nil { break } certs = append(certs, cert) if len(in) == 0 { break } } return certs, err } // LoadCertificate tries to read a single certificate from disk. If // the file contains multiple certificates (e.g. a chain), only the // first certificate is returned. func LoadCertificate(path string) (*x509.Certificate, error) { in, err := ioutil.ReadFile(path) if err != nil { return nil, err } cert, _, err := ReadCertificate(in) return cert, err } // LoadCertificates tries to read all the certificates in a file, // returning them in the order that it found them in the file. func LoadCertificates(path string) ([]*x509.Certificate, error) { in, err := ioutil.ReadFile(path) if err != nil { return nil, err } return ReadCertificates(in) }