-
Notifications
You must be signed in to change notification settings - Fork 6
/
impl.go
110 lines (106 loc) · 2.88 KB
/
impl.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
package encoding
import (
"bytes"
"encoding/base64"
"encoding/json"
"encoding/pem"
"errors"
"fmt"
"strings"
"github.com/Cloud-Foundations/golib/pkg/crypto/certmanager"
)
func decodeCert(encodedCert string) (*certmanager.Certificate, error) {
var keyMap map[string]string
if err := json.Unmarshal([]byte(encodedCert), &keyMap); err != nil {
return nil, fmt.Errorf("error unmarshaling secret: %s", err)
}
certPEM := &bytes.Buffer{}
for index := 0; ; index++ {
certificateBase64 := keyMap[fmt.Sprintf("Certificate%d", index)]
if certificateBase64 == "" {
if index == 0 {
return nil, errors.New("no Certificate in map")
}
break // We've reached the end of the certificate chain.
}
certDER, err := base64.StdEncoding.DecodeString(
strings.Replace(certificateBase64, " ", "", -1))
if err != nil {
return nil, err
}
if index != 0 {
fmt.Fprintln(certPEM)
}
err = pem.Encode(certPEM, &pem.Block{
Type: "CERTIFICATE",
Bytes: certDER,
})
if err != nil {
return nil, err
}
}
keyType := keyMap["KeyType"]
if keyType != "" {
keyType += " "
}
privateKeyBase64 := keyMap["PrivateKey"]
if privateKeyBase64 == "" {
return nil, errors.New("no PrivateKey in map")
}
privateKey, err := base64.StdEncoding.DecodeString(
strings.Replace(privateKeyBase64, " ", "", -1))
if err != nil {
return nil, err
}
keyPEM := pem.EncodeToMemory(&pem.Block{
Type: keyType + "PRIVATE KEY",
Bytes: privateKey,
})
return &certmanager.Certificate{
CertPemBlock: certPEM.Bytes(),
KeyPemBlock: keyPEM,
}, nil
}
func encodeCert(cert *certmanager.Certificate) (string, error) {
keyMap := make(map[string]string, 4)
// Decode all the certificates in the chain.
next := cert.CertPemBlock
for index := 0; ; index++ {
var certBlock *pem.Block
certBlock, next = pem.Decode(next)
if certBlock == nil {
if index == 0 {
return "", errors.New("unable to decode any PEM Certificate")
}
break // We've reached the end of the certificate chain.
}
if certBlock.Type != "CERTIFICATE" {
return "", fmt.Errorf("Certificate type: %s not supported",
certBlock.Type)
}
keyMap[fmt.Sprintf("Certificate%d", index)] =
base64.StdEncoding.EncodeToString(certBlock.Bytes)
}
// Decode the private key.
keyBlock, _ := pem.Decode(cert.KeyPemBlock)
if keyBlock == nil {
return "", errors.New("unable to decode PEM PrivateKey")
}
if keyBlock.Type != "PRIVATE KEY" {
splitKeyType := strings.SplitN(keyBlock.Type, " ", 2)
if len(splitKeyType) != 2 {
return "", fmt.Errorf("unable to split: %s", keyBlock.Type)
}
if splitKeyType[1] != "PRIVATE KEY" {
return "", fmt.Errorf("PrivateKey type: %s not supported",
keyBlock.Type)
}
keyMap["KeyType"] = splitKeyType[0]
}
keyMap["PrivateKey"] = base64.StdEncoding.EncodeToString(keyBlock.Bytes)
encodedCert, err := json.Marshal(keyMap)
if err != nil {
return "", err
}
return string(encodedCert), nil
}