/
festivalspki.go
72 lines (63 loc) · 2.51 KB
/
festivalspki.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
package festivalspki
import (
"crypto/tls"
"crypto/x509"
"encoding/pem"
"errors"
"os"
)
// LoadServerCertificatesHandler will return a function that loads the server certificate chain based on the given ClientHelloInfo.
func LoadServerCertificateHandler(serverCert string, serverKey string, rootCACert string) func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
return func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
// ClientHelloInfo is not used, just try to load the local certificates
certificate, err := tls.LoadX509KeyPair(serverCert, serverKey)
if err != nil {
return nil, errors.New("Failed to load server certificate and key with error: " + err.Error())
}
rootCACert, err := LoadX509Certificate(rootCACert)
if err != nil {
return nil, errors.New("Failed to load FestivalsApp Root CA certificate with error: " + err.Error())
}
certificate.Certificate = append(certificate.Certificate, rootCACert.Raw)
return &certificate, err
}
}
// LoadServerCertificates will attempt to load the server certificate chain.
func LoadServerCertificates(serverCert string, serverKey string, rootCACert string) (*tls.Certificate, error) {
certificate, err := tls.LoadX509KeyPair(serverCert, serverKey)
if err != nil {
return nil, errors.New("Failed to load server certificate and key with error: " + err.Error())
}
rootCACertificate, rootErr := LoadX509Certificate(rootCACert)
if rootErr != nil {
return nil, errors.New("Failed to load FestivalsApp Root CA certificate with error: " + err.Error())
}
certificate.Certificate = append(certificate.Certificate, rootCACertificate.Raw)
return &certificate, err
}
// LoadX509Certificate reads and parses a certificate from a .crt file.
// The file must contain PEM encoded data. The certificate file may only contain one certificate.
func LoadX509Certificate(certFile string) (*x509.Certificate, error) {
certContent, err := os.ReadFile(certFile)
if err != nil {
return nil, err
}
block, _ := pem.Decode(certContent)
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
return nil, err
}
return cert, nil
}
// Creates and returns a certificate pool with the given certificate added to it.
func LoadCertificatePool(certFile string) (*x509.CertPool, error) {
rootCertPool := x509.NewCertPool()
certContent, err := os.ReadFile(certFile)
if err != nil {
return nil, err
}
if ok := rootCertPool.AppendCertsFromPEM(certContent); !ok {
return nil, errors.New("Failed to append certificate to certificate pool.")
}
return rootCertPool, nil
}