/
certificates.go
69 lines (61 loc) · 1.48 KB
/
certificates.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
package helper
import (
"crypto"
"crypto/ecdsa"
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"encoding/pem"
"errors"
"fmt"
"os"
)
func LoadCertificateAndKey(data []byte) (*tls.Certificate, error) {
var cert tls.Certificate
var err error
for {
block, rest := pem.Decode(data)
if block == nil {
break
}
if block.Type == "CERTIFICATE" {
cert.Certificate = append(cert.Certificate, block.Bytes)
} else {
cert.PrivateKey, err = parsePrivateKey(block.Bytes)
if err != nil {
return nil, err
}
}
data = rest
}
if len(cert.Certificate) == 0 {
return nil, fmt.Errorf("no certificate found")
} else if cert.PrivateKey == nil {
return nil, fmt.Errorf("no private key found")
}
return &cert, nil
}
func LoadCertificateAndKeyFromFile(path string) (*tls.Certificate, error) {
raw, err := os.ReadFile(path)
if err != nil {
return nil, errors.New("failure reading certificate file: " + err.Error())
}
return LoadCertificateAndKey(raw)
}
func parsePrivateKey(der []byte) (crypto.PrivateKey, error) {
if key, err := x509.ParsePKCS1PrivateKey(der); err == nil {
return key, nil
}
if key, err := x509.ParsePKCS8PrivateKey(der); err == nil {
switch key := key.(type) {
case *rsa.PrivateKey, *ecdsa.PrivateKey:
return key, nil
default:
return nil, fmt.Errorf("found unknown private key type in PKCS#8 wrapping")
}
}
if key, err := x509.ParseECPrivateKey(der); err == nil {
return key, nil
}
return nil, fmt.Errorf("failed to parse private key")
}