/
embedded_cert_store.go
111 lines (87 loc) · 2.53 KB
/
embedded_cert_store.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
package apple
import (
"bytes"
"crypto/x509"
"embed"
"fmt"
"path"
"github.com/anchore/quill/quill/pki/certchain"
"github.com/anchore/quill/quill/pki/load"
)
//go:generate go run ./internal/generate/
//go:embed certs
var content embed.FS
var _ certchain.Store = (*embeddedCertStore)(nil)
type embeddedCertStore struct {
rootCerts []*x509.Certificate
rootPEMs [][]byte
intermediateCerts []*x509.Certificate
intermediatePEMs [][]byte
certsByCN map[string][]*x509.Certificate
}
const certDir = "certs"
var singleton *embeddedCertStore
func GetEmbeddedCertStore() certchain.Store {
return singleton
}
func init() {
var err error
singleton, err = newEmbeddedCertStore()
if err != nil {
panic(err)
}
}
func newEmbeddedCertStore() (*embeddedCertStore, error) {
var err error
store := &embeddedCertStore{}
store.rootPEMs, err = getPEMs(path.Join(certDir, "root"))
if err != nil {
return nil, fmt.Errorf("unable to load root certificates: %w", err)
}
store.intermediatePEMs, err = getPEMs(path.Join(certDir, "intermediate"))
if err != nil {
return nil, fmt.Errorf("unable to load root certificates: %w", err)
}
store.rootCerts, err = load.CertificatesFromPEMs(store.rootPEMs)
if err != nil {
return nil, fmt.Errorf("unable to parse root certificates: %w", err)
}
store.intermediateCerts, err = load.CertificatesFromPEMs(store.intermediatePEMs)
if err != nil {
return nil, fmt.Errorf("unable to parse intermediate certificates: %w", err)
}
store.certsByCN = make(map[string][]*x509.Certificate)
for _, cert := range store.intermediateCerts {
store.certsByCN[cert.Subject.CommonName] = append(store.certsByCN[cert.Subject.CommonName], cert)
}
for _, cert := range store.rootCerts {
store.certsByCN[cert.Subject.CommonName] = append(store.certsByCN[cert.Subject.CommonName], cert)
}
return store, nil
}
func (s embeddedCertStore) CertificatesByCN(commonName string) ([]*x509.Certificate, error) {
return s.certsByCN[commonName], nil
}
func (s embeddedCertStore) RootPEMs() [][]byte {
return s.rootPEMs
}
func (s embeddedCertStore) IntermediatePEMs() [][]byte {
return s.intermediatePEMs
}
func getPEMs(certsDir string) ([][]byte, error) {
files, err := content.ReadDir(certsDir)
if err != nil {
return nil, err
}
var result [][]byte
for _, f := range files {
// read the file contents
b, err := content.ReadFile(path.Join(certsDir, f.Name()))
if err != nil {
return nil, err
}
// store the file contents
result = append(result, bytes.TrimRight(b, "\n"))
}
return result, nil
}