/
jks.go
52 lines (43 loc) 路 1.23 KB
/
jks.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
package configmap
import (
"bytes"
"crypto/x509"
"encoding/pem"
"fmt"
"strings"
"time"
"github.com/pavel-v-chernykh/keystore-go"
)
func exportCerts(pems []*pem.Block, jksPassword string, t time.Time) ([]byte, error) {
ks := keystore.KeyStore{}
for i, p := range pems {
ce := &keystore.TrustedCertificateEntry{
Entry: keystore.Entry{
CreationDate: t,
},
Certificate: keystore.Certificate{
Content: p.Bytes,
Type: "X.509",
},
}
ce.CreationDate = t
ks[alias(p.Bytes, i)] = ce
}
var buf bytes.Buffer
err := keystore.Encode(&buf, ks, []byte(jksPassword))
if err != nil {
return nil, err
}
return buf.Bytes(), nil
}
func alias(pem []byte, i int) string {
c, err := x509.ParseCertificate(pem)
if err != nil || c.Subject.CommonName == "" {
return fmt.Sprintf("truststore-injector_%d", i)
}
// inspired by: https://github.com/kaikramer/keystore-explorer/blob/79600e0e5cb5799dfc700df0989c5ba04f3d1db1/kse/src/org/kse/crypto/x509/X509CertUtil.java#L651
if c.Issuer.CommonName == "" || c.Subject.CommonName == c.Issuer.CommonName {
return strings.ToLower(fmt.Sprintf("%s %d", c.Subject.CommonName, i))
}
return strings.ToLower(fmt.Sprintf("%s (%s) %d", c.Subject.CommonName, c.Issuer.CommonName, i))
}