-
Notifications
You must be signed in to change notification settings - Fork 47
/
key_pair.go
111 lines (97 loc) · 2.83 KB
/
key_pair.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
/*
Copyright (c) 2021 - Present. Blend Labs, Inc. All rights reserved
Use of this source code is governed by a MIT license that can be found in the LICENSE file.
*/
package certutil
import (
"crypto/tls"
"io/ioutil"
"os"
"github.com/blend/go-sdk/ex"
)
// NewKeyPairFromPaths returns a key pair from paths.
func NewKeyPairFromPaths(certPath, keyPath string) KeyPair {
return KeyPair{CertPath: certPath, KeyPath: keyPath}
}
// KeyPair is an x509 pem key pair as strings.
type KeyPair struct {
Cert string `json:"cert,omitempty" yaml:"cert,omitempty"`
CertPath string `json:"certPath,omitempty" yaml:"certPath,omitempty"`
Key string `json:"key,omitempty" yaml:"key,omitempty"`
KeyPath string `json:"keyPath,omitempty" yaml:"keyPath,omitempty"`
}
// IsZero returns if the key pair is set or not.
func (kp KeyPair) IsZero() bool {
return kp.Cert == "" &&
kp.Key == "" &&
kp.CertPath == "" &&
kp.KeyPath == ""
}
// IsCertPath returns if the keypair cert is a path.
func (kp KeyPair) IsCertPath() bool {
return kp.Cert == "" && kp.CertPath != ""
}
// IsKeyPath returns if the keypair key is a path.
func (kp KeyPair) IsKeyPath() bool {
return kp.Key == "" && kp.KeyPath != ""
}
// CertBytes returns the key pair cert bytes.
func (kp KeyPair) CertBytes() ([]byte, error) {
if kp.Cert != "" {
return []byte(kp.Cert), nil
}
if kp.CertPath == "" {
return nil, ex.New("error loading cert; cert path unset")
}
contents, err := ioutil.ReadFile(os.ExpandEnv(kp.CertPath))
if err != nil {
return nil, ex.New("error loading cert from path", ex.OptInner(err), ex.OptMessage(kp.CertPath))
}
return contents, nil
}
// KeyBytes returns the key pair key bytes.
func (kp KeyPair) KeyBytes() ([]byte, error) {
if kp.Key != "" {
return []byte(kp.Key), nil
}
if kp.KeyPath == "" {
return nil, ex.New("error loading key; key path unset")
}
contents, err := ioutil.ReadFile(os.ExpandEnv(kp.KeyPath))
if err != nil {
return nil, ex.New("error loading key from path", ex.OptInner(err), ex.OptMessage(kp.KeyPath))
}
return contents, nil
}
// String returns a string representation of the key pair.
func (kp KeyPair) String() (output string) {
output = "[ "
if kp.Cert != "" {
output += "cert: <literal>"
} else if kp.CertPath != "" {
output += ("cert: " + os.ExpandEnv(kp.CertPath))
}
if kp.Key != "" {
output += ", key: <literal>"
} else if kp.KeyPath != "" {
output += (", key: " + os.ExpandEnv(kp.KeyPath))
}
output += " ]"
return output
}
// TLSCertificate returns the KeyPair as a tls.Certificate.
func (kp KeyPair) TLSCertificate() (*tls.Certificate, error) {
certBytes, err := kp.CertBytes()
if err != nil {
return nil, ex.New(err)
}
keyBytes, err := kp.KeyBytes()
if err != nil {
return nil, ex.New(err)
}
cert, err := tls.X509KeyPair(certBytes, keyBytes)
if err != nil {
return nil, ex.New(err)
}
return &cert, nil
}