-
Notifications
You must be signed in to change notification settings - Fork 110
/
parse.go
106 lines (86 loc) · 2.56 KB
/
parse.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
/*
Copyright 2021 Flant JSC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package certificate
import (
"crypto/tls"
"crypto/x509"
"encoding/base64"
"encoding/pem"
"fmt"
)
// ParseCertificatesFromBase64 parsing base64 input string and return ca cert and/or verified tls.Certificate
func ParseCertificatesFromBase64(ca, crt, key string) (*x509.Certificate, *tls.Certificate, error) {
caCert, err := generateCACert(ca)
if err != nil {
return nil, nil, err
}
clientCert, err := generateTLSCert(crt, key)
if err != nil {
return nil, nil, err
}
return caCert, clientCert, nil
}
func generateCACert(caBase64 string) (*x509.Certificate, error) {
if caBase64 == "" {
return nil, nil
}
caData, err := base64.StdEncoding.DecodeString(caBase64)
if err != nil {
return nil, err
}
block, _ := pem.Decode(caData)
if block == nil {
return nil, fmt.Errorf("block not found")
}
if block.Type != "CERTIFICATE" || len(block.Headers) != 0 {
return nil, fmt.Errorf("not valid ca certificate")
}
return x509.ParseCertificate(block.Bytes)
}
func generateTLSCert(crt, key string) (*tls.Certificate, error) {
if crt == "" || key == "" {
return nil, nil
}
certData, err := base64.StdEncoding.DecodeString(crt)
if err != nil {
return nil, err
}
keyData, err := base64.StdEncoding.DecodeString(key)
if err != nil {
return nil, err
}
cert, err := tls.X509KeyPair(certData, keyData)
if err != nil {
return nil, err
}
return &cert, nil
}
// ParseCertificatesFromPEM parsing PEM input strings and return ca cert and/or verified tls.Certificate
func ParseCertificatesFromPEM(ca, crt, key string) (*x509.Certificate, *tls.Certificate, error) {
block, _ := pem.Decode([]byte(ca))
if block == nil {
return nil, nil, fmt.Errorf("block not found")
}
if block.Type != "CERTIFICATE" || len(block.Headers) != 0 {
return nil, nil, fmt.Errorf("not valid ca certificate")
}
caCert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
return nil, nil, err
}
clientCert, err := tls.X509KeyPair([]byte(crt), []byte(key))
if err != nil {
return nil, nil, err
}
return caCert, &clientCert, nil
}