forked from AccelByte/eventstream-go-sdk
-
Notifications
You must be signed in to change notification settings - Fork 0
/
tls.go
94 lines (77 loc) · 2.21 KB
/
tls.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
/*
* Copyright (c) 2021 AccelByte Inc
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and limitations under the License.
*
*/
package eventstream
import (
"crypto"
"crypto/ecdsa"
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"encoding/pem"
"fmt"
"io/ioutil"
"github.com/sirupsen/logrus"
)
const (
DefaultSSLCertPath = "/etc/ssl/certs/ca-certificates.crt" // Alpine certificate path
certificateBlockType = "CERTIFICATE"
)
// GetTLSCertFromFile reads file, divides into key and certificates
func GetTLSCertFromFile(path string) (*tls.Certificate, error) {
raw, err := ioutil.ReadFile(path)
if err != nil {
return nil, err
}
var cert tls.Certificate
for {
block, rest := pem.Decode(raw)
if block == nil {
break
}
if block.Type == certificateBlockType {
cert.Certificate = append(cert.Certificate, block.Bytes)
} else {
cert.PrivateKey, err = parsePrivateKey(block.Bytes)
if err != nil {
return nil, fmt.Errorf("failure reading private key from %s: %s", path, err.Error())
}
}
raw = rest
}
if len(cert.Certificate) == 0 && cert.PrivateKey == nil {
return nil, fmt.Errorf("no certificate or private key found in \"%s\"", path)
}
return &cert, nil
}
func parsePrivateKey(der []byte) (crypto.PrivateKey, error) {
logrus.Debug("get private key")
if key, err := x509.ParsePKCS1PrivateKey(der); err == nil {
return key, nil
}
if key, err := x509.ParsePKCS8PrivateKey(der); err == nil {
switch key := key.(type) {
case *rsa.PrivateKey, *ecdsa.PrivateKey:
return key, nil
default:
return nil, fmt.Errorf("found unknown private key type in PKCSS8 wrapping")
}
}
key, err := x509.ParseECPrivateKey(der)
if err != nil {
return nil, fmt.Errorf("failed to parse private key: %s", err.Error())
}
return key, nil
}