-
Notifications
You must be signed in to change notification settings - Fork 34
/
cert.go
102 lines (86 loc) · 2.36 KB
/
cert.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
//
// simplecert
//
// Created by Philipp Mieden
// Contact: dreadl0ck@protonmail.ch
// Copyright © 2018 bestbytes. All rights reserved.
//
package simplecert
import (
"crypto/x509"
"encoding/json"
"encoding/pem"
"errors"
"io/ioutil"
"os"
"path/filepath"
"github.com/go-acme/lego/v3/certificate"
)
// parsePEMBundle parses a certificate bundle from top to bottom and returns
// a slice of x509 certificates. This function will error if no certificates are found.
func parsePEMBundle(bundle []byte) ([]*x509.Certificate, error) {
var (
certificates []*x509.Certificate
certDERBlock *pem.Block
)
for {
certDERBlock, bundle = pem.Decode(bundle)
if certDERBlock == nil {
break
}
if certDERBlock.Type == "CERTIFICATE" {
cert, err := x509.ParseCertificate(certDERBlock.Bytes)
if err != nil {
return nil, err
}
certificates = append(certificates, cert)
}
}
if len(certificates) == 0 {
return nil, errors.New("No certificates were found while parsing the bundle")
}
return certificates, nil
}
// cert exists in cacheDir?
func certCached(cacheDir string) bool {
_, errCert := os.Stat(filepath.Join(cacheDir, certFileName))
_, errKey := os.Stat(filepath.Join(cacheDir, keyFileName))
if errCert == nil && errKey == nil {
return true
}
return false
}
// Persist the certificate on disk
// this assumes that cacheDir exists
func saveCertToDisk(cert *certificate.Resource, cacheDir string) error {
// JSON encode certificate resource
// needs to be a CR otherwise the fields with the keys will be lost
b, err := json.MarshalIndent(CR{
Domain: cert.Domain,
CertURL: cert.CertURL,
CertStableURL: cert.CertStableURL,
PrivateKey: cert.PrivateKey,
Certificate: cert.Certificate,
IssuerCertificate: cert.IssuerCertificate,
CSR: cert.CSR,
}, "", " ")
if err != nil {
return err
}
// write certificate resource to disk
err = ioutil.WriteFile(filepath.Join(cacheDir, certResourceFileName), b, c.CacheDirPerm)
if err != nil {
return err
}
// write certificate PEM to disk
err = ioutil.WriteFile(filepath.Join(cacheDir, certFileName), cert.Certificate, c.CacheDirPerm)
if err != nil {
return err
}
// write private key PEM to disk
err = ioutil.WriteFile(filepath.Join(cacheDir, keyFileName), cert.PrivateKey, c.CacheDirPerm)
if err != nil {
return err
}
return nil
}