-
Notifications
You must be signed in to change notification settings - Fork 61
/
certs.go
74 lines (58 loc) · 1.42 KB
/
certs.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
//
// Copyright 2020 New Relic Corporation. All rights reserved.
// SPDX-License-Identifier: Apache-2.0
//
package collector
import (
"crypto/x509"
"io/ioutil"
"path/filepath"
)
type SystemCertPoolState int
// Constants related to the system certificate pool behaviour.
const (
// The system certificate pool is missing, and should generate a warning.
SystemCertPoolMissing SystemCertPoolState = iota
// The system certificate pool is available.
SystemCertPoolAvailable
// The daemon was not built in a way where the system certificate pool is
// relevant, and we should not warn or generate any supportability metrics.
SystemCertPoolIgnored
)
var (
DefaultCertPool *x509.CertPool
CertPoolState SystemCertPoolState
)
func newCertPoolFromFiles(files []string) (*x509.CertPool, error) {
pool := x509.NewCertPool()
for _, f := range files {
b, err := ioutil.ReadFile(f)
if nil != err {
return nil, err
}
pool.AppendCertsFromPEM(b)
}
return pool, nil
}
func NewCertPool(cafile, capath string) (*x509.CertPool, error) {
var files []string
var err error
if "" != capath {
files, err = filepath.Glob(filepath.Join(capath, "*.pem"))
if nil != err {
return nil, err
}
}
if "" != cafile {
files = append(files, cafile)
}
pool := x509.NewCertPool()
for _, f := range files {
b, err := ioutil.ReadFile(f)
if nil != err {
return nil, err
}
pool.AppendCertsFromPEM(b)
}
return pool, nil
}