forked from upspin/upspin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
certpool.go
66 lines (60 loc) · 1.54 KB
/
certpool.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
// Copyright 2016 The Upspin Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package rpc
import (
"crypto/x509"
"io/ioutil"
"path/filepath"
"sync"
"github.com/palager/upspin/errors"
"github.com/palager/upspin/upspin"
)
var certPoolCache struct {
sync.Mutex
m map[string]*x509.CertPool // [dir]pool
}
// CertPoolFromConfig returns the TLS certificate pool for this config.
func CertPoolFromConfig(cfg upspin.Config) (*x509.CertPool, error) {
dir := cfg.Value("tlscerts")
if dir == "" {
return nil, nil
}
certPoolCache.Lock()
defer certPoolCache.Unlock()
if p := certPoolCache.m[dir]; p != nil {
return p, nil
}
p, err := certPoolFromDir(dir)
if err == nil {
if certPoolCache.m == nil {
certPoolCache.m = make(map[string]*x509.CertPool)
}
certPoolCache.m[dir] = p
}
return p, err
}
// certPoolFromDir parses any PEM files in the provided directory
// and returns the resulting pool.
func certPoolFromDir(dir string) (*x509.CertPool, error) {
var pool *x509.CertPool
fis, err := ioutil.ReadDir(dir)
if err != nil {
return nil, errors.Errorf("reading TLS Certificates in %q: %v", dir, err)
}
for _, fi := range fis {
name := fi.Name()
if filepath.Ext(name) != ".pem" {
continue
}
pem, err := ioutil.ReadFile(filepath.Join(dir, name))
if err != nil {
return nil, errors.Errorf("reading TLS Certificate %q: %v", name, err)
}
if pool == nil {
pool = x509.NewCertPool()
}
pool.AppendCertsFromPEM(pem)
}
return pool, nil
}