aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRasmus Dahlberg <rasmus.dahlberg@kau.se>2020-11-03 10:45:32 +0100
committerRasmus Dahlberg <rasmus.dahlberg@kau.se>2020-11-03 10:45:32 +0100
commitf23cfc9c46bf40f10f52c6a5f1898624bd3a808e (patch)
treec7e20931877f1cbf5fba2569179d38904aebc234
parent0b00ea0ab30503ccfab58f70586e10f74cee1bcb (diff)
moved x509 chain loading to stfe package
-rw-r--r--.type.go.swpbin16384 -> 0 bytes
-rw-r--r--client/add-entry/main.go31
-rw-r--r--x509.go31
3 files changed, 33 insertions, 29 deletions
diff --git a/.type.go.swp b/.type.go.swp
deleted file mode 100644
index 9599d98..0000000
--- a/.type.go.swp
+++ /dev/null
Binary files differ
diff --git a/client/add-entry/main.go b/client/add-entry/main.go
index 56e0ec4..9047529 100644
--- a/client/add-entry/main.go
+++ b/client/add-entry/main.go
@@ -5,10 +5,8 @@ import (
"flag"
"fmt"
- "crypto/x509"
"encoding/base64"
"encoding/json"
- "encoding/pem"
"io/ioutil"
"net/http"
@@ -62,11 +60,7 @@ func params() ([]byte, []byte, error) {
}
func setup() (*client.Client, error) {
- blob, err := ioutil.ReadFile(*chain)
- if err != nil {
- return nil, fmt.Errorf("failed reading certificate chain: %v", err)
- }
- c, err := parseChain(blob)
+ c, err := stfe.LoadChain(*chain)
if err != nil {
return nil, fmt.Errorf("failed loading certificate chain: %v", err)
}
@@ -76,7 +70,7 @@ func setup() (*client.Client, error) {
return nil, fmt.Errorf("failed loading key: %v", err)
}
- blob, err = ioutil.ReadFile(*operators)
+ blob, err := ioutil.ReadFile(*operators)
if err != nil {
return nil, fmt.Errorf("failed reading log operators: %v", err)
}
@@ -96,24 +90,3 @@ func setup() (*client.Client, error) {
}
return client.NewClient(log, &http.Client{}, c, &k), nil
}
-
-func parseChain(rest []byte) ([]*x509.Certificate, error) {
- var chain []*x509.Certificate
- for len(rest) > 0 {
- var block *pem.Block
- block, rest = pem.Decode(rest)
- if block == nil {
- break
- }
- if block.Type != "CERTIFICATE" {
- return nil, fmt.Errorf("unexpected pem block type: %v", block.Type)
- }
-
- certificate, err := x509.ParseCertificate(block.Bytes)
- if err != nil {
- return nil, fmt.Errorf("failed parsing x509 certificate: %v", err)
- }
- chain = append(chain, certificate)
- }
- return chain, nil
-}
diff --git a/x509.go b/x509.go
index 491c049..e7a45e6 100644
--- a/x509.go
+++ b/x509.go
@@ -104,6 +104,37 @@ func GenV1STH(ld *LogParameters, th *TreeHeadV1) (*StItem, error) {
return NewSignedTreeHeadV1(th, ld.LogId, sig), nil
}
+// LoadChain loads a PEM-encoded certificate chain from a given path
+func LoadChain(path string) ([]*x509.Certificate, error) {
+ blob, err := ioutil.ReadFile(path)
+ if err != nil {
+ return nil, fmt.Errorf("failed reading certificate chain: %v", err)
+ }
+ return ParseChain(blob)
+}
+
+// ParseChain parses a PEM-encoded certificate chain
+func ParseChain(rest []byte) ([]*x509.Certificate, error) {
+ var chain []*x509.Certificate
+ for len(rest) > 0 {
+ var block *pem.Block
+ block, rest = pem.Decode(rest)
+ if block == nil {
+ break
+ }
+ if block.Type != "CERTIFICATE" {
+ return nil, fmt.Errorf("unexpected pem block type: %v", block.Type)
+ }
+
+ certificate, err := x509.ParseCertificate(block.Bytes)
+ if err != nil {
+ return nil, fmt.Errorf("failed parsing x509 certificate: %v", err)
+ }
+ chain = append(chain, certificate)
+ }
+ return chain, nil
+}
+
// ParseB64Chain parses a list of base64 DER-encoded X.509 certificates, such
// that the first (zero-index) string is interpretted as an end-entity
// certificate and the remaining ones as the an intermediate CertPool.