decoupled log instance and info

Makes things a bit more modular. As part of this process I also replaced ct/x509 with crypto/x509, which already suits our needs.
author: Rasmus Dahlberg <rasmus.dahlberg@kau.se> 2020-10-27 15:16:24 +0100
committer: Rasmus Dahlberg <rasmus.dahlberg@kau.se> 2020-10-27 15:16:24 +0100
commit: dd19521190f39a8b1704adb724f5f812040f91e4 (patch)
tree: ec39c578f5272d708276956b4bcd251d2e9ea0b0 /x509.go
parent: d90eed44990f34a87c286ee21f5579506143040d (diff)
1 files changed, 43 insertions, 0 deletions
diff --git a/x509.go b/x509.go
new file mode 100644
index 0000000..cdcd523
--- /dev/null
+++ b/x509.go
@@ -0,0 +1,43 @@
+package stfe
+
+import (
+	"fmt"
+
+	"crypto/x509"
+	"encoding/pem"
+	"io/ioutil"
+)
+
+// LoadTrustAnchors loads a list of PEM-encoded certificates from file
+func LoadTrustAnchors(path string) ([]*x509.Certificate, *x509.CertPool, error) {
+	rest, err := ioutil.ReadFile(path)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed reading trust anchors: %v", err)
+	}
+
+	pool := x509.NewCertPool()
+	var anchors []*x509.Certificate
+	for len(rest) > 0 {
+		var block *pem.Block
+		block, rest = pem.Decode(rest)
+		if block == nil {
+			break
+		}
+		if block.Type != "CERTIFICATE" {
+			return nil, nil, fmt.Errorf("unexpected PEM block type: %s", block.Type)
+		}
+
+		certificate, err := x509.ParseCertificate(block.Bytes)
+		if err != nil {
+			return nil, nil, fmt.Errorf("invalid trust anchor before rest(%s): %v", rest, err)
+		}
+
+		anchors = append(anchors, certificate)
+		pool.AddCert(certificate)
+	}
+
+	if len(anchors) == 0 {
+		return nil, nil, fmt.Errorf("found no valid trust anchor in: %s", path)
+	}
+	return anchors, pool, nil
+}
author	Rasmus Dahlberg <rasmus.dahlberg@kau.se>	2020-10-27 15:16:24 +0100
committer	Rasmus Dahlberg <rasmus.dahlberg@kau.se>	2020-10-27 15:16:24 +0100
commit	dd19521190f39a8b1704adb724f5f812040f91e4 (patch)
tree	ec39c578f5272d708276956b4bcd251d2e9ea0b0 /x509.go
parent	d90eed44990f34a87c286ee21f5579506143040d (diff)